From 50136c2e2f4957600ca5a04e61be8185ecc72884 Mon Sep 17 00:00:00 2001 From: Coleman Watts Date: Tue, 12 May 2020 10:14:32 -0400 Subject: [PATCH] security/core#81 Escape html in CRM_Core_LegacyErrorHandler messages --- CRM/Core/LegacyErrorHandler.php | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/CRM/Core/LegacyErrorHandler.php b/CRM/Core/LegacyErrorHandler.php index f82b3ce6d3..de515ecee1 100644 --- a/CRM/Core/LegacyErrorHandler.php +++ b/CRM/Core/LegacyErrorHandler.php @@ -16,9 +16,9 @@ class CRM_Core_LegacyErrorHandler { $message = $e->getMessage(); $session = CRM_Core_Session::singleton(); $session->setStatus( - $message, - CRM_Utils_Array::value('message_title', $params), - CRM_Utils_Array::value('message_type', $params, 'error') + htmlspecialchars($message), + htmlspecialchars($params['message_title'] ?? ts('Error')), + $params['message_type'] ?? 'error' ); } } -- 2.25.1