From f5c82c6bee3d02a5781c4e7f2933dd6fdf5f3405 Mon Sep 17 00:00:00 2001
From: David Flatz
Date: Tue, 14 Jun 2016 15:23:43 +0200
Subject: make sure that $string is really a string, should fix some XSS
 problems

---
 it_html.class | 1 +
 1 file changed, 1 insertion(+)

diff --git a/it_html.class b/it_html.class
index e9e312b..9db8893 100644
--- a/it_html.class
+++ b/it_html.class
@@ -507,6 +507,7 @@ function _cleanup($string, $charset)
  */
 function Q($string)
 {
+	$string = @strval($string);
 	if (preg_match('/[<>&"\x00-\x08\x0a-\x0c\x0e-\x1f\x80-\xff]/', $string)) # WARNING: copy/pasted to _tag()
 	{
 		$charset = $GLOBALS['it_html']->p['charset'] ?: ini_get('default_charset');
-- 
cgit v1.2.3