Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/phpmyadmin/phpmyadmin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/libraries
diff options
context:
space:
mode:
authorWilliam Desportes <williamdes@wdes.fr>2022-08-15 13:52:25 +0300
committerWilliam Desportes <williamdes@wdes.fr>2022-08-15 14:20:09 +0300
commitd0093468d00c1aa8e6c4f524e1060100a5f5a4cb (patch)
tree5e81af8807ee18514da91dc20fecb2a867f74ecd /libraries
parent2365ec78e2eff6af28e8118706554427e6610076 (diff)
Fix escaping of SQL query and errors for debug console
Signed-off-by: William Desportes <williamdes@wdes.fr>
Diffstat (limited to 'libraries')
-rw-r--r--libraries/classes/Query/Utilities.php7
1 files changed, 4 insertions, 3 deletions
diff --git a/libraries/classes/Query/Utilities.php b/libraries/classes/Query/Utilities.php
index 5b9beae877..6766ecebe8 100644
--- a/libraries/classes/Query/Utilities.php
+++ b/libraries/classes/Query/Utilities.php
@@ -13,6 +13,7 @@ use function array_slice;
use function debug_backtrace;
use function explode;
use function htmlspecialchars;
+use function htmlspecialchars_decode;
use function intval;
use function md5;
use function sprintf;
@@ -181,11 +182,11 @@ class Utilities
$dbgInfo = [];
if ($result === false && $errorMessage !== null) {
- $dbgInfo['error'] = '<span class="text-danger">'
- . htmlspecialchars($errorMessage) . '</span>';
+ // because Utilities::formatError is applied in DbiMysqli
+ $dbgInfo['error'] = htmlspecialchars_decode($errorMessage);
}
- $dbgInfo['query'] = htmlspecialchars($query);
+ $dbgInfo['query'] = $query;
$dbgInfo['time'] = $time;
// Get and slightly format backtrace, this is used
// in the javascript console.
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-26 22:32:53 +0300