Escape for HTML the displayed debug variables.

1 files changed, 11 insertions, 11 deletions

diff --git a/app/views/admin_general/debug.rhtml b/app/views/admin_general/debug.rhtml
index 3b87fb8e2..ec58051d0 100644
--- a/app/views/admin_general/debug.rhtml
+++ b/app/views/admin_general/debug.rhtml
@@ -6,42 +6,42 @@
 
 <h2>Version numbers</h2>
 
-<p>Rails::VERSION::STRING <%=Rails::VERSION::STRING%>
+<p>Rails::VERSION::STRING <%=h Rails::VERSION::STRING%>
 <br>
-TMail::VERSION::STRING <%=TMail::VERSION::STRING%>
+TMail::VERSION::STRING <%=h TMail::VERSION::STRING%>
 <br>
-Xapian::version_string <%=Xapian::version_string%>
+Xapian::version_string <%=h Xapian::version_string%>
 <br>
-Spec::VERSION::STRING <%=Spec::VERSION::STRING%>
+Spec::VERSION::STRING <%=h Spec::VERSION::STRING%>
 <br>
-Spec::Rails::VERSION::STRING <%=Spec::Rails::VERSION::STRING%>
+Spec::Rails::VERSION::STRING <%=h Spec::Rails::VERSION::STRING%>
 </p>
 
 <h2>Configuration</h2>
 
-<p>environment: <%= Rails::configuration.environment %>
-<br>environment_path: <%= Rails::configuration.environment_path %>
-<br>framework_paths: <%= Rails::configuration.framework_paths.to_yaml %>
+<p>environment: <%=h Rails::configuration.environment %>
+<br>environment_path: <%=h Rails::configuration.environment_path %>
+<br>framework_paths: <%=h Rails::configuration.framework_paths.to_yaml %>
 </p>
 
 <h2>Environment variables</h2>
 <table>
 <% for k,v in @request_env %>
-    <tr><td><%=k%></td><td><%=v%></td></tr>
+    <tr><td><%=h k%></td><td><%=h v%></td></tr>
 <% end %>
 </table>
 
 <h2>Parameters</h2>
 <table>
 <% for k,v in params %>
-    <tr><td><%=k%></td><td><%=v%></td></tr>
+    <tr><td><%=h k%></td><td><%=h v%></td></tr>
 <% end %>
 </table>
 
 <h2>Session</h2>
 <table>
 <% for k,v in session %>
-    <tr><td><%=k%></td><td><%=v%></td></tr>
+    <tr><td><%=h k%></td><td><%=h v%></td></tr>
 <% end %>
 </table>