SECURITY: Escape internal error message

[lhc/web/wiklou.git] / includes / exception / MWExceptionRenderer.php

diff --git a/includes/exception/MWExceptionRenderer.php b/includes/exception/MWExceptionRenderer.php
index bb5e4f4..dbb984d 100644 (file)
--- a/includes/exception/MWExceptionRenderer.php
+++ b/includes/exception/MWExceptionRenderer.php
@@ -169,14 +169,15 @@ class MWExceptionRenderer {
                } else {
                        $logId = WebRequest::getRequestId();
                        $html = "<div class=\"errorbox mw-content-ltr\">" .
-                               '[' . $logId . '] ' .
-                               gmdate( 'Y-m-d H:i:s' ) . ": " .
-                               self::msg( "internalerror-fatal-exception",
-                                       "Fatal exception of type $1",
-                                       get_class( $e ),
-                                       $logId,
-                                       MWExceptionHandler::getURL()
-                               ) . "</div>\n" .
+                               htmlspecialchars(
+                                       '[' . $logId . '] ' .
+                                       gmdate( 'Y-m-d H:i:s' ) . ": " .
+                                       self::msg( "internalerror-fatal-exception",
+                                               "Fatal exception of type $1",
+                                               get_class( $e ),
+                                               $logId,
+                                               MWExceptionHandler::getURL()
+                               ) ) . "</div>\n" .
                                "<!-- " . wordwrap( self::getShowBacktraceError( $e ), 50 ) . " -->";
                }