diff options
| author | Lukas Reschke <lukas@statuscode.ch> | 2012-09-22 10:51:03 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@statuscode.ch> | 2012-09-22 10:51:03 +0200 |
| commit | 80aa44565b3933443e6b192970b6f321c15c1a69 (patch) | |
| tree | 5d570a69ebeb65618c7606dcda917b94faee04a8 /lib/db.php | |
| parent | 08132587d13f936ff888fa1b31a58b529ded14b2 (diff) | |
| download | nextcloud-server-80aa44565b3933443e6b192970b6f321c15c1a69.tar.gz nextcloud-server-80aa44565b3933443e6b192970b6f321c15c1a69.zip | |
Sanitize user input
Diffstat (limited to 'lib/db.php')
| -rw-r--r-- | lib/db.php | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/db.php b/lib/db.php index 1f0593b0804..42bd04e9880 100644 --- a/lib/db.php +++ b/lib/db.php @@ -299,7 +299,7 @@ class OC_DB { // Die if we have an error (error means: bad query, not 0 results!) if( PEAR::isError($result)) { $entry = 'DB Error: "'.$result->getMessage().'"<br />'; - $entry .= 'Offending command was: '.$query.'<br />'; + $entry .= 'Offending command was: '.htmlentities($query).'<br />'; OC_Log::write('core', $entry,OC_Log::FATAL); error_log('DB error: '.$entry); die( $entry ); @@ -309,7 +309,7 @@ class OC_DB { $result=self::$connection->prepare($query); }catch(PDOException $e) { $entry = 'DB Error: "'.$e->getMessage().'"<br />'; - $entry .= 'Offending command was: '.$query.'<br />'; + $entry .= 'Offending command was: '.htmlentities($query).'<br />'; OC_Log::write('core', $entry,OC_Log::FATAL); error_log('DB error: '.$entry); die( $entry ); |