Do not use htmlspecialchars in generating SQL (bug#3287048).

2011-04-15 08:55:27 +02:00
parent b1146ee73f
commit 61a87263e7
1 changed files with 1 additions and 1 deletions
--- a/libraries/mult_submits.inc.php
+++ b/libraries/mult_submits.inc.php
@@ -339,7 +339,7 @@ elseif ($mult_btn == __('Yes')) {

            case 'empty_tbl':
                $a_query = 'TRUNCATE ';
-                $a_query .= PMA_backquote(htmlspecialchars($selected[$i]));
+                $a_query .= PMA_backquote($selected[$i]);
                $run_parts = TRUE;
                break;