From 2fc139ef6e15f052513e931e224013ecb98a2f23 Mon Sep 17 00:00:00 2001
From: Remco Tolsma <869674+remcotolsma@users.noreply.github.com>
Date: Wed, 11 Oct 2023 11:33:59 +0200
Subject: [PATCH] No longer use HTML <br> element in exception message and
 escape values.

---
 src/OrderStandard/Client.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/OrderStandard/Client.php b/src/OrderStandard/Client.php
index 56f42ea..a55ee74 100644
--- a/src/OrderStandard/Client.php
+++ b/src/OrderStandard/Client.php
@@ -313,9 +313,9 @@ public function get_order_status( $order_id ) {
 
 			throw new \Exception(
 				\sprintf(
-					'%s<br>%s',
-					sprintf( 'Could not get order status for order ID %s.', $order_id ),
-					(string) $ogone_error
+					'Could not get order status for order ID %s, error: %s.',
+					\esc_html( $order_id ),
+					\esc_html( (string) $ogone_error )
 				)
 			);
 		}