Fix XSS on delimiter in db_sql.php.

2010-08-17 16:21:37 +02:00
parent 6d548f7d44
commit 5bcd95a42c
1 changed files with 1 additions and 1 deletions
--- a/db_sql.php
+++ b/db_sql.php
@@ -37,7 +37,7 @@ if ($num_tables == 0 && empty($db_query_force)) {
 /**
 * Query box, bookmark, insert data from textfile
 */
-PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? $_REQUEST['delimiter'] : ';');
+PMA_sqlQueryForm(true, false, isset($_REQUEST['delimiter']) ? htmlspecialchars($_REQUEST['delimiter']) : ';');
 /**
 * Displays the footer