From cc1ff8ef0fa79083590a88b629d587d6b3bf067d Mon Sep 17 00:00:00 2001
From: Damien Metzger <damien.metzger@prestashop.com>
Date: Wed, 13 Feb 2013 15:39:22 +0100
Subject: [PATCH] // htmlspecialchars on the sql queries in the profiling mode

---
 tools/profiling/Controller.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tools/profiling/Controller.php b/tools/profiling/Controller.php
index 7011ea222..1b55dd0dd 100644
--- a/tools/profiling/Controller.php
+++ b/tools/profiling/Controller.php
@@ -387,7 +387,7 @@ abstract class Controller extends ControllerCore
 		uasort($queries, 'prestashop_querytime_sort');
 		foreach ($queries as $data)
 		{
-			echo $hr.'<b '.$this->getTimeColor($data['time'] * 1000).'>'.round($data['time'] * 1000, 3).' ms</b> '.$data['query'].'<br />in '.$data['file'].':'.$data['line'].'<br />';
+			echo $hr.'<b '.$this->getTimeColor($data['time'] * 1000).'>'.round($data['time'] * 1000, 3).' ms</b> '.htmlspecialchars($data['query'], ENT_NOQUOTES, 'utf-8', false).'<br />in '.$data['file'].':'.$data['line'].'<br />';
 			if (preg_match('/^\s*select\s+/i', $data['query']))
 			{
 				$explain = Db::getInstance()->executeS('explain '.$data['query']);