From: garvinhicking <garvinhicking>
Date: Tue, 25 Mar 2008 14:04:06 +0000 (+0000)
Subject: update
X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=28b404c98eb6bb8bc120b04c0058b9bde8fffa76;p=s9y.git

update
---

diff --git a/include/db/mysql.inc.php b/include/db/mysql.inc.php
index ec0b8e6..8d4d592 100644
--- a/include/db/mysql.inc.php
+++ b/include/db/mysql.inc.php
@@ -96,13 +96,13 @@ function &serendipity_db_query($sql, $single = false, $result_type = "both", $re
     }
 
     if (!$expectError && mysql_error($serendipity['dbConn']) != '') {
-        $msg = '<pre>' . $sql . '</pre> / ' . htmlspecialchars(mysql_error($serendipity['dbConn']));
+        $msg = '<pre>' . htmlspecialchars($sql) . '</pre> / ' . htmlspecialchars(mysql_error($serendipity['dbConn']));
         return $msg;
     }
 
     if (!$c) {
         if (!$expectError && !$serendipity['production']) {
-            print '<pre>' . $sql . '</pre> / ' . htmlspecialchars(mysql_error($serendipity['dbConn']));
+            print '<pre>' . htmlspecialchars($sql) . '</pre> / ' . htmlspecialchars(mysql_error($serendipity['dbConn']));
             if (function_exists('debug_backtrace') && $reportErr == true) {
                 highlight_string(var_export(debug_backtrace(), 1));
             }
diff --git a/include/db/sqlrelay.inc.php b/include/db/sqlrelay.inc.php
index 36ad19d..c57da0e 100644
--- a/include/db/sqlrelay.inc.php
+++ b/include/db/sqlrelay.inc.php
@@ -161,13 +161,13 @@ function &serendipity_db_query($sql, $single = false, $result_type = "both", $re
     }
 
     if (!$expectError && sqlrcur_errorMessage($cur) != '') {
-        $msg = '<pre>' . $sql . '</pre> / ' . sqlrcur_errorMessage($cur);
+        $msg = '<pre>' . htmlspecialchars($sql) . '</pre> / ' . htmlspecialchars(sqlrcur_errorMessage($cur));
         return $msg;
     }
 
     if (!$c) {
         if (!$expectError && !$serendipity['production']) {
-            print '<pre>' . $sql . '</pre> / ' . sqlrcur_errorMessage($cur);
+            print '<pre>' . htmlspecialchars($sql) . '</pre> / ' . htmlspecialchars(sqlrcur_errorMessage($cur));
             if (function_exists('debug_backtrace') && $reportErr == true) {
                 highlight_string(var_export(debug_backtrace(), 1));
             }