From 60c65ae22061df3d9d27fe9ad14fd803589a31ae Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Sun, 9 Dec 2007 13:40:51 +0000
Subject: [PATCH] bug #1835654 [core] wrong escaping when using double quotes

---
 ChangeLog                | 1 +
 libraries/common.lib.php | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 840810772..07cdeff32 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -25,6 +25,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
   backslashes
 - bug #1843463 [GUI] DROP PROCEDURE does not show alert
 - bug #1835904 [GUI] Back link after a SQL error forgets the query
+- bug #1835654 [core] wrong escaping when using double quotes
 
 2.11.3.0 (2007-12-08)
 - patch #1818389 to remove a notice (failed to flush buffer), thanks to
diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index 25fd417bc..935fef931 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -1254,7 +1254,7 @@ function PMA_profilingCheckbox($sql_query) {
     if (PMA_profilingSupported()) {
         echo '<form action="sql.php" method="post">' . "\n";
         echo PMA_generate_common_hidden_inputs($GLOBALS['db'], $GLOBALS['table']);
-        echo '<input type="hidden" name="sql_query" value="' . $sql_query . '" />' . "\n";
+        echo '<input type="hidden" name="sql_query" value="' . htmlspecialchars($sql_query) . '" />' . "\n";
         echo '<input type="hidden" name="profiling_form" value="1" />' . "\n";
         echo '<input type="checkbox" name="profiling" id="profiling"' . (isset($_SESSION['profiling']) ? ' checked="checked"' : '') . ' onclick="this.form.submit();" /><label for="profiling">' . $GLOBALS['strProfiling'] . '</label>' . "\n";
         echo '<noscript><input type="submit" value="' . $GLOBALS['strGo'] . '" /></noscript>' . "\n";