From c44bb029c015ab91808b06b8eb691240b7fc575d Mon Sep 17 00:00:00 2001
From: Inverle <inverle@proton.me>
Date: Sun, 31 Aug 2025 20:05:30 +0200
Subject: Fix log CRLF injection (#7883)

* Fix log CRLF injection

* empty -> space

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
---
 lib/Minz/Log.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'lib/Minz/Log.php')

diff --git a/lib/Minz/Log.php b/lib/Minz/Log.php
index 8bf193ffe..df3c97904 100644
--- a/lib/Minz/Log.php
+++ b/lib/Minz/Log.php
@@ -56,7 +56,7 @@ class Minz_Log {
 					$level_label = 'info';
 			}
 
-			$log = '[' . date('r') . '] [' . $level_label . '] --- ' . $information . "\n";
+			$log = '[' . date('r') . '] [' . $level_label . '] --- ' . str_replace(["\r", "\n"], ' ', $information) . "\n";
 
 			if (defined('COPY_LOG_TO_SYSLOG') && COPY_LOG_TO_SYSLOG) {
 				syslog($level, '[' . $username . '] ' . trim($log));
-- 
cgit v1.2.3