Escapados valores en mensajes de error.

Carlos Garcia · Carlos Garcia · commit 9066e1032602 · 2026-01-14T17:52:03.000+01:00
diff --git a/Core/Base/Controller.php b/Core/Base/Controller.php
@@ -358,15 +358,15 @@ private function auth(): bool
         $user = new DinUser();
         if (false === $user->load($cookieNick)) {
             // Si el usuario no se encuentra, registrar advertencia y fallar autenticación
-            Tools::log()->warning('login-user-not-found', ['%nick%' => $cookieNick]);
+            Tools::log()->warning('login-user-not-found', ['%nick%' => htmlspecialchars($cookieNick)]);
             return false;
         }
 
         // Verificar si el usuario está activado
         $cookiesExpire = time() + Tools::config('cookies_expire');
         if (false === $user->enabled) {
             // Si el usuario está desactivado, registrar advertencia, eliminar cookie y fallar autenticación
-            Tools::log()->warning('login-user-disabled', ['%nick%' => $cookieNick]);
+            Tools::log()->warning('login-user-disabled', ['%nick%' => htmlspecialchars($cookieNick)]);
             setcookie('fsNick', '', $cookiesExpire, Tools::config('route', '/'));
             return false;
         }
diff --git a/Core/Controller/Login.php b/Core/Controller/Login.php
@@ -176,7 +176,7 @@ protected function changePasswordAction(Request $request): void
         }
 
         if ($password !== $password2) {
-            Tools::log()->warning('different-passwords', ['%userNick%' => $username]);
+            Tools::log()->warning('different-passwords', ['%userNick%' => htmlspecialchars($username)]);
             return;
         }
 
@@ -193,7 +193,7 @@ protected function changePasswordAction(Request $request): void
         }
 
         if (false === $user->setPassword($password)) {
-            Tools::log()->warning('weak-password', ['%userNick%' => $username]);
+            Tools::log()->warning('weak-password', ['%userNick%' => htmlspecialchars($username)]);
             return;
         }
 
diff --git a/Core/Controller/SendMail.php b/Core/Controller/SendMail.php
@@ -314,7 +314,7 @@ protected function send(): bool
 
         $emailFrom = $this->request->input('email-from', '');
         if (false === Validator::email($emailFrom)) {
-            Tools::log()->error('invalid-email-from', ['%email%' => $emailFrom]);
+            Tools::log()->error('invalid-email-from', ['%email%' => htmlspecialchars($emailFrom)]);
             return false;
         }
 
@@ -331,7 +331,7 @@ protected function send(): bool
             }
 
             if (false === Validator::email($email)) {
-                Tools::log()->error('invalid-email-to', ['%email%' => $email]);
+                Tools::log()->error('invalid-email-to', ['%email%' => htmlspecialchars($email)]);
                 return false;
             }
 
@@ -349,7 +349,7 @@ protected function send(): bool
             }
 
             if (false === Validator::email($email)) {
-                Tools::log()->error('invalid-email-cc', ['%email%' => $email]);
+                Tools::log()->error('invalid-email-cc', ['%email%' => htmlspecialchars($email)]);
                 return false;
             }
 
@@ -367,7 +367,7 @@ protected function send(): bool
             }
 
             if (false === Validator::email($email)) {
-                Tools::log()->error('invalid-email-bcc', ['%email%' => $email]);
+                Tools::log()->error('invalid-email-bcc', ['%email%' => htmlspecialchars($email)]);
                 return false;
             }
 
diff --git a/Core/Template/Controller.php b/Core/Template/Controller.php
@@ -171,15 +171,15 @@ protected function auth(): bool
         $user = new User();
         if (false === $user->load($cookieNick)) {
             // Si el usuario no se encuentra, registrar advertencia y fallar autenticación
-            Tools::log()->warning('login-user-not-found', ['%nick%' => $cookieNick]);
+            Tools::log()->warning('login-user-not-found', ['%nick%' => htmlspecialchars($cookieNick)]);
             return false;
         }
 
         // Verificar si el usuario está activado
         $cookiesExpire = time() + Tools::config('cookies_expire');
         if (false === $user->enabled) {
             // Si el usuario está desactivado, registrar advertencia, eliminar cookie y fallar autenticación
-            Tools::log()->warning('login-user-disabled', ['%nick%' => $cookieNick]);
+            Tools::log()->warning('login-user-disabled', ['%nick%' => htmlspecialchars($cookieNick)]);
             $this->response()->cookie('fsNick', '', $cookiesExpire);
             return false;
         }

Original file line number	Diff line number	Diff line change
`@@ -176,7 +176,7 @@ protected function changePasswordAction(Request $request): void`
`176`	`176`	`}`
`177`	`177`
`178`	`178`	`if ($password !== $password2) {`
`179`		`- Tools::log()->warning('different-passwords', ['%userNick%' => $username]);`
	`179`	`+ Tools::log()->warning('different-passwords', ['%userNick%' => htmlspecialchars($username)]);`
`180`	`180`	`return;`
`181`	`181`	`}`
`182`	`182`
`@@ -193,7 +193,7 @@ protected function changePasswordAction(Request $request): void`
`193`	`193`	`}`
`194`	`194`
`195`	`195`	`if (false === $user->setPassword($password)) {`
`196`		`- Tools::log()->warning('weak-password', ['%userNick%' => $username]);`
	`196`	`+ Tools::log()->warning('weak-password', ['%userNick%' => htmlspecialchars($username)]);`
`197`	`197`	`return;`
`198`	`198`	`}`
`199`	`199`
Original file line number	Diff line number	Diff line change
`@@ -314,7 +314,7 @@ protected function send(): bool`
`314`	`314`
`315`	`315`	`$emailFrom = $this->request->input('email-from', '');`
`316`	`316`	`if (false === Validator::email($emailFrom)) {`
`317`		`- Tools::log()->error('invalid-email-from', ['%email%' => $emailFrom]);`
	`317`	`+ Tools::log()->error('invalid-email-from', ['%email%' => htmlspecialchars($emailFrom)]);`
`318`	`318`	`return false;`
`319`	`319`	`}`
`320`	`320`
`@@ -331,7 +331,7 @@ protected function send(): bool`
`331`	`331`	`}`
`332`	`332`
`333`	`333`	`if (false === Validator::email($email)) {`
`334`		`- Tools::log()->error('invalid-email-to', ['%email%' => $email]);`
	`334`	`+ Tools::log()->error('invalid-email-to', ['%email%' => htmlspecialchars($email)]);`
`335`	`335`	`return false;`
`336`	`336`	`}`
`337`	`337`
`@@ -349,7 +349,7 @@ protected function send(): bool`
`349`	`349`	`}`
`350`	`350`
`351`	`351`	`if (false === Validator::email($email)) {`
`352`		`- Tools::log()->error('invalid-email-cc', ['%email%' => $email]);`
	`352`	`+ Tools::log()->error('invalid-email-cc', ['%email%' => htmlspecialchars($email)]);`
`353`	`353`	`return false;`
`354`	`354`	`}`
`355`	`355`
`@@ -367,7 +367,7 @@ protected function send(): bool`
`367`	`367`	`}`
`368`	`368`
`369`	`369`	`if (false === Validator::email($email)) {`
`370`		`- Tools::log()->error('invalid-email-bcc', ['%email%' => $email]);`
	`370`	`+ Tools::log()->error('invalid-email-bcc', ['%email%' => htmlspecialchars($email)]);`
`371`	`371`	`return false;`
`372`	`372`	`}`
`373`	`373`