nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1835654 [core] wrong escaping when using double quotes

Browse Source
This commit is contained in:
Marc Delisle
2007-12-09 13:40:51 +00:00
parent 56467f3904
commit 8ba1db9adc
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/common.lib.php
View File

@@ -1245,7 +1245,7 @@ function PMA_profilingCheckbox($sql_query) {
if (PMA_profilingSupported()) {
echo '<form action="sql.php" method="post">' . "\n";
echo PMA_generate_common_hidden_inputs($GLOBALS['db'], $GLOBALS['table']);
echo '<input type="hidden" name="sql_query" value="' . $sql_query . '" />' . "\n";
echo '<input type="hidden" name="sql_query" value="' . htmlspecialchars($sql_query) . '" />' . "\n";
echo '<input type="hidden" name="profiling_form" value="1" />' . "\n";
echo '<input type="checkbox" name="profiling" id="profiling"' . (isset($_SESSION['profiling']) ? ' checked="checked"' : '') . ' onclick="this.form.submit();" /><label for="profiling">' . $GLOBALS['strProfiling'] . '</label>' . "\n";
echo '<noscript><input type="submit" value="' . $GLOBALS['strGo'] . '" /></noscript>' . "\n";