From 87bb1acadbf3e78c2401c8f86dff47267e528e2b Mon Sep 17 00:00:00 2001
From: Sean Harvey <sean@silverstripe.com>
Date: Tue, 25 Aug 2009 03:11:22 +0000
Subject: [PATCH] BUGFIX #3713 Escape HTTP request URL properly in
 DebugView::writeError() using htmlentities()

git-svn-id: svn://svn.silverstripe.com/silverstripe/open/modules/sapphire/trunk@85136 467b73ca-7a2a-4603-9d3b-597d59a354a9
---
 dev/DebugView.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/dev/DebugView.php b/dev/DebugView.php
index e096342c7..dc3331b4e 100644
--- a/dev/DebugView.php
+++ b/dev/DebugView.php
@@ -122,9 +122,10 @@ class DebugView {
 	 */
 	public function writeError($httpRequest, $errno, $errstr, $errfile, $errline, $errcontext) {
 		$errorType = self::$error_types[$errno];
+		$httpRequestEnt = htmlentities($httpRequest);
 		echo '<div class="info ' . $errorType['class'] . '">';
 		echo "<h1>[" . $errorType['title'] . '] ' . strip_tags($errstr) . "</h1>";
-		echo "<h3>$httpRequest</h3>";
+		echo "<h3>$httpRequestEnt</h3>";
 		echo "<p>Line <strong>$errline</strong> in <strong>$errfile</strong></p>";
 		echo '</div>';
 	}