SF Bug #2969826 - XSS found in cmd.php

2010-03-14 23:48:40 +11:00
parent 7b4d11f1f5
commit 0f782569e9
4 changed files with 4 additions and 4 deletions
--- a/lib/ds.php
+++ b/lib/ds.php
@@ -616,7 +616,7 @@ class Datastore {
 			$index = min($this->GetServerList())->getIndex();

 		if (! isset($this->objects[$index]))
-			debug_dump_backtrace("Error: Datastore instance [$index] doesnt exist?",1);
+			debug_dump_backtrace(sprintf('Error: Datastore instance [%s] doesnt exist?',htmlspecialchars($index)),1);

 		if (defined('DEBUG_ENABLED') && DEBUG_ENABLED)
 			debug_log('Returning instance of database (%s)',3,0,__FILE__,__LINE__,__METHOD__,$index);