From 4951fd1c854d88e22935fd55d342fcb1670dc8e4 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Tue, 17 Aug 2010 16:21:37 +0200
Subject: [PATCH] Fix XSS on delimiter in db_sql.php.

---
 db_sql.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db_sql.php b/db_sql.php
index 6c582c3d3..32d30e406 100644
--- a/db_sql.php
+++ b/db_sql.php
@@ -36,7 +36,7 @@ if ($num_tables == 0 && empty($db_query_force)) {
 /**
  * Query box, bookmark, insert data from textfile
  */
-PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? $_REQUEST['delimiter'] : ';');
+PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? htmlspecialchars($_REQUEST['delimiter']) : ';');
 
 /**
  * Displays the footer