ZaneYork
/
zoneminder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Use htmlentities on the error message when dying because the string will be sent to the browser and if it includes scripts they will be run.

This commit is contained in:
Isaac Connor 2016-12-08 15:52:21 -05:00
parent 75b8c35059
commit 42fdd1fbe9
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
web/includes/logger.php
View File

@ -528,7 +528,7 @@ function Error( $string )
function Fatal( $string )
{
Logger::fetch()->logPrint( Logger::FATAL, $string );
die( $string );
die( htmlentities($string) );
}
function Panic( $string )