From d98b73914df6d09067add02afa7b8b24308f614e Mon Sep 17 00:00:00 2001
From: "Barry vd. Heuvel" <barryvdh@gmail.com>
Date: Mon, 4 Nov 2013 21:53:36 +0100
Subject: [PATCH] Escape params

Escape the params, to prevent html leaking.
---
 src/DebugBar/DataCollector/PDO/TracedStatement.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/DebugBar/DataCollector/PDO/TracedStatement.php b/src/DebugBar/DataCollector/PDO/TracedStatement.php
index 3e2800a..23cec5e 100644
--- a/src/DebugBar/DataCollector/PDO/TracedStatement.php
+++ b/src/DebugBar/DataCollector/PDO/TracedStatement.php
@@ -115,7 +115,10 @@ class TracedStatement
      */
     public function getParameters()
     {
-        return $this->parameters;
+		$params = array();
+        foreach($this->parameters as $param){
+            $params[] = htmlentities($param, ENT_QUOTES, 'UTF-8', false);
+        }
     }
 
     /**