From: Dave Greenberg <dave@civicrm.org>
Date: Tue, 5 May 2015 01:05:00 +0000 (-0700)
Subject: CRM-16411 - improve xsstring detection error message.
X-Git-Url: https://vcs.fsf.org/?a=commitdiff_plain;h=4232a0a55c9d40743d6e9453f8b3ad75a33c0e53;p=civicrm-core.git

CRM-16411 - improve xsstring detection error message.

----------------------------------------
* CRM-16411: CiviMail: Clarify Illegal characters warning
  https://issues.civicrm.org/jira/browse/CRM-16411
---

diff --git a/api/v3/utils.php b/api/v3/utils.php
index 3ffc235b07..4aa999795d 100644
--- a/api/v3/utils.php
+++ b/api/v3/utils.php
@@ -2028,7 +2028,7 @@ function _civicrm_api3_validate_html(&$params, &$fieldName, $fieldInfo) {
   }
   if ($fieldValue) {
     if (!CRM_Utils_Rule::xssString($fieldValue)) {
-      throw new API_Exception('Illegal characters in input (potential scripting attack)', array("field" => $fieldName, "error_code" => "xss"));
+      throw new API_Exception('Input contains illegal SCRIPT tag.', array("field" => $fieldName, "error_code" => "xss"));
     }
   }
 }
@@ -2064,7 +2064,7 @@ function _civicrm_api3_validate_string(&$params, &$fieldName, &$fieldInfo, $enti
   if ($fieldValue) {
     foreach ((array) $fieldValue as $value) {
       if (!CRM_Utils_Rule::xssString($fieldValue)) {
-        throw new Exception('Illegal characters in input (potential scripting attack)');
+        throw new Exception('Input contains illegal SCRIPT tag.');
       }
       if ($fieldName == 'currency') {
         //When using IN operator $fieldValue is a array of currency codes