diff options
| author | Michal Čihař <michal@cihar.com> | 2016-09-20 08:50:28 +0200 |
|---|---|---|
| committer | Michal Čihař <michal@cihar.com> | 2016-09-20 08:50:28 +0200 |
| commit | a483d102eba78bed67ebcf713c3885c4302f3e73 (patch) | |
| tree | 909efd5dbc0232909c64972111fa0d21fae26284 | |
| parent | 00eb34849e9e4b445c67368a1cc49d21c2b4bc0d (diff) | |
| download | sql-parser-a483d102eba78bed67ebcf713c3885c4302f3e73.zip sql-parser-a483d102eba78bed67ebcf713c3885c4302f3e73.tar.gz sql-parser-a483d102eba78bed67ebcf713c3885c4302f3e73.tar.bz2 | |
Fixed escaping HTML entities in HTML formatter
Fixes #83
Signed-off-by: Michal Čihař <michal@cihar.com>
| -rw-r--r-- | CHANGELOG.md | 1 | ||||
| -rw-r--r-- | src/Utils/Formatter.php | 5 |
2 files changed, 4 insertions, 2 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index e81d177..4490ae7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## [Unreleased] * Fix parsing of DEFINER without backquotes +* Fixed escaping HTML entities in HTML formatter ## [3.4.6] - 2016-09-13 diff --git a/src/Utils/Formatter.php b/src/Utils/Formatter.php index f82ef13..9804580 100644 --- a/src/Utils/Formatter.php +++ b/src/Utils/Formatter.php @@ -453,7 +453,7 @@ class Formatter // Formatting HTML. if ($this->options['type'] === 'html') { - return '<span ' . $format['html'] . '>' . $text . '</span>'; + return '<span ' . $format['html'] . '>' . htmlspecialchars($text, ENT_NOQUOTES) . '</span>'; } elseif ($this->options['type'] === 'cli') { return $format['cli'] . $text; } @@ -464,8 +464,9 @@ class Formatter if ($this->options['type'] === 'cli') { return "\x1b[39m" . $text; + } elseif ($this->options['type'] === 'html') { + return htmlspecialchars($text, ENT_NOQUOTES); } - return $text; } /** |