Sanitize the error message in the error handler page

2026-05-06 06:06:19 +02:00 · 2017-07-03 17:10:22 +02:00
parent 823244a787
commit 4b723832ea
2 changed files with 2 additions and 1 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,7 @@
 1. [](#bugfix)
    * Fixed global media files disappearing after a reload [#1545](https://github.com/getgrav/grav/issues/1545)
    * Fix for broken regex redirects/routes via `site.yaml`
+    * Sanitize the error message in the error handler page

 # v1.3.0-rc.4
 ## 06/22/2017
--- a/system/src/Grav/Common/Errors/SimplePageHandler.php
+++ b/system/src/Grav/Common/Errors/SimplePageHandler.php
@@ -44,7 +44,7 @@ class SimplePageHandler extends Handler
        $vars = array(
            "stylesheet" => file_get_contents($cssFile),
            "code"        => $code,
-            "message"     => $message,
+            "message"     => filter_var(rawurldecode($message), FILTER_SANITIZE_STRING),
        );

        $helper->setVariables($vars);