properly encode special HTML characters in debug mode

author Sarah Hoffmann <lonvia@denofr.de>

Mon, 20 Feb 2023 14:41:04 +0000 (15:41 +0100)

committer Sarah Hoffmann <lonvia@denofr.de>

Mon, 20 Feb 2023 16:53:48 +0000 (17:53 +0100)
author Sarah Hoffmann <lonvia@denofr.de>
Mon, 20 Feb 2023 14:41:04 +0000 (15:41 +0100)
committer Sarah Hoffmann <lonvia@denofr.de>
Mon, 20 Feb 2023 16:53:48 +0000 (17:53 +0100)
diff --git a/lib-php/DebugHtml.php b/lib-php/DebugHtml.php

index 0edc081ac43a66f4da025b15c29b03621b93dfec..e402654f5d03ccd688e15fa2222e836ca655fdb1 100644 (file)
--- a/lib-php/DebugHtml.php
+++ b/lib-php/DebugHtml.php
@@ -135,7 +135,7 @@ class Debug
  
      public static function printSQL($sSQL)
      {
-        echo '<p><tt><font color="#aaa">'.$sSQL.'</font></tt></p>'."\n";
+        echo '<p><tt><font color="#aaa">'.htmlspecialchars($sSQL).'</font></tt></p>'."\n";
      }
  
      private static function outputVar($mVar, $sPreNL)
@@ -178,11 +178,12 @@ class Debug
          }
  
          if (is_string($mVar)) {
-            echo "'$mVar'";
-            return strlen($mVar) + 2;
+            $sOut = "'$mVar'";
+        } else {
+            $sOut = (string)$mVar;
          }
  
-        echo (string)$mVar;
-        return strlen((string)$mVar);
+        echo htmlspecialchars($sOut);
+        return strlen($sOut);
      }
  }
author	Sarah Hoffmann <lonvia@denofr.de>
	Mon, 20 Feb 2023 14:41:04 +0000 (15:41 +0100)
committer	Sarah Hoffmann <lonvia@denofr.de>
	Mon, 20 Feb 2023 16:53:48 +0000 (17:53 +0100)