diff --git a/old/lib/LedgerSMB/oldHandler.pm b/old/lib/LedgerSMB/oldHandler.pm index 1db966406..848eeb75c 100644 --- a/old/lib/LedgerSMB/oldHandler.pm +++ b/old/lib/LedgerSMB/oldHandler.pm @@ -57,6 +57,7 @@ use LedgerSMB::Sysconfig; use Cookie::Baker; use Digest::MD5; +use HTML::Escape; use Log::Log4perl; use Try::Tiny; @@ -184,14 +185,17 @@ sub handle { sub _error { my ($form, $msg, $status) = @_; $msg = "? _error" if !defined $msg; + my $html_msg = escape_html($msg); + my $html_dbversion = escape_html($form->{dbversion}); + my $html_company = escape_html($form->{company}); $status = 500 if ! defined $status; print qq|Status: $status ISE Content-Type: text/html; charset=utf-8 -

Error!

$msg

-

dbversion: $form->{dbversion}, company: $form->{company}

+

Error!

$html_msg

+

dbversion: $html_dbversion, company: $html_company

|;