page: convert error messages to html strings

Exception objects need to be converted to strings for usage as placeholders,
and while at it, xml characters should be escaped for proper display.

diff --git a/page.php b/page.php
index d2532a5733eb64e9e6b83396bb4095e0606b634f..fb0c4ddcba96d7edd2b3cd28bbbd3f1ea75017fc 100644 (file)
--- a/page.php
+++ b/page.php
@@ -91,7 +91,7 @@ function fail($error)
        include_once 'page.inc.php';
        ob_start();
        require '500.inc.html';
-       print getoutput(['debug' => $error]);
+       print getoutput(['debug' => htmlspecialchars($error)]);
 }
 
 set_exception_handler('fail');