Fix reflected XXS issue

web/templates/pages/debug_panel.php

@@ -1,3 +1,9 @@
+<?php
+if( !defined("HESTIA_DIR_BIN") ){
+	die("Direct access disabled");
+}
+?>
+
 <div x-data="{ open: false }" class="debug-panel">
 	<button
 		type="button"
@@ -10,26 +16,26 @@
 		<?php
 			echo "<h3 class=\"u-mb10\">Server Variables</h3>";
 			foreach ($_SERVER as $key => $val) {
-				echo "<b>" . $key . "= </b> " . $val . " ";
+				echo "<span class=\"u-text-bold\">" . htmlentities($key) . "= </span> " . htmlentities($val) . " ";
 			}
-  	?>
+		?>
 		<?php
 			echo "<h3 class=\"u-mb10 u-mt10\">Session Variables</h3>";
 			foreach ($_SESSION as $key => $val) {
-				echo "<b>" . $key . "= </b> " . $val . " ";
+				echo "<span class=\"u-text-bold\">" . htmlentities($key) . "= </span> " . htmlentities($val) . " ";
 			}
-  	?>
+		?>
 		<?php
 			echo "<h3 class=\"u-mb10 u-mt10\">POST Variables</h3>";
 			foreach ($_POST as $key => $val) {
-				echo "<b>" . $key . "= </b> " . $val . " ";
+				echo "<span class=\"u-text-bold\">" . htmlentities($key) . "= </span> " . htmlentities($val) . " ";
 			}
-  	?>
+		?>
 		<?php
 			echo "<h3 class=\"u-mb10 u-mt10\">GET Variables</h3>";
 			foreach ($_GET as $key => $val) {
-				echo "<b>" . $key . "= </b> " . $val . " ";
+				echo "<span class=\"u-text-bold\">" . htmlentities($key) . "= </span> " . htmlentities($val) . " ";
 			}
-  	?>
+		?>
 	</div>
 </div>