From 85d879803c88aa036934d36977a10b5d28b70aaa Mon Sep 17 00:00:00 2001
From: Rob Hudson
Date: Wed, 24 Sep 2008 16:23:01 -0700
Subject: Adding a SHA-1 hash to the parameters passed to get the EXPLAIN query
 to avoid any sort of tampering of the SQL or parameters.

---
 debug_toolbar/templates/debug_toolbar/panels/sql.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'debug_toolbar/templates')

diff --git a/debug_toolbar/templates/debug_toolbar/panels/sql.html b/debug_toolbar/templates/debug_toolbar/panels/sql.html
index 052b36a..e218f22 100644
--- a/debug_toolbar/templates/debug_toolbar/panels/sql.html
+++ b/debug_toolbar/templates/debug_toolbar/panels/sql.html
@@ -13,7 +13,7 @@
 				<td>{{ query.time|floatformat:"4" }}</td>
 				<td>
 				{% if query.params %}
-					<a class="remoteCall" href="/__debug__/sql_explain/?sql={{ query.raw_sql|urlencode }}&params={{ query.params|urlencode }}&time={{ query.time|floatformat:"4"|urlencode }}">EXPLAIN</a>
+					<a class="remoteCall" href="/__debug__/sql_explain/?sql={{ query.raw_sql|urlencode }}&params={{ query.params|urlencode }}&time={{ query.time|floatformat:"4"|urlencode }}&hash={{ query.hash }}">EXPLAIN</a>
 				{% endif %}
 				</td>
 				<td class="syntax">{{ query.sql|safe }}</td>
-- 
cgit v1.2.3