fix possible XSS in error messages

diff --git a/main/main.c b/main/main.c
index c1d56f5289268028711a40ba923d535425822e8d..357e908e86dd753e55edd6918d7183f892557101 100644 (file)
--- a/main/main.c
+++ b/main/main.c
@@ -439,6 +439,14 @@ PHPAPI void php_verror(const char *docref, const char *params, int type, const c
        
        buffer_len = vspprintf(&buffer, 0, format, args);
        if (buffer) {
+               if (PG(html_errors)) {
+                       int len;
+                       char *replace = php_escape_html_entities(buffer, buffer_len, &len, 0, ENT_COMPAT, NULL TSRMLS_CC);
+                       efree(buffer);
+                       buffer = replace;
+                       buffer_len = len;
+               }
+
                if (docref && docref[0] == '#') {
                        docref_target = strchr(docref, '#');
                        docref = NULL;
@@ -571,6 +579,14 @@ static void php_error_cb(int type, const char *error_filename, const uint error_
        TSRMLS_FETCH();
 
        buffer_len = vspprintf(&buffer, PG(log_errors_max_len), format, args);
+       if (PG(html_errors)) {
+               int len;
+               char *replace = php_escape_html_entities(buffer, buffer_len, &len, 0, ENT_COMPAT, NULL TSRMLS_CC);
+               efree(buffer);
+               buffer = replace;
+               buffer_len = len;
+       }
+
        if (PG(ignore_repeated_errors)) {
                if (strncmp(last_error.buf, buffer, sizeof(last_error.buf))
                        || (!PG(ignore_repeated_source)