Escape fulltext columns

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@169 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/select.inc.php b/select.inc.php
index bee8b9eb3f3c23f46f1d5cdbc880b076e94e06be..32dddc61e15c95c87967e6e0cfa3a635b2a076d3 100644 (file)
--- a/select.inc.php
+++ b/select.inc.php
@@ -32,7 +32,7 @@ if (!$columns) {
                        if (strlen($_GET["fulltext"][$i])) {
                                $where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $mysql->escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
                        }
-                       echo "(<i>" . implode("</i>, <i>", $index["columns"]) . "</i>) AGAINST";
+                       echo "(<i>" . implode("</i>, <i>", array_map('htmlspecialchars', $index["columns"])) . "</i>) AGAINST";
                        echo ' <input name="fulltext[' . $i . ']" value="' . htmlspecialchars($_GET["fulltext"][$i]) . '" />';
                        echo "<label for='boolean-$i'><input type='checkbox' name='boolean[$i]' value='1' id='boolean-$i'" . (isset($_GET["boolean"][$i]) ? " checked='checked'" : "") . " />" . lang('BOOL') . "</label>";
                        echo "<br />\n";