From 79f7d93c52be860ae99c95dd57321ce93a71d2bf Mon Sep 17 00:00:00 2001
From: Mcat12 <newtoncat12@yahoo.com>
Date: Sat, 7 Jan 2017 14:34:30 -0500
Subject: [PATCH] Sanitize error output

---
 scripts/pi-hole/php/auth.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/scripts/pi-hole/php/auth.php b/scripts/pi-hole/php/auth.php
index 690daed3..3283bab5 100644
--- a/scripts/pi-hole/php/auth.php
+++ b/scripts/pi-hole/php/auth.php
@@ -105,7 +105,7 @@ function check_domain() {
     if(isset($_POST['domain'])){
         $validDomain = is_valid_domain_name($_POST['domain']);
         if(!$validDomain){
-            log_and_die($_POST['domain']. ' is not a valid domain');
+            log_and_die(htmlspecialchars($_POST['domain']. ' is not a valid domain'));
         }
     }
 }
@@ -126,11 +126,11 @@ function list_verify($type) {
         require("password.php");
         if(strlen($pwhash) == 0)
         {
-            log_and_die("No password set - ".$type."listing with password not supported");
+            log_and_die("No password set - ".htmlspecialchars($type)."listing with password not supported");
         }
         elseif($wrongpassword)
         {
-            log_and_die("Wrong password - ".$type."listing of ${_POST['domain']} not permitted");
+            log_and_die("Wrong password - ".htmlspecialchars($type)."listing of ${_POST['domain']} not permitted");
         }
     }
     else