From 11778aaa2d9e30a9ae1c1ee97ff349344f0ad6e1 Mon Sep 17 00:00:00 2001
From: nicolaasuni <info@tecnick.com>
Date: Mon, 23 Dec 2024 12:12:07 +0000
Subject: [PATCH] Escape error message

---
 CHANGELOG.TXT | 2 +-
 tcpdf.php     | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.TXT b/CHANGELOG.TXT
index f24efeda..a881f3fc 100644
--- a/CHANGELOG.TXT
+++ b/CHANGELOG.TXT
@@ -1,5 +1,5 @@
 6.8.0 (2024-12-23)
-	- 
+	- Escape error message.
 
 6.7.8 (2024-12-13)
 	- Improve SVG detection by checking for (mandatory) namespace.
diff --git a/tcpdf.php b/tcpdf.php
index ca214a20..7a0c2c76 100644
--- a/tcpdf.php
+++ b/tcpdf.php
@@ -3007,6 +3007,7 @@ public function setAllowLocalFiles($allowLocalFiles) {
 	public function Error($msg) {
 		// unset all class variables
 		$this->_destroy(true);
+		$msg = htmlspecialchars($msg, ENT_QUOTES, 'UTF-8');
 		if (defined('K_TCPDF_THROW_EXCEPTION_ERROR') AND !K_TCPDF_THROW_EXCEPTION_ERROR) {
 			die('<strong>TCPDF ERROR: </strong>'.$msg);
 		} else {