Escape zero_rows (this is not dangerous, but I think it should be escaped).

2009-04-09 14:20:44 +00:00
parent f7b2b08ab4
commit df9defe353
1 changed files with 1 additions and 1 deletions
--- a/sql.php
+++ b/sql.php
@@ -504,7 +504,7 @@ if (0 == $num_rows || $is_affected) {
        // the form should not have priority over
        // errors like $strEmptyResultSet
    } elseif (!empty($zero_rows) && !$is_select) {
-        $message = PMA_Message::rawSuccess($zero_rows);
+        $message = PMA_Message::rawSuccess(htmlspecialchars($zero_rows));
    } elseif (!empty($GLOBALS['show_as_php'])) {
        $message = PMA_Message::success('strShowingPhp');
    } elseif (isset($GLOBALS['show_as_php'])) {