Debug->debugSQL() Strips Tags

[bhsmither]

Near line 198, the $message is first given to PHP's strip_tags() function. Suggest relying only on PHP's htmlentities() function.

Same for near line 243 in the display() function.

See #657.

This was found when examining the debug section looking for a query created in dashboard.index.inc.php, near line 290, where the character sequence <= causes the remainder of the displayed query to be truncated.

[abrookbanks]

There was good reason for strip tags when this was coded. We don't want to see HTML tags in the debug output.

[bhsmither]

What we don't want is for the browser to act on what are real HTML tags. The htmlentities() takes care of that - replacing the tag <script> with the string <script> which displays as <script>, and the string A<=B or C>D with A<=B or C>D which would otherwise show as AD.

The strip_tags() is not discriminating.

[abrookbanks]

I think the issue was with PHP errors. They are ready with HTML which isn't necessary.