Error can possibly contain html chars and should be escaped

2012-03-02 11:16:19 +01:00
parent 50dd391262
commit 656809ac3b
1 changed files with 1 additions and 1 deletions
--- a/libraries/Error_Handler.class.php
+++ b/libraries/Error_Handler.class.php
@@ -116,7 +116,7 @@ class PMA_Error_Handler
    public function handleError($errno, $errstr, $errfile, $errline)
    {
        // create error object
-        $error = new PMA_Error($errno, $errstr, $errfile, $errline);
+        $error = new PMA_Error($errno, htmlspecialchars($errstr), $errfile, $errline);

        // do not repeat errors
        $this->_errors[$error->getHash()] = $error;