diff options
author | William Desportes <williamdes@wdes.fr> | 2022-08-15 13:52:25 +0300 |
---|---|---|
committer | William Desportes <williamdes@wdes.fr> | 2022-08-15 14:20:09 +0300 |
commit | d0093468d00c1aa8e6c4f524e1060100a5f5a4cb (patch) | |
tree | 5e81af8807ee18514da91dc20fecb2a867f74ecd /libraries | |
parent | 2365ec78e2eff6af28e8118706554427e6610076 (diff) |
Fix escaping of SQL query and errors for debug console
Signed-off-by: William Desportes <williamdes@wdes.fr>
Diffstat (limited to 'libraries')
-rw-r--r-- | libraries/classes/Query/Utilities.php | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/libraries/classes/Query/Utilities.php b/libraries/classes/Query/Utilities.php index 5b9beae877..6766ecebe8 100644 --- a/libraries/classes/Query/Utilities.php +++ b/libraries/classes/Query/Utilities.php @@ -13,6 +13,7 @@ use function array_slice; use function debug_backtrace; use function explode; use function htmlspecialchars; +use function htmlspecialchars_decode; use function intval; use function md5; use function sprintf; @@ -181,11 +182,11 @@ class Utilities $dbgInfo = []; if ($result === false && $errorMessage !== null) { - $dbgInfo['error'] = '<span class="text-danger">' - . htmlspecialchars($errorMessage) . '</span>'; + // because Utilities::formatError is applied in DbiMysqli + $dbgInfo['error'] = htmlspecialchars_decode($errorMessage); } - $dbgInfo['query'] = htmlspecialchars($query); + $dbgInfo['query'] = $query; $dbgInfo['time'] = $time; // Get and slightly format backtrace, this is used // in the javascript console. |