Commit 2d5cc12b authored by Nathan Malcolm's avatar Nathan Malcolm

Fixes XSS vulnerability in Profiler

parent 4d3c6812
...@@ -148,6 +148,7 @@ class Profiler { ...@@ -148,6 +148,7 @@ class Profiler {
$binding = Database::connection()->pdo->quote($binding); $binding = Database::connection()->pdo->quote($binding);
$sql = preg_replace('/\?/', $binding, $sql, 1); $sql = preg_replace('/\?/', $binding, $sql, 1);
$sql = htmlspecialchars($sql);
} }
static::$data['queries'][] = array($sql, $time); static::$data['queries'][] = array($sql, $time);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment