From 134937946849b8225648f9c191a006ec60c1f013 Mon Sep 17 00:00:00 2001
From: Andreas Gohr <gohr@cosmocode.de>
Date: Mon, 8 Feb 2010 13:33:41 +0100
Subject: [PATCH] run dbg() output through htmlspecialchars

---
 inc/infoutils.php | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/inc/infoutils.php b/inc/infoutils.php
index d5356969b..001a33f66 100644
--- a/inc/infoutils.php
+++ b/inc/infoutils.php
@@ -289,9 +289,15 @@ function msg($message,$lvl=0,$line='',$file=''){
  * @author Andreas Gohr <andi@splitbrain.org>
  */
 function dbg($msg,$hidden=false){
-    (!$hidden) ? print '<pre class="dbg">' : print "<!--\n";
-    print_r($msg);
-    (!$hidden) ? print '</pre>' : print "\n-->";
+    if($hidden){
+        echo "<!--\n";
+        print_r($msg);
+        echo "\n-->";
+    }else{
+        echo '<pre class="dbg">';
+        echo hsc(print_r($msg,true));
+        echo '</pre>';
+    }
 }
 
 /**
-- 
GitLab