Merge pull request #14358 from samuelsov/billingblockts

[civicrm-core.git] / templates / CRM / common / fatal.tpl

diff --git a/templates/CRM/common/fatal.tpl b/templates/CRM/common/fatal.tpl
index 4b59d5573001e87b38c083ce850ccc0ff1fc0646..321402ac84bfd21ac3a2f6c98bc224e59b7fc03a 100644 (file)
--- a/templates/CRM/common/fatal.tpl
+++ b/templates/CRM/common/fatal.tpl
@@ -2,7 +2,7 @@
  +--------------------------------------------------------------------+
  | CiviCRM version 5                                                  |
  +--------------------------------------------------------------------+
- | Copyright CiviCRM LLC (c) 2004-2018                                |
+ | Copyright CiviCRM LLC (c) 2004-2019                                |
  +--------------------------------------------------------------------+
  | This file is a part of CiviCRM.                                    |
  |                                                                    |
@@ -29,7 +29,7 @@
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 
 <head>
-  <title>{$pageTitle}</title>
+  <title>{$pageTitle|escape}</title>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
   <base href="{$config->resourceBase}" />
   <style type="text/css" media="screen">
@@ -50,10 +50,10 @@
 {/if}
 <div class="messages status no-popup">  <i class="crm-i fa-exclamation-triangle crm-i-red"></i>
  <span class="status-fatal">{ts}Sorry, due to an error, we are unable to fulfill your request at the moment. You may want to contact your administrator or service provider with more details about what action you were performing when this occurred.{/ts}</span>
-    <div class="crm-section crm-error-message">{$message}</div>
+    <div class="crm-section crm-error-message">{$message|escape}</div>
     {if $error.message && $message != $error.message}
         <hr style="solid 1px" />
-        <div class="crm-section crm-error-message">{$error.message}</div>
+        <div class="crm-section crm-error-message">{$error.message|escape}</div>
     {/if}
     {if ($code OR $mysql_code OR $errorDetails) AND $config->debug}
         <div class="crm-accordion-wrapper collapsed crm-fatal-error-details-block">
@@ -62,13 +62,13 @@
          </div><!-- /.crm-accordion-header -->
          <div class="crm-accordion-body">
             {if $code}
-                <div class="crm-section">{ts}Error Code:{/ts} {$code}</div>
+                <div class="crm-section">{ts}Error Code:{/ts} {$code|purify}</div>
             {/if}
             {if $mysql_code}
-                <div class="crm-section">{ts}Database Error Code:{/ts} {$mysql_code}</div>
+                <div class="crm-section">{ts}Database Error Code:{/ts} {$mysql_code|purify}</div>
             {/if}
             {if $errorDetails}
-                <div class="crm-section">{ts}Additional Details:{/ts} {$errorDetails}</div>
+                <div class="crm-section">{ts}Additional Details:{/ts} {$errorDetails|purify}</div>
             {/if}
          </div><!-- /.crm-accordion-body -->
         </div><!-- /.crm-accordion-wrapper -->