From a21829b7fd94ac84ec699974e3734f09196d3123 Mon Sep 17 00:00:00 2001
From: =?utf8?q?Roland=20H=C3=A4der?= <roland@mxchange.org>
Date: Mon, 21 Apr 2008 11:53:30 +0000
Subject: [PATCH] Exception output secured against XSS

---
 inc/classes/exceptions/main/class_InvalidCommandException.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/inc/classes/exceptions/main/class_InvalidCommandException.php b/inc/classes/exceptions/main/class_InvalidCommandException.php
index af30b8c..b0bc623 100644
--- a/inc/classes/exceptions/main/class_InvalidCommandException.php
+++ b/inc/classes/exceptions/main/class_InvalidCommandException.php
@@ -34,7 +34,7 @@ class InvalidCommandException extends FrameworkException {
 		$message = sprintf("[%s:%d] Invalid command <u>%s</u> detected.",
 			$msgArray[0]->__toString(),
 			$this->getLine(),
-			$msgArray[1]
+			htmlentities(strip_tags($msgArray[1]), ENT_QUOTES)
 		);
 
 		// Call parent constructor
-- 
2.39.5