Permalink
Browse files

Escape SQL query for inline editing

Signed-off-by: Michal Čihař <michal@cihar.com>
  • Loading branch information...
nijel committed Feb 25, 2016
1 parent 3a6a9a8 commit 7877a9c0084bf8ae15cbd8d2729b126271f682cc
Showing with 1 addition and 1 deletion.
  1. +1 −1 js/functions.js
View
@@ -1840,7 +1840,7 @@ AJAX.registerOnload('functions.js', function () {
var $inner_sql = $(this).parent().prev().find('code.sql');
var old_text = $inner_sql.html();
var new_content = "<textarea name=\"sql_query_edit\" id=\"sql_query_edit\">" + sql_query + "</textarea>\n";
var new_content = "<textarea name=\"sql_query_edit\" id=\"sql_query_edit\">" + escapeHtml(sql_query) + "</textarea>\n";
new_content += getForeignKeyCheckboxLoader();
new_content += "<input type=\"submit\" id=\"sql_query_edit_save\" class=\"button btnSave\" value=\"" + PMA_messages.strGo + "\"/>\n";
new_content += "<input type=\"button\" id=\"sql_query_edit_discard\" class=\"button btnDiscard\" value=\"" + PMA_messages.strCancel + "\"/>\n";

0 comments on commit 7877a9c

Please sign in to comment.