Fixes for HTML in extension menu SQLs. :(

diff --git a/inc/db/lib-mysql3.php b/inc/db/lib-mysql3.php
index 8ed21c3218340cb79142db44896e4dbb535793b6..13d333d1b2e16f99c1cb5206e88ff7a0470ba18b 100644 (file)
--- a/inc/db/lib-mysql3.php
+++ b/inc/db/lib-mysql3.php
@@ -78,7 +78,7 @@ function SQL_QUERY ($sqlString, $F, $L) {
        $querytimeBefore = microtime(true);
 
        // Run SQL command
-       //* DEBUG: */ print('F=' . basename($F) . ',L=' . $L . 'sql=' . $sqlString . '<br />');
+       //* DEBUG: */ print('F=' . basename($F) . ',L=' . $L . 'sql=' . htmlentities($sqlString) . '<br />');
        $result = mysql_query($sqlString, SQL_GET_LINK())
                or addFatalMessage(__FUNCTION__, __LINE__, $F . ' (' . $L . '):' . mysql_error() . '<br />
 Query string:<br />

diff --git a/inc/filters.php b/inc/filters.php
index 3b198af56b624d6e5c47342160051e042c1e83a7..1033083dabfb021f07a19c9d7490055c69e461e4 100644 (file)
--- a/inc/filters.php
+++ b/inc/filters.php
@@ -434,7 +434,9 @@ function FILTER_COMPILE_CONFIG ($code, $compiled = false) {
        // Should we compile it?
        if ($compiled === true) {
                // Run the code
-               eval("\$GLOBALS['compiled_config'][\$uncompiled] = \"" . $GLOBALS['compiled_config'][$uncompiled] . "\";");
+               $eval = "\$GLOBALS['compiled_config'][\$uncompiled] = \"" . $GLOBALS['compiled_config'][$uncompiled] . "\";";
+               //* DEBUG: */ print '<pre>' . str_replace('$', '&#36;', htmlentities($eval)) . '</pre>';
+               eval($eval);
        } // END - if
 
        // Return compiled code