File mysql-5.0.67-CVE-2008-4456.patch of Package mysql

Index: client/mysql.cc
===================================================================
--- client/mysql.cc.orig
+++ client/mysql.cc
@@ -3361,9 +3361,12 @@ print_table_data_html(MYSQL_RES *result)
   {
     while((field = mysql_fetch_field(result)))
     {
-      tee_fprintf(PAGER, "<TH>%s</TH>", (field->name ? 
-					 (field->name[0] ? field->name : 
-					  " &nbsp; ") : "NULL"));
+      tee_fputs("<TH>", PAGER);
+      if (field->name && field->name[0])
+        xmlencode_print(field->name, field->name_length);
+      else
+        tee_fputs(field->name ? " &nbsp; " : "NULL", PAGER);
+      tee_fputs("</TH>", PAGER);
     }
     (void) tee_fputs("</TR>", PAGER);
   }
@@ -3374,7 +3377,7 @@ print_table_data_html(MYSQL_RES *result)
     for (uint i=0; i < mysql_num_fields(result); i++)
     {
       (void) tee_fputs("<TD>", PAGER);
-      safe_put_field(cur[i],lengths[i]);
+      xmlencode_print(cur[i], lengths[i]);
       (void) tee_fputs("</TD>", PAGER);
     }
     (void) tee_fputs("</TR>", PAGER);
Index: mysql-test/r/mysql.result
===================================================================
--- mysql-test/r/mysql.result.orig
+++ mysql-test/r/mysql.result
@@ -180,4 +180,5 @@ ERROR at line 1: DELIMITER cannot contai
 1
 This is a file starting with UTF8 BOM 0xEFBBBF
 This is a file starting with UTF8 BOM 0xEFBBBF
+<TABLE BORDER=1><TR><TH>&lt;</TH></TR><TR><TD>&lt; &amp; &gt;</TD></TR></TABLE>
 End of 5.0 tests
Index: mysql-test/t/mysql.test
===================================================================
--- mysql-test/t/mysql.test.orig
+++ mysql-test/t/mysql.test
@@ -290,4 +290,11 @@ EOF
 --exec $MYSQL < $MYSQLTEST_VARDIR/tmp/bug29323.sql 2>&1
 remove_file $MYSQLTEST_VARDIR/tmp/bug29323.sql;
 
+#
+# Bug #27884: mysql --html does not quote HTML special characters in output
+# 
+--exec $MYSQL --html test -e "select '< & >' as \`<\`"
+
+--echo
+
 --echo End of 5.0 tests
openSUSE Build Service is sponsored by