[Pkg-owncloud-commits] [owncloud] 41/73: Sanitize user input

[David Prévot]

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to annotated tag v4.0.10
in repository owncloud.

commit 1e7ac8ba15b1f810efcb868d41bf7e30d4fa3aab
Author: Lukas Reschke <lukas at statuscode.ch>
Date:   Sat Sep 22 10:55:25 2012 +0200

    Sanitize user input
---
 lib/db.php |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/db.php b/lib/db.php
index 08bd06d..e6f9a30 100644
--- a/lib/db.php
+++ b/lib/db.php
@@ -244,7 +244,7 @@ class OC_DB {
 			// Die if we have an error (error means: bad query, not 0 results!)
 			if( PEAR::isError($result)) {
 				$entry = 'DB Error: "'.$result->getMessage().'"<br />';
-				$entry .= 'Offending command was: '.$query.'<br />';
+				$entry .= 'Offending command was: '.htmlentities($query).'<br />';
 				OC_Log::write('core',$entry,OC_Log::FATAL);
 				die( $entry );
 			}
@@ -253,7 +253,7 @@ class OC_DB {
 				$result=self::$connection->prepare($query);
 			}catch(PDOException $e){
 				$entry = 'DB Error: "'.$e->getMessage().'"<br />';
-				$entry .= 'Offending command was: '.$query.'<br />';
+				$entry .= 'Offending command was: '.htmlentities($query).'<br />';
 				OC_Log::write('core',$entry,OC_Log::FATAL);
 				die( $entry );
 			}

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git