From 630ee644db6dde893847a64ba52fd826e9e7ca96 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 6 Mar 2013 12:56:27 +0100
Subject: [PATCH 1/2] Don't sanitize error message hint

---
 core/templates/error.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/core/templates/error.php b/core/templates/error.php
index 3305f3fba9..ac91357b35 100644
--- a/core/templates/error.php
+++ b/core/templates/error.php
@@ -2,7 +2,7 @@
 	<?php foreach($_["errors"] as $error):?>
 		<li class='error'>
 			<?php p($error['error']) ?><br/>
-			<p class='hint'><?php if(isset($error['hint']))p($error['hint']) ?></p>
+			<p class='hint'><?php if(isset($error['hint']))print_unescaped($error['hint']) ?></p>
 		</li>
 	<?php endforeach ?>
 </ul>

From cfb10dc58c37a2bd9f4fda57b765de07a13b32b8 Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Wed, 6 Mar 2013 13:05:22 +0100
Subject: [PATCH 2/2] Add warning about sanitization

---
 lib/template.php | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/template.php b/lib/template.php
index 398f9de065..434c1e9e99 100644
--- a/lib/template.php
+++ b/lib/template.php
@@ -519,12 +519,13 @@ class OC_Template{
 	/**
 		* @brief Print a fatal error page and terminates the script
 		* @param string $error The error message to show
-		* @param string $hint An option hint message
+		* @param string $hint An optional hint message 
+		* Warning: All data passed to $hint needs to get sanitized using OC_Util::sanitizeHTML
 		*/
 	public static function printErrorPage( $error_msg, $hint = '' ) {
 		$content = new OC_Template( '', 'error', 'error' );
 		$errors = array(array('error' => $error_msg, 'hint' => $hint));
-		$content->assign( 'errors', $errors, false );
+		$content->assign( 'errors', $errors );
 		$content->printPage();
 		die();
 	}