From 3b53e68c7bad6b613a9206805fbaf36d5f971d09 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Tue, 10 Jul 2001 00:58:44 +0000
Subject: [PATCH] bug 439565

---
 ChangeLog        | 2 ++
 db_readdump.php3 | 2 +-
 lib.inc.php3     | 2 +-
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index efe76bd12..5cb752ff7 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -19,6 +19,8 @@ $Source$
 	  to try to get rid of a warning (cause: too many tables?)
 	* bug 439709, tbl_properties.php3: show table maintenance options
 	  based on table type
+	* bug 439565, lib.inc.php3, db_readdump.php3, could not do:
+	  DELETE FROM inscrit WHERE pseudo='test&#039;ap'; 
 
 2001-07-08  Loïc Chapeaux  <lolo@phpheaven.net>
 	* lib.inc.php3, line 742: Documentation is now loaded in its own window.
diff --git a/db_readdump.php3 b/db_readdump.php3
index b1b94d66a..5fbddfee4 100755
--- a/db_readdump.php3
+++ b/db_readdump.php3
@@ -59,7 +59,7 @@ if($sql_query != "") {
 
 // sql.php3 will stripslash the query if get_magic_quotes_gpc
     if (get_magic_quotes_gpc() == 1) $sql_query = addslashes($sql_query);
-
+    $sql_query=htmlspecialchars($sql_query);
     include("./sql.php3");
     exit;
   }
diff --git a/lib.inc.php3 b/lib.inc.php3
index 9b29def73..46ba5ca86 100755
--- a/lib.inc.php3
+++ b/lib.inc.php3
@@ -426,7 +426,7 @@ function display_table ($dt_result, $is_simple = false) {
 				}
 				else
 				{
-					$condition = " $primary->name = '".addslashes($row[$i])."' AND";
+					$condition = " $primary->name = '".addslashes(htmlspecialchars($row[$i]))."' AND";
 				}
             if($primary->numeric == 1) {
 	      if($sql_query == "SHOW PROCESSLIST")