Changeset 2548 for trunk/system/views

Timestamp:

04/21/2008 01:47:53 PM (7 months ago)

Author:

Geert

Message:

Security update to prevent XSS.
See: http://forum.kohanaphp.com/comments.php?DiscussionID=352

Location:

trunk/system/views

Files:

• kohana_error_disabled.php (modified) (1 diff)
• kohana_error_page.php (modified) (1 diff)

trunk/system/views/kohana_error_disabled.php

@@ -10 +10 @@
 </style>
 <div id="framework_error" style="width:24em;margin:50px auto;">
-<h3><?php echo $error ?></h3>
-<p style="text-align:center"><?php echo $message ?></p>
+<h3><?php echo html::specialchars($error) ?></h3>
+<p style="text-align:center"><?php echo html::specialchars($message) ?></p>
 </div>
 </body>

trunk/system/views/kohana_error_page.php

@@ -11 +11 @@
 </style>
 <div id="framework_error" style="width:42em;margin:20px auto;">
-<h3><?php echo $error ?></h3>
-<p><?php echo $description ?></p>
+<h3><?php echo html::specialchars($error) ?></h3>
+<p><?php echo html::specialchars($description) ?></p>
 <?php if ( ! empty($line) AND ! empty($file)): ?>
 <p><?php echo Kohana::lang('core.error_file_line', $file, $line) ?></p>
 <?php endif ?>
-<p><code class="block"><?php echo $message ?></code></p>
+<p><code class="block"><?php echo html::specialchars($message) ?></code></p>
 <?php if ( ! empty($trace)): ?>
 <h3><?php echo Kohana::lang('core.stack_trace') ?></h3>