Errors: sanitize output (#2820)

fixes xibosignage/xibo#3554

lib/Factory/MediaFactory.php

@@ -1,6 +1,6 @@
 <?php
 /*
- * Copyright (C) 2023 Xibo Signage Ltd
+ * Copyright (C) 2024 Xibo Signage Ltd
  *
  * Xibo - Digital Signage - https://xibosignage.com
  *
@@ -183,7 +183,7 @@ public function queueDownload($name, $uri, $expiry, $requestOptions = [])
             $media->enableStat = $requestOptions['enableStat'];
             $media->folderId = $requestOptions['folderId'];
             $media->permissionsFolderId = $requestOptions['permissionsFolderId'];
-            $media->apiRef = $requestOptions['apiRef'];
+            $media->apiRef = $requestOptions['apiRef'] ?? null;
         }
 
         $this->getLog()->debug('Queue download of: ' . $uri . ', current mediaId for this download is '

lib/Middleware/Handlers.php

@@ -1,8 +1,8 @@
 <?php
 /*
- * Copyright (C) 2023 Xibo Signage Ltd
+ * Copyright (C) 2024 Xibo Signage Ltd
  *
- * Xibo - Digital Signage - http://www.xibo.org.uk
+ * Xibo - Digital Signage - https://xibosignage.com
  *
  * This file is part of Xibo.
  *
@@ -151,7 +151,7 @@ public static function webErrorHandler($container)
             } else {
                 // Make a friendly message
                 if ($displayErrorDetails || $exception instanceof GeneralException) {
-                    $message = $exception->getMessage();
+                    $message = htmlspecialchars($exception->getMessage());
                 } else {
                     $message = __('Unexpected Error, please contact support.');
                 }