X-Git-Url: https://scripts.mit.edu/gitweb/autoinstalls/wordpress.git/blobdiff_plain/ff81ee6e8304a1982a3ec4f5b134764a29d502cf..refs/tags/wordpress-2.0.4:/wp-includes/wp-db.php

diff --git a/wp-includes/wp-db.php b/wp-includes/wp-db.php
index 97238c39..8a4ebaa6 100644
--- a/wp-includes/wp-db.php
+++ b/wp-includes/wp-db.php
@@ -93,12 +93,14 @@ class wpdb {
 		$EZSQL_ERROR[] = 
 		array ('query' => $this->last_query, 'error_str' => $str);
 
+		$str = htmlspecialchars($str, ENT_QUOTES);
+		$query = htmlspecialchars($this->last_query, ENT_QUOTES);
 		// Is error output turned on or not..
 		if ( $this->show_errors ) {
 			// If there is an error then take note of it
 			print "<div id='error'>
 			<p class='wpdberror'><strong>WordPress database error:</strong> [$str]<br />
-			<code>$this->last_query</code></p>
+			<code>$query</code></p>
 			</div>";
 		} else {
 			return false;