From fe1790793e717527ec8a7c5a5172b434d8cc41e9 Mon Sep 17 00:00:00 2001
From: acognet <anne-catherine.cognet@combodo.com>
Date: Mon, 30 May 2022 15:06:16 +0200
Subject: [PATCH] =?UTF-8?q?N=C2=B04898=20-=20security=20hardening?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 core/dbobject.class.php | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/core/dbobject.class.php b/core/dbobject.class.php
index a06816115..7167ae7da 100644
--- a/core/dbobject.class.php
+++ b/core/dbobject.class.php
@@ -1880,7 +1880,7 @@ abstract class DBObject implements iDisplay
 				$oTargetObj = MetaModel::GetObject($sTargetClass, $toCheck, false /*must be found*/, true /*allow all data*/);
 				if (is_null($oTargetObj))
 				{
-					return "Target object not found ($sTargetClass::$toCheck)";
+					return "Target object not found (".utils::HtmlEntities($sTargetClass).".::".utils::HtmlEntities($toCheck).")";
 				}
 			}
 			if ($oAtt->IsHierarchicalKey())
@@ -1889,7 +1889,7 @@ abstract class DBObject implements iDisplay
 				$aValues = $oAtt->GetAllowedValues(array('this' => $this));
 				if (!array_key_exists($toCheck, $aValues))
 				{
-					return "Value not allowed [$toCheck]";
+					return "Value not allowed [". utils::HtmlEntities($toCheck)."]";
 				}
 			}
 		}
@@ -1903,7 +1903,7 @@ abstract class DBObject implements iDisplay
 					$oTag->SetValues(explode(' ', $toCheck));
 				} catch (Exception $e)
 				{
-					return "Tag value '$toCheck' is not a valid tag list";
+					return "Tag value [". utils::HtmlEntities($toCheck)."] is not a valid tag list";
 				}
 
 				return true;
@@ -1931,7 +1931,7 @@ abstract class DBObject implements iDisplay
 					$oTag->SetValues($aValues);
 				} catch (Exception $e)
 				{
-					return "Set value '$toCheck' is not a valid set";
+					return "Set value[". utils::HtmlEntities($toCheck)."] is not a valid set";
 				}
 
 				return true;
@@ -1951,7 +1951,7 @@ abstract class DBObject implements iDisplay
 			{
 				if (!array_key_exists($toCheck, $aValues))
 				{
-					return "Value not allowed [$toCheck]";
+					return "Value not allowed [". utils::HtmlEntities($toCheck)."]";
 				}
 			}
 			if (!is_null($iMaxSize = $oAtt->GetMaxSize()))
@@ -1964,7 +1964,7 @@ abstract class DBObject implements iDisplay
 			}
 			if (!$oAtt->CheckFormat($toCheck))
 			{
-				return "Wrong format [$toCheck]";
+				return "Wrong format [". utils::HtmlEntities($toCheck)."]";
 			}
 		}
 		else