From 4535ff175672ad7fbda90442cfccd0f36b7c13a6 Mon Sep 17 00:00:00 2001
From: Stefan Esser <sesser@php.net>
Date: Sat, 8 Mar 2003 15:20:12 +0000
Subject: [PATCH] fix possible XSS in error messages

---
 main/main.c | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/main/main.c b/main/main.c
index c1d56f5289..357e908e86 100644
--- a/main/main.c
+++ b/main/main.c
@@ -439,6 +439,14 @@ PHPAPI void php_verror(const char *docref, const char *params, int type, const c
 	
 	buffer_len = vspprintf(&buffer, 0, format, args);
 	if (buffer) {
+		if (PG(html_errors)) {
+			int len;
+			char *replace = php_escape_html_entities(buffer, buffer_len, &len, 0, ENT_COMPAT, NULL TSRMLS_CC);
+			efree(buffer);
+			buffer = replace;
+			buffer_len = len;
+		}
+
 		if (docref && docref[0] == '#') {
 			docref_target = strchr(docref, '#');
 			docref = NULL;
@@ -571,6 +579,14 @@ static void php_error_cb(int type, const char *error_filename, const uint error_
 	TSRMLS_FETCH();
 
 	buffer_len = vspprintf(&buffer, PG(log_errors_max_len), format, args);
+	if (PG(html_errors)) {
+		int len;
+		char *replace = php_escape_html_entities(buffer, buffer_len, &len, 0, ENT_COMPAT, NULL TSRMLS_CC);
+		efree(buffer);
+		buffer = replace;
+		buffer_len = len;
+	}
+
 	if (PG(ignore_repeated_errors)) {
 		if (strncmp(last_error.buf, buffer, sizeof(last_error.buf))
 			|| (!PG(ignore_repeated_source)
-- 
2.50.1