bug #1798646 [display] Character + in query wrongly interpreted

ChangeLog

@@ -9,6 +9,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - patch #1791576 HTTP auth: support REDIRECT_REMOTE_USER, thanks to Allard
 + [lang] Serbian update, thanks to Mihailo Stefanovic  
 - bug #1798841 [relations] Copying db does not copy internal relations
+- bug #1798646 [display] Character '+' in query wrongly interpreted 
 
 2.11.1.0 (2007-09-20)
 

sql.php

@@ -109,16 +109,6 @@ if (isset($store_bkm)) {
     PMA_sendHeaderLocation($cfg['PmaAbsoluteUri'] . $goto);
 } // end if
 
-
-/**
- * Gets the true sql query
- */
-// $sql_query has been urlencoded in the confirmation form for drop/delete
-// queries or in the navigation bar for browsing among records
-if (isset($btnDrop) || isset($navig)) {
-    $sql_query = urldecode($sql_query);
-}
-
 /**
  * Parse and analyze the query
  */
@@ -184,7 +174,7 @@ if ($do_confirm) {
     echo '<form action="sql.php" method="post">' . "\n"
         .PMA_generate_common_hidden_inputs($db, $table);
     ?>
-    <input type="hidden" name="sql_query" value="<?php echo urlencode($sql_query); ?>" />
+    <input type="hidden" name="sql_query" value="<?php echo htmlspecialchars($sql_query); ?>" />
     <input type="hidden" name="zero_rows" value="<?php echo isset($zero_rows) ? PMA_sanitize($zero_rows) : ''; ?>" />
     <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
     <input type="hidden" name="back" value="<?php echo isset($back) ? PMA_sanitize($back) : ''; ?>" />