From f273e6cbf6e2eea7367f7ef9c63c97ea55b92ca0 Mon Sep 17 00:00:00 2001
From: Herman van Rink <rink@initfour.nl>
Date: Fri, 20 Aug 2010 10:42:03 +0200
Subject: [PATCH] Fix XSS on error with very long query.

---
 libraries/common.lib.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/libraries/common.lib.php b/libraries/common.lib.php
index c62d51885..124a1dfa8 100644
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -575,7 +575,7 @@ function PMA_mysqlDie($error_message = '', $the_query = '',
         $formatted_sql = '';
     } else {
         if (strlen($the_query) > $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) {
-            $formatted_sql = substr($the_query, 0, $GLOBALS['cfg']['MaxCharactersInDisplayedSQL']) . '[...]';
+            $formatted_sql = htmlspecialchars(substr($the_query, 0, $GLOBALS['cfg']['MaxCharactersInDisplayedSQL'])) . '[...]';
         } else {
             $formatted_sql = PMA_formatSql(PMA_SQP_parse($the_query), $the_query);
         }