Better solution to escape the output data. - openrat-cms - Unnamed repository; edit this file 'description' to name the repository.

commit d16d97d852e4c63f1d0849a366acaad49ff9a9fb
parent 23b3883c1a4df88ab6588bac7eb9c92061162f66
Author: dankert <openrat@jandankert.de>
Date:   Fri, 11 Mar 2022 19:33:58 +0100

Better solution to escape the output data.

Diffstat:
M modules/cms/output/UIOutput.class.php  | 4 +++-

1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/modules/cms/output/UIOutput.class.php b/modules/cms/output/UIOutput.class.php
@@ -113,7 +113,9 @@ class UIOutput extends BaseOutput
 		if   ( DEVELOPMENT ) {
 			header('X-OR-Template: '.$templateFile               );
 
-			echo "<!--  \n".htmlentities(var_export($outputData,true))."\n-->";
+			$outputDataClone = $outputData;
+			array_walk_recursive($outputDataClone, function(&$v) { $v = htmlspecialchars($v); });
+			echo "<!--  \n".var_export($outputDataClone,true)."\n-->";
 		}
 
         $engine = new TemplateRunner();

	openrat-cms Unnamed repository; edit this file 'description' to name the repository.
	Log \| Files \| Refs \| README