From e98c525dd3c4da292bc296fe61a644b55949416e Mon Sep 17 00:00:00 2001
From: Tiago Brito <tiago.brito@beubi.com>
Date: Wed, 20 Nov 2013 11:34:14 +0000
Subject: [PATCH] convert $title and $th special characters to HTML

---
 src/Monolog/Formatter/HtmlEmailFormatter.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Monolog/Formatter/HtmlEmailFormatter.php b/src/Monolog/Formatter/HtmlEmailFormatter.php
index 662eeef8..056bf13b 100644
--- a/src/Monolog/Formatter/HtmlEmailFormatter.php
+++ b/src/Monolog/Formatter/HtmlEmailFormatter.php
@@ -50,6 +50,7 @@ class HtmlEmailFormatter extends NormalizerFormatter
      */
     private function addRow($th, $td = ' ')
     {
+        $th = htmlspecialchars($th);
         $td = '<pre>'.htmlspecialchars($td).'</pre>';
 
         return "<tr style=\"padding: 4px;spacing: 0;text-align: left;\">\n<th style=\"background: #cccccc\" width=\"100px\">$th:</th>\n<td style=\"padding: 4px;spacing: 0;text-align: left;background: #eeeeee\">".$td."</td>\n</tr>";
@@ -64,6 +65,8 @@ class HtmlEmailFormatter extends NormalizerFormatter
      */
     private function addTitle($title, $level)
     {
+        $title = htmlspecialchars($title);
+     
         return '<h1 style="background: '.$this->logLevels[$level].';color: #ffffff;padding: 5px;">'.$title.'</h1>';
     }
     /**