From 2d5cc12b7b7a915c533a2674c474424407fe0927 Mon Sep 17 00:00:00 2001 From: Nathan Malcolm Date: Wed, 3 Oct 2012 00:53:20 +0100 Subject: [PATCH] Fixes XSS vulnerability in Profiler --- laravel/profiling/profiler.php | 1 + 1 file changed, 1 insertion(+) diff --git a/laravel/profiling/profiler.php b/laravel/profiling/profiler.php index 360e4702..a26396ee 100644 --- a/laravel/profiling/profiler.php +++ b/laravel/profiling/profiler.php @@ -148,6 +148,7 @@ public static function query($sql, $bindings, $time) $binding = Database::connection()->pdo->quote($binding); $sql = preg_replace('/\?/', $binding, $sql, 1); + $sql = htmlspecialchars($sql); } static::$data['queries'][] = array($sql, $time);