From bda801054d7f478dbb3a57090a225e9408a3118c Mon Sep 17 00:00:00 2001
From: Shish <shish@shishnet.org>
Date: Wed, 4 Sep 2024 23:55:53 +0100
Subject: [PATCH] don't assume exception messages are html

---
 core/polyfills.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/core/polyfills.php b/core/polyfills.php
index 075cc690..6d651522 100644
--- a/core/polyfills.php
+++ b/core/polyfills.php
@@ -648,7 +648,7 @@ function validate_input(array $inputs): array
             $outputs[$key] = $value;
         } elseif (in_array('user_class', $flags)) {
             if (!array_key_exists($value, UserClass::$known_classes)) {
-                throw new InvalidInput("Invalid user class: ".html_escape($value));
+                throw new InvalidInput("Invalid user class: $value");
             }
             $outputs[$key] = $value;
         } elseif (in_array('email', $flags)) {
@@ -658,7 +658,7 @@ function validate_input(array $inputs): array
         } elseif (in_array('int', $flags)) {
             $value = trim($value);
             if (empty($value) || !is_numeric($value)) {
-                throw new InvalidInput("Invalid int: ".html_escape($value));
+                throw new InvalidInput("Invalid int: $value");
             }
             $outputs[$key] = (int)$value;
         } elseif (in_array('bool', $flags)) {