From df9defe353746a166df80ec95d83e4c9c9d23d9f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Thu, 9 Apr 2009 14:20:44 +0000
Subject: [PATCH] Escape zero_rows (this is not dangerous, but I think it
 should be escaped).

---
 sql.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/sql.php b/sql.php
index 2b5ce037e..dc7c213d7 100644
--- a/sql.php
+++ b/sql.php
@@ -504,7 +504,7 @@ if (0 == $num_rows || $is_affected) {
         // the form should not have priority over
         // errors like $strEmptyResultSet
     } elseif (!empty($zero_rows) && !$is_select) {
-        $message = PMA_Message::rawSuccess($zero_rows);
+        $message = PMA_Message::rawSuccess(htmlspecialchars($zero_rows));
     } elseif (!empty($GLOBALS['show_as_php'])) {
         $message = PMA_Message::success('strShowingPhp');
     } elseif (isset($GLOBALS['show_as_php'])) {