MDL-66161 output: Escaping fatal error message and URL strings

author Michael Hawkins <michaelh@moodle.com>

Tue, 29 Oct 2019 08:29:46 +0000 (16:29 +0800)

committer Jenkins <jenkins@worker07.test.in.moodle.com>

Tue, 5 Nov 2019 12:44:37 +0000 (13:44 +0100)
author Michael Hawkins <michaelh@moodle.com>
Tue, 29 Oct 2019 08:29:46 +0000 (16:29 +0800)
committer Jenkins <jenkins@worker07.test.in.moodle.com>
Tue, 5 Nov 2019 12:44:37 +0000 (13:44 +0100)
diff --git a/lib/outputrenderers.php b/lib/outputrenderers.php

index df50b1a..037ec67 100644 (file)
--- a/lib/outputrenderers.php
+++ b/lib/outputrenderers.php
@@ -2807,8 +2807,8 @@ EOD;
              $output .= $this->header();
          }
  
-        $message = '<p class="errormessage">' . $message . '</p>'.
-                '<p class="errorcode"><a href="' . $moreinfourl . '">' .
+        $message = '<p class="errormessage">' . s($message) . '</p>'.
+                '<p class="errorcode"><a href="' . s($moreinfourl) . '">' .
                  get_string('moreinformation') . '</a></p>';
          if (empty($CFG->rolesactive)) {
              $message .= '<p class="errormessage">' . get_string('installproblem', 'error') . '</p>';
author	Michael Hawkins <michaelh@moodle.com>
	Tue, 29 Oct 2019 08:29:46 +0000 (16:29 +0800)
committer	Jenkins <jenkins@worker07.test.in.moodle.com>
	Tue, 5 Nov 2019 12:44:37 +0000 (13:44 +0100)