properly encode special HTML characters in debug mode

[nominatim.git] / lib-php / DebugHtml.php

diff --git a/lib-php/DebugHtml.php b/lib-php/DebugHtml.php
index 5d12be678e4ac5ca95f981a63d067944ef6510a0..2207d52915cfcefcb66184d8f6197d72d019af70 100644 (file)
--- a/lib-php/DebugHtml.php
+++ b/lib-php/DebugHtml.php
@@ -135,7 +135,7 @@ class Debug
 
     public static function printSQL($sSQL)
     {
-        echo '<p><tt><b>'.date('c').'</b> <font color="#aaa">'.$sSQL.'</font></tt></p>'."\n";
+        echo '<p><tt><b>'.date('c').'</b> <font color="#aaa">'.htmlspecialchars($sSQL).'</font></tt></p>'."\n";
     }
 
     private static function outputVar($mVar, $sPreNL)
@@ -178,11 +178,12 @@ class Debug
         }
 
         if (is_string($mVar)) {
-            echo "'$mVar'";
-            return strlen($mVar) + 2;
+            $sOut = "'$mVar'";
+        } else {
+            $sOut = (string)$mVar;
         }
 
-        echo (string)$mVar;
-        return strlen((string)$mVar);
+        echo htmlspecialchars($sOut);
+        return strlen($sOut);
     }
 }