diff --git a/webservices/export-v2.php b/webservices/export-v2.php
index 64c850bfb..97fce9861 100644
--- a/webservices/export-v2.php
+++ b/webservices/export-v2.php
@@ -506,17 +506,17 @@ function CheckParameters($sExpression, $sQueryId, $sFormat)
catch(MissingQueryArgument $e)
{
$oSearch = null;
- ReportErrorAndUsage("Invalid OQL query: '$sExpression'.\n".$e->getMessage());
+ ReportErrorAndUsage("Invalid OQL query: '".utils::HtmlEntities($sExpression)."'.\n".utils::HtmlEntities($e->getMessage()));
}
catch(OQLException $e)
{
$oSearch = null;
- ReportErrorAndExit("Invalid OQL query: '$sExpression'.\n".$e->getMessage());
+ ReportErrorAndExit("Invalid OQL query: '".utils::HtmlEntities($sExpression)."'.\n".utils::HtmlEntities($e->getMessage()));
}
catch(Exception $e)
{
$oSearch = null;
- ReportErrorAndExit($e->getMessage());
+ ReportErrorAndExit(utils::HtmlEntities($e->getMessage()));
}
$oExporter->SetFormat($sFormat);
@@ -573,7 +573,7 @@ if (utils::IsModeCLI())
}
catch(Exception $e)
{
- echo "Error: ".$e->GetMessage()."
\n";
+ echo "Error: ".utils::HtmlEntities($e->getMessage())."
\n";
exit(-2);
}
@@ -680,15 +680,15 @@ if (utils::IsModeCLI())
}
catch(MissingQueryArgument $e)
{
- ReportErrorAndUsage("Invalid OQL query: '$sExpression'.\n".$e->getMessage());
+ ReportErrorAndUsage("Invalid OQL query: '$sExpression'.\n".utils::HtmlEntities($e->getMessage()));
}
catch(OQLException $e)
{
- ReportErrorAndExit("Invalid OQL query: '$sExpression'.\n".$e->getMessage());
+ ReportErrorAndExit("Invalid OQL query: '$sExpression'.\n".utils::HtmlEntities($e->getMessage()));
}
catch(Exception $e)
{
- ReportErrorAndExit($e->getMessage());
+ ReportErrorAndExit(utils::HtmlEntities($e->getMessage()));
}
exit;
@@ -753,14 +753,14 @@ try
catch (BulkExportMissingParameterException $e)
{
$oP = new ajax_page('iTop Export');
- $oP->add($e->getMessage());
+ $oP->add(utils::HtmlEntities($e->getMessage()));
Usage($oP);
$oP->output();
}
catch (Exception $e) {
$oP = new WebPage('iTop Export');
$oP->add_xframe_options();
- $oP->add('Error: '.$e->getMessage());
- IssueLog::Error($e->getMessage()."\n".$e->getTraceAsString());
+ $oP->add('Error: '.utils::HtmlEntities($e->getMessage()));
+ IssueLog::Error(utils::HtmlEntities($e->getMessage())."\n".$e->getTraceAsString());
$oP->output();
}
\ No newline at end of file