nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1835654 [core] wrong escaping when using double quotes

Browse Source
This commit is contained in:
Marc Delisle
2007-12-09 13:40:51 +00:00
parent 56467f3904
commit 8ba1db9adc
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -11,6 +11,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
backslashes
- bug #1843463 [GUI] DROP PROCEDURE does not show alert
- bug #1835904 [GUI] Back link after a SQL error forgets the query
- bug #1835654 [core] wrong escaping when using double quotes
2.11.3.0 (2007-12-08)
- patch #1818389 to remove a notice (failed to flush buffer), thanks to

2
libraries/common.lib.php
View File

@@ -1245,7 +1245,7 @@ function PMA_profilingCheckbox($sql_query) {
if (PMA_profilingSupported()) {
echo '<form action="sql.php" method="post">' . "\n";
echo PMA_generate_common_hidden_inputs($GLOBALS['db'], $GLOBALS['table']);
echo '<input type="hidden" name="sql_query" value="' . $sql_query . '" />' . "\n";
echo '<input type="hidden" name="sql_query" value="' . htmlspecialchars($sql_query) . '" />' . "\n";
echo '<input type="hidden" name="profiling_form" value="1" />' . "\n";
echo '<input type="checkbox" name="profiling" id="profiling"' . (isset($_SESSION['profiling']) ? ' checked="checked"' : '') . ' onclick="this.form.submit();" /><label for="profiling">' . $GLOBALS['strProfiling'] . '</label>' . "\n";
echo '<noscript><input type="submit" value="' . $GLOBALS['strGo'] . '" /></noscript>' . "\n";