David A. Windham
david
/
laravel
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge pull request #1305 from nmalcolm/develop

Fixes XSS vulnerability in Profiler
Taylor Otwell 12 years ago
parent
4d3c68129b 2d5cc12b7b
commit
4f8a6724b0
1 changed files with 1 additions and 0 deletions
Split View Show Diff Stats
  1. 1 0
      laravel/profiling/profiler.php

+ 1 - 0
laravel/profiling/profiler.php
View File 

@@ -148,6 +148,7 @@ class Profiler {
 
 			$binding = Database::connection()->pdo->quote($binding);
 
 
 			$sql = preg_replace('/\?/', $binding, $sql, 1);
 
+			$sql = htmlspecialchars($sql);
 
 		}
 
 
 		static::$data['queries'][] = array($sql, $time);