[HttpKernel] added escaping to the profiler SQLite storage

src/Symfony/Bundle/WebProfilerBundle/Controller/ProfilerController.php

@@ -233,7 +233,7 @@ class ProfilerController extends ContainerAware
         $tokens = $profiler->find($ip, $url, $limit);
 
         $response = $this->container->get('response');
-        $response->setRedirect($this->container->get('router')->generate('_profiler_search_results', array('token' => $tokens[0]['token'])));
+        $response->setRedirect($this->container->get('router')->generate('_profiler_search_results', array('token' => $tokens ? $tokens[0]['token'] : '')));
 
         return $response;
     }

src/Symfony/Component/HttpKernel/Profiler/SQLiteProfilerStorage.php

@@ -40,19 +40,20 @@ class SQLiteProfilerStorage implements ProfilerStorageInterface
      */
     public function find($ip, $url, $limit)
     {
+        $db = $this->initDb();
+
         $criteria = array();
 
         if ($ip = preg_replace('/[^\d\.]/', '', $ip)) {
-            $criteria[] = ' ip LIKE "%'.$ip.'%"';
+            $criteria[] = " ip LIKE '%".$ip."%'";
         }
 
         if ($url) {
-            $criteria[] = ' url LIKE "%'.$url.'%"';
+            $criteria[] = " url LIKE '%".$db->escapeString($url)."%'";
         }
 
         $criteria = $criteria ? 'WHERE '.implode(' AND ', $criteria) : '';
 
-        $db = $this->initDb();
         $tokens = $this->fetch($db, 'SELECT token, ip, url, time FROM data '.$criteria.' ORDER BY time DESC LIMIT '.((integer) $limit));
         $this->close($db);