Fix XSS problem using LSdebug/LSerror/LSinfos

public_html/includes/class/class.LSerror.php

@@ -132,7 +132,7 @@ class LSerror {
   * @retvat string Le texte des erreurs
   */
   private static function getError($error) {
-    return "(Code ".$error[0].") ".getFData(self :: $_errorCodes[$error[0]]['msg'],$error[1]);
+    return "(Code ".htmlentities($error[0]).") ".htmlentities(getFData(self :: $_errorCodes[$error[0]]['msg'],$error[1]));
   }
   
  /**

public_html/includes/class/class.LSsession.php

@@ -1424,12 +1424,7 @@ class LSsession {
 
     // Infos
     if((!empty($_SESSION['LSsession_infos']))&&(is_array($_SESSION['LSsession_infos']))) {
-      $txt_infos="<ul>\n";
-      foreach($_SESSION['LSsession_infos'] as $info) {
-        $txt_infos.="<li>$info</li>\n";
-      }
-      $txt_infos.="</ul>\n";
-      LStemplate :: assign('LSinfos',$txt_infos);
+      LStemplate :: assign('LSinfos',$_SESSION['LSsession_infos']);
       $_SESSION['LSsession_infos']=array();
     }
     

public_html/includes/functions.php

@@ -257,10 +257,10 @@ function LSdebug_print($return=false,$ul=true) {
     if ($ul) $txt='<ul>'; else $txt="";
     foreach($GLOBALS['LSdebug_fields'] as $debug) {
       if (is_array($debug)||is_object($debug)) {
-        $txt.='<li><pre>'.print_r($debug,true).'</pre></li>';
+        $txt.='<li><pre>'.htmlentities(print_r($debug,true)).'</pre></li>';
       }
       else {
-        $txt.='<li><pre>'.$debug.'</pre></li>';
+        $txt.='<li><pre>'.htmlentities(strval($debug)).'</pre></li>';
       }
     }
     if ($ul) $txt.='</ul>';

public_html/templates/default/LSdefault.tpl

@@ -1,6 +1,12 @@
 <div id='LSjsConfig'>{$LSjsConfig}</div>
 
-<div id='LSinfos_txt'>{$LSinfos}</div>
+<div id='LSinfos_txt'>{if is_array($LSinfos) && !empty($LSinfos)}
+<ul>
+{foreach $LSinfos as $info}
+<li>{$info|escape:"htmlall"}</li>
+{/foreach}
+</ul>
+{/if}</div>
 
 <div id='LSerror_txt'>{$LSerrors}</div>