commit 511e3d72b875401b5cc61a28df45fb65acfd689a
author Derek Jones <derek.jones@ellislab.com> Thu May 13 09:03:30 2010 -0500
committer Derek Jones <derek.jones@ellislab.com> Thu May 13 09:03:30 2010 -0500
tree 199d3ef5faa6ca967a9cb68979f6e1772c9f9bb6
parent 2735b3eeb3403ba813aac56ed6f10be536839ff6

added htmlspecialchars to config item output, fixes #41

system/libraries/Profiler.php

diff --git a/system/libraries/Profiler.php b/system/libraries/Profiler.php
index 49a6774..0900a30 100644
--- a/system/libraries/Profiler.php
+++ b/system/libraries/Profiler.php
@@ -303,7 +303,7 @@
 				$output .= "<tr><td width='50%' style='color:#000;background-color:#ddd;'>&#36;_POST[".$key."]&nbsp;&nbsp; </td><td width='50%' style='color:#009900;font-weight:normal;background-color:#ddd;'>";
 				if (is_array($val))
 				{
-					$output .= "<pre>" . htmlspecialchars(stripslashes(print_r($val, true))) . "</pre>";
+					$output .= "<pre>" . htmlspecialchars(stripslashes(print_r($val, TRUE))) . "</pre>";
 				}
 				else
 				{
@@ -464,7 +464,7 @@
 				$val = print_r($val, TRUE);
 			}
 			
-			$output .= "<tr><td valign='top' style='color:#900;background-color:#ddd;'>".$config."&nbsp;&nbsp;</td><td style='color:#000;background-color:#ddd;'>".$val."</td></tr>\n";
+			$output .= "<tr><td valign='top' style='color:#900;background-color:#ddd;'>".$config."&nbsp;&nbsp;</td><td style='color:#000;background-color:#ddd;'>".htmlspecialchars($val)."</td></tr>\n";
 		}
 
 		$output .= "</table>\n";