properly encode special HTML characters in debug mode

author Sarah Hoffmann <lonvia@denofr.de>

Mon, 20 Feb 2023 14:41:04 +0000 (15:41 +0100)

committer Sarah Hoffmann <lonvia@denofr.de>

Mon, 20 Feb 2023 16:33:08 +0000 (17:33 +0100)
author Sarah Hoffmann <lonvia@denofr.de>
Mon, 20 Feb 2023 14:41:04 +0000 (15:41 +0100)
committer Sarah Hoffmann <lonvia@denofr.de>
Mon, 20 Feb 2023 16:33:08 +0000 (17:33 +0100)
diff --git a/lib-php/DebugHtml.php b/lib-php/DebugHtml.php

index 19221b435b2f14cdaca2459eabe8ea483f804f8e..ea3d514fd320e4972e37ed8c9fea41781aa4f57a 100644 (file)
--- a/lib-php/DebugHtml.php
+++ b/lib-php/DebugHtml.php
@@ -127,7 +127,7 @@ class Debug
  
      public static function printSQL($sSQL)
      {
-        echo '<p><tt><font color="#aaa">'.$sSQL.'</font></tt></p>'."\n";
+        echo '<p><tt><font color="#aaa">'.htmlspecialchars($sSQL).'</font></tt></p>'."\n";
      }
  
      private static function outputVar($mVar, $sPreNL)
@@ -170,11 +170,12 @@ class Debug
          }
  
          if (is_string($mVar)) {
-            echo "'$mVar'";
-            return strlen($mVar) + 2;
+            $sOut = "'$mVar'";
+        } else {
+            $sOut = (string)$mVar;
          }
  
-        echo (string)$mVar;
-        return strlen((string)$mVar);
+        echo htmlspecialchars($sOut);
+        return strlen($sOut);
      }
  }
author	Sarah Hoffmann <lonvia@denofr.de>
	Mon, 20 Feb 2023 14:41:04 +0000 (15:41 +0100)
committer	Sarah Hoffmann <lonvia@denofr.de>
	Mon, 20 Feb 2023 16:33:08 +0000 (17:33 +0100)