X-Git-Url: https://git.openstreetmap.org/nominatim.git/blobdiff_plain/c3788d765ed4e7ddf00794085af757714bc102cf..35e7e525014ab555ece930b2ba9df44aa87116e6:/lib-php/DebugHtml.php

diff --git a/lib-php/DebugHtml.php b/lib-php/DebugHtml.php
index 0edc081a..8a4d40e2 100644
--- a/lib-php/DebugHtml.php
+++ b/lib-php/DebugHtml.php
@@ -135,7 +135,7 @@ class Debug
 
     public static function printSQL($sSQL)
     {
-        echo '<p><tt><font color="#aaa">'.$sSQL.'</font></tt></p>'."\n";
+        echo '<p><tt><font color="#aaa">'.htmlspecialchars($sSQL, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401).'</font></tt></p>'."\n";
     }
 
     private static function outputVar($mVar, $sPreNL)
@@ -178,11 +178,12 @@ class Debug
         }
 
         if (is_string($mVar)) {
-            echo "'$mVar'";
-            return strlen($mVar) + 2;
+            $sOut = "'$mVar'";
+        } else {
+            $sOut = (string)$mVar;
         }
 
-        echo (string)$mVar;
-        return strlen((string)$mVar);
+        echo htmlspecialchars($sOut, ENT_QUOTES | ENT_SUBSTITUTE | ENT_HTML401);
+        return strlen($sOut);
     }
 }