escape query in error message

phpmyadmin · May 29, 2013 · 9b3551601ce714adb5e3f428476052f0ec6093bf · 9b35516
1 parent 2189c87
commit 9b3551601ce714adb5e3f428476052f0ec6093bf
Unified Split

Showing with 2 additions and 1 deletion.

+2 −1 view_create.php
diff --git a/view_create.php b/view_create.php
@@ -114,7 +114,8 @@
             $response->addJSON(
                 'message',
                 PMA_Message::error(
-                    "<i>$sql_query</i><br /><br />" . PMA_DBI_getError()
+                    "<i>" . htmlspecialchars($sql_query) . "</i><br /><br />"
+                    . PMA_DBI_getError()
                 )
             );
             $response->isSuccess(false);