From ca885ef899f6e5d5121d33f29e0baf09c27e1e67 Mon Sep 17 00:00:00 2001
From: Ismo Vuorinen <ismo.vuorinen@geniem.com>
Date: Mon, 20 Dec 2021 13:21:35 +0200
Subject: [PATCH] Fix snyk reported XSS vulnerabilities

---
 xkcd-mailer.php | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/xkcd-mailer.php b/xkcd-mailer.php
index 924a275..74da466 100644
--- a/xkcd-mailer.php
+++ b/xkcd-mailer.php
@@ -99,22 +99,25 @@ if ($current > $last) {
     if ($send) {
         mail($mail, $subject, $msg, $headers);
     } else {
-        echo $msg . "\n\n";
+        echo htmlspecialchars($msg, ENT_QUOTES) . "\n\n";
     }
 
     $file_write_result = file_put_contents($lastfile, $current);
 
     if (! $file_write_result) {
-        echo "Error writing to file: $lastfile\n";
+        echo htmlspecialchars("Error writing to file: $lastfile\n", ENT_QUOTES);
         exit(1);
     }
 
     if ($debug) {
-        echo "New last is $current (was $last)\n";
+        echo htmlspecialchars("New last is $current (was $last)\n", ENT_QUOTES);
     }
     exit(0);
 }
 
 if ($debug) {
-    echo sprintf("No new XKCD: last=%d current=%d\n", $last, $current);
+    echo htmlspecialchars(
+        sprintf("No new XKCD: last=%d current=%d\n", $last, $current),
+        ENT_QUOTES
+    );
 }