smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-06 19:34:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

- escape Smarty error messages to avoid possible script execution

Browse Source
This commit is contained in:
uwe.tews@googlemail.com
2012-09-24 20:05:15 +00:00
parent 7dc58993ad
commit b67c7082a7
2 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@@ -1,3 +1,8 @@
2012-09-24 Uwe Tews
* Fixed escape Smarty error messages to avoid possible script execution
2010-04-17 Uwe Tews 2010-04-17 Uwe Tews
* Fixed security hole in {math} plugin * Fixed security hole in {math} plugin

3
libs/Smarty.class.php
View File

@@ -1090,7 +1090,8 @@ class Smarty
*/ */
function trigger_error($error_msg, $error_type = E_USER_WARNING) function trigger_error($error_msg, $error_type = E_USER_WARNING)
{ {
trigger_error("Smarty error: $error_msg", $error_type); $msg = htmlentities($error_msg);
trigger_error("Smarty error: $msg", $error_type);
} }