Browse code

Verhindere XSS in Debug-ausgaben

Bernd Wurst authored on06/02/2018 13:25:36
Showing1 changed files
... ...
@@ -22,13 +22,13 @@ function DEBUG($str)
22 22
 {
23 23
   global $debugmode;
24 24
   if ($debugmode)
25
-    if (is_array($str) || is_object($str))
26
-    {
25
+    if (is_array($str)) {
26
+      array_walk_recursive($str, function(&$v) { $v = htmlspecialchars($v); });
27 27
       echo "<pre>".print_r($str, true)."</pre>\n";
28
-    }
29
-    else
30
-    {
31
-      echo $str . "<br />\n";
28
+    } elseif (is_object($str)) {
29
+      echo "<pre>".print_r($str, true)."</pre>\n";
30
+    } else {
31
+      echo htmlspecialchars($str) . "<br />\n";
32 32
     }
33 33
 }
34 34