From 2516e2570bb7c607a5c0eb76851c2486679223e4 Mon Sep 17 00:00:00 2001
From: Mischa POSLAWSKY <perl@shiar.org>
Date: Sun, 1 Dec 2019 00:00:15 +0100
Subject: [PATCH] page: convert error messages to html strings

Exception objects need to be converted to strings for usage as placeholders,
and while at it, xml characters should be escaped for proper display.
---
 page.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/page.php b/page.php
index d2532a5..fb0c4dd 100644
--- a/page.php
+++ b/page.php
@@ -91,7 +91,7 @@ function fail($error)
 	include_once 'page.inc.php';
 	ob_start();
 	require '500.inc.html';
-	print getoutput(['debug' => $error]);
+	print getoutput(['debug' => htmlspecialchars($error)]);
 }
 
 set_exception_handler('fail');
-- 
2.30.0