From 6057f47313819fa346dce7b72cf3922ba7931f1a Mon Sep 17 00:00:00 2001
From: Phy <i@phy25.com>
Date: Tue, 1 Aug 2017 13:07:29 +0800
Subject: [PATCH] Add htmlspecialchars when showing $DATE_AT

Fixes #2061
---
 doku.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/doku.php b/doku.php
index 42624fd2e..cbb495914 100644
--- a/doku.php
+++ b/doku.php
@@ -62,7 +62,7 @@ if($DATE_AT) {
     } else { // check for UNIX Timestamp
         $date_parse = @date('Ymd',$DATE_AT);
         if(!$date_parse || $date_parse === '19700101') {
-            msg(sprintf($lang['unable_to_parse_date'], $DATE_AT));
+            msg(sprintf($lang['unable_to_parse_date'], htmlspecialchars($DATE_AT)));
             $DATE_AT = null;
         }
     }
-- 
GitLab