refactor: sanitize record name before output.

poweradmin · Dec 2, 2023 · ecda6cb · ecda6cb
1 parent 71a55d4
commit ecda6cb
Showing 1 changed file with 2 additions and 1 deletion.
diff --git a/lib/Application/Presenter/ErrorPresenter.php b/lib/Application/Presenter/ErrorPresenter.php
@@ -46,7 +46,8 @@ private function sanitizeMessage(string $message): string
 
     private function renderError(string $msg, ?string $name): void
     {
-        $errorContent = ($name !== null) ? "$msg (Record: $name)" : $msg;
+        $safeName = htmlspecialchars($name, ENT_QUOTES, 'UTF-8');
+        $errorContent = ($name !== null) ? "$msg (Record: $safeName)" : $msg;
 
         echo <<<HTML
         <div class="alert alert-danger">