Skip to content

Commit 04a0183

Browse files
committed
fix: added missing conversion of HTML entities in error exception
1 parent 5d4cd24 commit 04a0183

File tree

2 files changed

+10
-4
lines changed

2 files changed

+10
-4
lines changed

Diff for: phpmyfaq/admin/backup.import.php

+8-3
Original file line numberDiff line numberDiff line change
@@ -61,7 +61,7 @@
6161
$handle = fopen($_FILES['userfile']['tmp_name'], 'r');
6262
$backupData = fgets($handle, 65536);
6363
$versionFound = Strings::substr($backupData, 0, 9);
64-
$versionExpected = '-- pmf' . substr((string) $faqConfig->getVersion(), 0, 3);
64+
$versionExpected = '-- pmf' . substr($faqConfig->getVersion(), 0, 3);
6565
$queries = [];
6666

6767
$fileName = $_FILES['userfile']['name'];
@@ -71,6 +71,7 @@
7171
if ($verification) {
7272
$ok = 1;
7373
} else {
74+
echo 'This file is not a verified backup file.<br>';
7475
$ok = 0;
7576
}
7677
} catch (SodiumException) {
@@ -86,7 +87,9 @@
8687
$versionExpected
8788
);
8889
$ok = 0;
89-
} else {
90+
}
91+
92+
if ($ok === 1) {
9093
// @todo: Start transaction for better recovery if something really bad happens
9194
$backupData = trim(Strings::substr($backupData, 11));
9295
$tables = explode(' ', $backupData);
@@ -97,7 +100,7 @@
97100
$ok = 1;
98101
}
99102

100-
if ($ok == 1) {
103+
if ($ok === 1) {
101104
$tablePrefix = '';
102105
printf("<p>%s</p>\n", Translation::get('ad_csv_prepare'));
103106
while ($backupData = fgets($handle, 65536)) {
@@ -147,6 +150,8 @@
147150
$numTables,
148151
Translation::get('ad_csv_suc')
149152
);
153+
} else {
154+
echo Alert::danger('ad_csv_no', 'Import not possible.');
150155
}
151156
} else {
152157
$errorMessage = match ($_FILES['userfile']['error']) {

Diff for: phpmyfaq/src/phpMyFAQ/Core/Error.php

+2-1
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,7 @@
1818
namespace phpMyFAQ\Core;
1919

2020
use ErrorException;
21+
use phpMyFAQ\Strings;
2122

2223
/**
2324
* Class Error
@@ -54,7 +55,7 @@ public static function exceptionHandler($exception): void
5455
http_response_code($code);
5556
echo "<h1>phpMyFAQ Fatal error</h1>";
5657
echo "<p>Uncaught exception: '" . $exception::class . "'</p>";
57-
echo "<p>Message: '" . $exception->getMessage() . "'</p>";
58+
echo "<p>Message: '" . Strings::htmlentities($exception->getMessage()) . "'</p>";
5859
echo "<p>Stack trace:<pre>" . $exception->getTraceAsString() . "</pre></p>";
5960
echo "<p>Thrown in '" . $exception->getFile() . "' on line " . $exception->getLine() . "</p>";
6061
if (ini_get('log_errors')) {

0 commit comments

Comments
 (0)