From 09a9c1ba31ced78cccb07c04286fdde3ce04694f Mon Sep 17 00:00:00 2001
From: klausi <klausi@262198.no-reply.drupal.org>
Date: Tue, 16 Jun 2015 19:35:46 -0700
Subject: [PATCH] Issue #2502419 by klausi: Log messages XSS attack vector

---
 plugins/FeedsProcessor.inc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/plugins/FeedsProcessor.inc b/plugins/FeedsProcessor.inc
index 0ab04a04..ab0df881 100644
--- a/plugins/FeedsProcessor.inc
+++ b/plugins/FeedsProcessor.inc
@@ -1082,9 +1082,9 @@ abstract class FeedsProcessor extends FeedsPlugin {
     include_once DRUPAL_ROOT . '/includes/utility.inc';
     $message = $e->getMessage();
     $message .= '<h3>Original item</h3>';
-    $message .= '<pre>' . drupal_var_export($item). '</pre>';
+    $message .= '<pre>' . check_plain(drupal_var_export($item)) . '</pre>';
     $message .= '<h3>Entity</h3>';
-    $message .= '<pre>' . drupal_var_export($entity) . '</pre>';
+    $message .= '<pre>' . check_plain(drupal_var_export($entity)) . '</pre>';
     return $message;
   }
 
-- 
GitLab