escape error messages

ylafon · tripu · commit e06edde7bc8f · 2018-06-01T18:08:41.000+02:00
diff --git a/src/class.Message.php b/src/class.Message.php
@@ -39,7 +39,7 @@ class Message
 	private function __construct($type, $message, $title='') {
 		$this->type = $type;
 		$this->title = $title;
-		$this->message = $message;
+		$this->message = htmlspecialchars($message, ENT_QUOTES | ENT_HTML5);
 	}
 	
 	static function addMessage($type, $message, $title='') {
@@ -49,4 +49,4 @@ static function addMessage($type, $message, $title='') {
 	static function clearMessages() {
 		Message::$messages = array();
 	}
-}
+}

Original file line number	Diff line number	Diff line change
`@@ -39,7 +39,7 @@ class Message`
`39`	`39`	`private function __construct($type, $message, $title='') {`
`40`	`40`	`$this->type = $type;`
`41`	`41`	`$this->title = $title;`
`42`		`- $this->message = $message;`
	`42`	`+ $this->message = htmlspecialchars($message, ENT_QUOTES \| ENT_HTML5);`
`43`	`43`	`}`
`44`	`44`
`45`	`45`	`static function addMessage($type, $message, $title='') {`
`@@ -49,4 +49,4 @@ static function addMessage($type, $message, $title='') {`
`49`	`49`	`static function clearMessages() {`
`50`	`50`	`Message::$messages = array();`
`51`	`51`	`}`
`52`		`-}`
	`52`	`+}`