smarty-php/smarty
1
0
Fork 0
mirror of https://github.com/smarty-php/smarty.git synced 2025-08-06 03:14:27 +02:00
Code Issues Packages Projects Releases Wiki Activity

- escape Smarty error messages to avoid possible script execution

Browse Source
This commit is contained in:
uwe.tews@googlemail.com
2012-09-24 20:05:15 +00:00
parent 7dc58993ad
commit b67c7082a7
2 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@@ -1,3 +1,8 @@
2012-09-24 Uwe Tews
* Fixed escape Smarty error messages to avoid possible script execution
2010-04-17 Uwe Tews
* Fixed security hole in {math} plugin

3
libs/Smarty.class.php
View File

@@ -1090,7 +1090,8 @@ class Smarty
*/
function trigger_error($error_msg, $error_type = E_USER_WARNING)
{
trigger_error("Smarty error: $error_msg", $error_type);
$msg = htmlentities($error_msg);
trigger_error("Smarty error: $msg", $error_type);
}