Issues

ZF-11130: Default Zend_Tool generated ErrorController view script should escape request variables when in development mode

Description


<?php echo var_export($this->request->getParams(), true) ?>

should be replaced with


<?php echo htmlspecialchars(var_export($this->request->getParams(), true), ENT_QUOTES, "UTF-8") ?>

Comments

Fixed in trunk at r23786 and in release branch 1.11 in r23787