Random XSS exploit

git-svn-id: file:///svn/phpbb/trunk@3855 89ea8834-ac86-4346-8a33-228a782c2dd0
2025-06-26 21:15:21 +02:00 · 2003-04-16 20:22:12 +00:00
parent 1f4b7d27af
commit afaf95bb13
1 changed files with 1 additions and 1 deletions
--- a/phpBB/includes/db/mysql.php
+++ b/phpBB/includes/db/mysql.php
@ -429,7 +429,7 @@ class sql_db
 			$this_page = (!empty($_SERVER['PHP_SELF'])) ? $_SERVER['PHP_SELF'] : $_ENV['PHP_SELF'];
 			$this_page .= '&' . ((!empty($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : $_ENV['QUERY_STRING']);

-			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @mysql_error() . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . $this_page . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
+			$message = '<u>SQL ERROR</u> [ ' . SQL_LAYER . ' ]<br /><br />' . @mysql_error() . '<br /><br /><u>CALLING PAGE</u><br /><br />'  . htmlspecialchars($this_page) . (($sql != '') ? '<br /><br /><u>SQL</u><br /><br />' . $sql : '') . '<br />';
 			trigger_error($message, E_USER_ERROR);
 		}