Skip to content

Commit 7877a9c

Browse files
committed
Escape SQL query for inline editing
Signed-off-by: Michal Čihař <michal@cihar.com>
1 parent 3a6a9a8 commit 7877a9c

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

Diff for: js/functions.js

+1-1
Original file line numberDiff line numberDiff line change
@@ -1840,7 +1840,7 @@ AJAX.registerOnload('functions.js', function () {
18401840
var $inner_sql = $(this).parent().prev().find('code.sql');
18411841
var old_text = $inner_sql.html();
18421842

1843-
var new_content = "<textarea name=\"sql_query_edit\" id=\"sql_query_edit\">" + sql_query + "</textarea>\n";
1843+
var new_content = "<textarea name=\"sql_query_edit\" id=\"sql_query_edit\">" + escapeHtml(sql_query) + "</textarea>\n";
18441844
new_content += getForeignKeyCheckboxLoader();
18451845
new_content += "<input type=\"submit\" id=\"sql_query_edit_save\" class=\"button btnSave\" value=\"" + PMA_messages.strGo + "\"/>\n";
18461846
new_content += "<input type=\"button\" id=\"sql_query_edit_discard\" class=\"button btnDiscard\" value=\"" + PMA_messages.strCancel + "\"/>\n";

0 commit comments

Comments
 (0)