From b723b9f415c042a1e50790e5e0d18e5448b77cfd Mon Sep 17 00:00:00 2001
From: Robert Sesek <rsesek@bluestatic.org>
Date: Sun, 20 Feb 2005 21:26:22 +0000
Subject: [PATCH] Fixed possible exploit in query link where the original URI
 was not sanitized.

---
 template.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/template.php b/template.php
index f94aa84..17bde98 100644
--- a/template.php
+++ b/template.php
@@ -229,7 +229,7 @@ class DB_Template
 			$debug .= "\n\t<li><strong>Source Control:</strong> $scinfo</li>";
 			
 			// query information
-			$debug .= "\n\t<li><strong>Total Queries:</strong> " . sizeof($_isso->db->history) . " (<a href=\"" . $_SERVER['REQUEST_URI'] . iff(strpos($_SERVER['REQUEST_URI'], '?') !== false, '&amp;query=1', '?query=1') . "\">?<a/>)</li>";
+			$debug .= "\n\t<li><strong>Total Queries:</strong> " . sizeof($_isso->db->history) . " (<a href=\"" . $_isso->sanitize($_SERVER['REQUEST_URI']) . iff(strpos($_SERVER['REQUEST_URI'], '?') !== false, '&amp;query=1', '?query=1') . "\">?<a/>)</li>";
 						
 			// debug notices
 			$debug .= "\n\t<li>\n\t\t<select>\n\t\t\t<option>Debug Notices (" . sizeof($_isso->debuginfo) . ")</option>";
-- 
2.22.5