Fix #314 - make sure where_clause is not modified

Signed-off-by: William Desportes <williamdes@wdes.fr>

2 files changed, 4 insertions, 0 deletions

diff --git a/libraries/classes/Display/Results.php b/libraries/classes/Display/Results.php
index 80120f20c8..6809c227c9 100644
--- a/libraries/classes/Display/Results.php
+++ b/libraries/classes/Display/Results.php
@@ -3001,6 +3001,7 @@ class Results
             $_url_params = array(
                 'db'            => $this->__get('db'),
                 'table'         => $meta->orgtable,
+                'where_clause_sign' => Core::signSqlQuery($whereClauseMap[$row_no][$meta->orgtable]),
                 'where_clause'  => $whereClauseMap[$row_no][$meta->orgtable],
                 'transform_key' => $meta->orgname
             );
diff --git a/libraries/classes/InsertEdit.php b/libraries/classes/InsertEdit.php
index 10a91ae3a9..ad692f0509 100644
--- a/libraries/classes/InsertEdit.php
+++ b/libraries/classes/InsertEdit.php
@@ -18,6 +18,7 @@ use PhpMyAdmin\Template;
 use PhpMyAdmin\Transformations;
 use PhpMyAdmin\Url;
 use PhpMyAdmin\Util;
+use PhpMyAdmin\Core;
 
 /**
  * PhpMyAdmin\InsertEdit class
@@ -2480,6 +2481,7 @@ class InsertEdit
             $_url_params = array(
                 'db'            => $db,
                 'table'         => $table,
+                'where_clause_sign' => Core::signSqlQuery($_POST['where_clause']),
                 'where_clause'  => $_POST['where_clause'],
                 'transform_key' => $column_name
             );
@@ -3275,6 +3277,7 @@ class InsertEdit
                         'db'            => $db,
                         'table'         => $table,
                         'transform_key' => $column['Field'],
+                        'where_clause_sign' => Core::signSqlQuery($where_clause),
                         'where_clause'  => $where_clause
                     );
                     $transformation_options['wrapper_link']