@@ -2322,7 +2322,7 @@ static int msre_op_detectSQLi_execute(modsec_rec *msr, msre_rule *rule, msre_var
23222322 case LIBINJECTION_RESULT_ERROR :
23232323 set_match_to_tx (msr , capture , var -> value , 0 );
23242324 * error_msg = apr_psprintf (msr -> mp , "libinjection parser error: '%s'" ,
2325- var -> value );
2325+ log_escape_ex ( msr -> mp , var -> value , var -> value_len ) );
23262326 if (msr -> txcfg -> debuglog_level >= 9 ) {
23272327 msr_log (msr , 9 , "ISSQL: libinjection's input '%s' caused a parser error" ,
23282328 log_escape_ex (msr -> mp , var -> value , var -> value_len ));
@@ -2376,7 +2376,7 @@ static int msre_op_detectXSS_execute(modsec_rec *msr, msre_rule *rule, msre_var
23762376 break ;
23772377 case LIBINJECTION_RESULT_ERROR :
23782378 * error_msg = apr_psprintf (msr -> mp , "libinjection parser error: '%s'" ,
2379- var -> value );
2379+ log_escape_ex ( msr -> mp , var -> value , var -> value_len ) );
23802380 if (msr -> txcfg -> debuglog_level >= 9 ) {
23812381 msr_log (msr , 9 , "IS_XSS: libinjection's input '%s' caused a parser error" ,
23822382 log_escape_ex (msr -> mp , var -> value , var -> value_len ));
0 commit comments