From c4bb6fdb947a3288313c6616c16e83939e14d119 Mon Sep 17 00:00:00 2001
From: Cerdic <cedric@yterium.com>
Date: Fri, 1 Feb 2008 22:29:00 +0000
Subject: [PATCH] "echapper les < et les > dans le profileur de requetes"

---
 ecrire/public/debug.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ecrire/public/debug.php b/ecrire/public/debug.php
index e3077c57c5..f8b8c4a6d3 100644
--- a/ecrire/public/debug.php
+++ b/ecrire/public/debug.php
@@ -770,7 +770,7 @@ function trace_query_chrono($m1, $m2, $query, $result, $serveur='')
 	$tt += $dt;
 	$nb++;
 
-	$q = preg_replace('/([a-z)`])\s+([A-Z])/', '$1<br />$2',$query);
+	$q = preg_replace('/([a-z)`])\s+([A-Z])/', '$1<br />$2',htmlentities($query));
 	$e =  sql_explain($query, $serveur);
 	$r = str_replace('Resource id ','',(is_object($result)?get_class($result):$result));
 	$tableau_des_temps[] = array($dt, $nb, $boucle, $q, $e, $r);
-- 
GitLab