From 9e2848dbdad43750780ef14d2b8d7e169c2f278f Mon Sep 17 00:00:00 2001
From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Sat, 14 Jul 2007 07:15:05 +0000
Subject: [PATCH] Escape fulltext columns

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@169 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---
 select.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/select.inc.php b/select.inc.php
index bee8b9eb..32dddc61 100644
--- a/select.inc.php
+++ b/select.inc.php
@@ -32,7 +32,7 @@ if (!$columns) {
 			if (strlen($_GET["fulltext"][$i])) {
 				$where[] = "MATCH (" . implode(", ", array_map('idf_escape', $index["columns"])) . ") AGAINST ('" . $mysql->escape_string($_GET["fulltext"][$i]) . "'" . (isset($_GET["boolean"][$i]) ? " IN BOOLEAN MODE" : "") . ")";
 			}
-			echo "(<i>" . implode("</i>, <i>", $index["columns"]) . "</i>) AGAINST";
+			echo "(<i>" . implode("</i>, <i>", array_map('htmlspecialchars', $index["columns"])) . "</i>) AGAINST";
 			echo ' <input name="fulltext[' . $i . ']" value="' . htmlspecialchars($_GET["fulltext"][$i]) . '" />';
 			echo "<label for='boolean-$i'><input type='checkbox' name='boolean[$i]' value='1' id='boolean-$i'" . (isset($_GET["boolean"][$i]) ? " checked='checked'" : "") . " />" . lang('BOOL') . "</label>";
 			echo "<br />\n";