From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Sat, 14 Jul 2007 07:15:05 +0000 (+0000)
Subject: Escape fulltext columns
X-Git-Tag: v3.0.0~1339
X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=9e2848dbdad43750780ef14d2b8d7e169c2f278f;p=adminer.git

Escape fulltext columns

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@169 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---

diff --git a/select.inc.php b/select.inc.php
index bee8b9eb..32dddc61 100644
--- a/select.inc.php
+++ b/select.inc.php
@@ -32,7 +32,7 @@ if (!$columns) {
 			if (strlen($_GET["fulltext"][$i])) {
 				$where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $mysql->escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
 			}
-			echo "(<i>" . implode("</i>, <i>", $index["columns"]) . "</i>) AGAINST";
+			echo "(<i>" . implode("</i>, <i>", array_map('htmlspecialchars', $index["columns"])) . "</i>) AGAINST";
 			echo ' <input name="fulltext[' . $i . ']" value="' . htmlspecialchars($_GET["fulltext"][$i]) . '" />';
 			echo "<label for='boolean-$i'><input type='checkbox' name='boolean[$i]' value='1' id='boolean-$i'" . (isset($_GET["boolean"][$i]) ? " checked='checked'" : "") . " />" . lang('BOOL') . "</label>";
 			echo "<br />\n";