From d98b73914df6d09067add02afa7b8b24308f614e Mon Sep 17 00:00:00 2001 From: "Barry vd. Heuvel" Date: Mon, 4 Nov 2013 21:53:36 +0100 Subject: [PATCH] Escape params Escape the params, to prevent html leaking. --- src/DebugBar/DataCollector/PDO/TracedStatement.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/DebugBar/DataCollector/PDO/TracedStatement.php b/src/DebugBar/DataCollector/PDO/TracedStatement.php index 3e2800a..23cec5e 100644 --- a/src/DebugBar/DataCollector/PDO/TracedStatement.php +++ b/src/DebugBar/DataCollector/PDO/TracedStatement.php @@ -115,7 +115,10 @@ class TracedStatement */ public function getParameters() { - return $this->parameters; + $params = array(); + foreach($this->parameters as $param){ + $params[] = htmlentities($param, ENT_QUOTES, 'UTF-8', false); + } } /**