Browse code

better guard debugging output against XSS (e.g. via array keys)

Hanno Böck authored on20/01/2021 13:18:32
Showing1 changed files
... ...
@@ -22,15 +22,10 @@ function DEBUG($str)
22 22
 {
23 23
     global $debugmode;
24 24
     if ($debugmode) {
25
-        if (is_array($str)) {
26
-            array_walk_recursive($str, function (&$v) {
27
-                $v = htmlspecialchars($v);
28
-            });
29
-            echo "<pre>".print_r($str, true)."</pre>\n";
30
-        } elseif (is_object($str)) {
31
-            echo "<pre>".print_r($str, true)."</pre>\n";
32
-        } else {
25
+        if (is_string($str)) {
33 26
             echo htmlspecialchars($str) . "<br />\n";
27
+        } else {
28
+            echo "<pre>".htmlspecialchars(print_r($str, true))."</pre>\n";
34 29
         }
35 30
     }
36 31
 }