Exception output secured against XSS

author Roland Häder <roland@mxchange.org>

Mon, 21 Apr 2008 11:53:30 +0000 (11:53 +0000)

committer Roland Häder <roland@mxchange.org>

Mon, 21 Apr 2008 11:53:30 +0000 (11:53 +0000)
author Roland Häder <roland@mxchange.org>
Mon, 21 Apr 2008 11:53:30 +0000 (11:53 +0000)
committer Roland Häder <roland@mxchange.org>
Mon, 21 Apr 2008 11:53:30 +0000 (11:53 +0000)
diff --git a/inc/classes/exceptions/main/class_InvalidCommandException.php b/inc/classes/exceptions/main/class_InvalidCommandException.php

index af30b8ccaf6bc70b8cdae2822b6f2ec8d4f5e7ca..b0bc623caa334b1ab5100dbc19a7cf3425b44fae 100644 (file)
--- a/inc/classes/exceptions/main/class_InvalidCommandException.php
+++ b/inc/classes/exceptions/main/class_InvalidCommandException.php
@@ -34,7 +34,7 @@ class InvalidCommandException extends FrameworkException {
                 $message = sprintf("[%s:%d] Invalid command <u>%s</u> detected.",
                         $msgArray[0]->__toString(),
                         $this->getLine(),
-                       $msgArray[1]
+                       htmlentities(strip_tags($msgArray[1]), ENT_QUOTES)
                 );
  
                 // Call parent constructor
author	Roland Häder <roland@mxchange.org>
	Mon, 21 Apr 2008 11:53:30 +0000 (11:53 +0000)
committer	Roland Häder <roland@mxchange.org>
	Mon, 21 Apr 2008 11:53:30 +0000 (11:53 +0000)