In-Portal Issue Tracker

Index: admin_events_handler.php
===================================================================
--- admin_events_handler.php	(revision 15602)
+++ admin_events_handler.php	(working copy)
@@ -886,6 +886,11 @@
 
 			if ( $result ) {
 				if ( is_array($result) ) {
+
+					foreach ($result AS $id => $row) {
+						$result[$id] = array_map('htmlspecialchars', $row);
+					}
+
 					$this->Application->SetVar('sql_has_rows', 1);
 					$this->Application->SetVar('sql_rows', serialize($result));
 				}

Index: admin_templates/tools/sql_query.tpl
===================================================================
--- admin_templates/tools/sql_query.tpl	(revision 15607)
+++ admin_templates/tools/sql_query.tpl	(working copy)
@@ -57,28 +57,34 @@
 
 <inp2:m_if check="m_Get" var="query_status">
 	<inp2:m_if check="m_Get" var="sql_has_rows">
-		<br />
+		<br/>
 		<table width="100%" cellspacing="0" cellpadding="0" class="bordered">
-			<tr class="<inp2:m_odd_even odd="table-color1" even="table-color2"/>">
+			<tr class="<inp2:m_odd_even odd='table-color1' even='table-color2'/>">
 				<inp2:m_inc param="tab_index" by="1"/>
-			  <td colspan="3">
-				<table width="100%" border="0" cellspacing="0" cellpadding="4">
-			  	<inp2:m_DefineElement name="sql_column_title">
-				<td width="100%" nowrap="nowrap">
-					<span class="columntitle_small"><img title="" src="../../admin/images/list_arrow_rt.gif" align="absmiddle" border="0"><inp2:m_param name="value"/></span>
+				<td colspan="3">
+					<table width="100%" border="0" cellspacing="0" cellpadding="4">
+						<tr class="grid-header-row-0">
+							<inp2:m_DefineElement name="sql_column_title">
+								<td width="100%" nowrap="nowrap">
+									<span class="columntitle_small">
+										<img title="" src="../../admin/images/list_arrow_rt.gif" align="absmiddle" border="0">
+										<inp2:m_param name="value"/>
+									</span>
+								</td>
+							</inp2:m_DefineElement>
+
+							<inp2:adm_PrintSqlCols render_as="sql_column_title"/>
+						</tr>
+
+						<inp2:m_DefineElement name="sql_row">
+							<tr class="<inp2:m_odd_even odd='table-color1' even='table-color2'/>">
+								<inp2:m_param name="cells"/>
+							</tr>
+						</inp2:m_DefineElement>
+
+						<inp2:adm_PrintSqlRows render_as="sql_row"/>
+					</table>
 				</td>
-			  	</inp2:m_DefineElement>
-			  	<inp2:m_DefineElement name="sql_row">
-				<tr class="<inp2:m_odd_even odd="table-color1" even="table-color2"/>">
-					<inp2:m_param name="cells"/>
-				</tr>
-			  	</inp2:m_DefineElement>
-			  	<tr class="grid-header-row-0">
-			  		<inp2:adm_PrintSqlCols render_as="sql_column_title"/>
-			  	</tr>
-			  	<inp2:adm_PrintSqlRows render_as="sql_row"/>
-			  	</table>
-			  </td>
 			</tr>
 		</table>
 	</inp2:m_if>
Index: units/admin/admin_events_handler.php
===================================================================
--- units/admin/admin_events_handler.php	(revision 15607)
+++ units/admin/admin_events_handler.php	(working copy)
@@ -884,11 +884,9 @@
 			$result = $this->Conn->Query($sql);
 			$this->Application->SetVar('sql_time', round(microtime(true) - $start, 7));
 
-			if ( $result ) {
-				if ( is_array($result) ) {
-					$this->Application->SetVar('sql_has_rows', 1);
-					$this->Application->SetVar('sql_rows', serialize($result));
-				}
+			if ( $result && is_array($result) ) {
+				$this->Application->SetVar('sql_has_rows', 1);
+				$this->Application->SetVar('sql_rows', serialize($result));
 			}
 
 			$check_sql = trim(strtolower($sql));
Index: units/admin/admin_tag_processor.php
===================================================================
--- units/admin/admin_tag_processor.php	(revision 15607)
+++ units/admin/admin_tag_processor.php	(working copy)
@@ -957,34 +957,36 @@
 
 		function PrintSqlCols($params)
 		{
-			$a_data = unserialize($this->Application->GetVar('sql_rows'));
 			$ret = '';
 			$block = $params['render_as'];
-			foreach ($a_data AS $a_row)
-			{
-				foreach ($a_row AS $col => $value)
-				{
-					$ret .= $this->Application->ParseBlock(Array('name'=>$block, 'value'=>$col));
-				}
-				break;
+			$a_data = unserialize($this->Application->GetVar('sql_rows'));
+
+			$a_row = current($a_data);
+
+			foreach ($a_row AS $col => $value) {
+				$ret .= $this->Application->ParseBlock(Array ('name' => $block, 'value' => $col));
 			}
+
 			return $ret;
 		}
 
 		function PrintSqlRows($params)
 		{
-			$a_data = unserialize($this->Application->GetVar('sql_rows'));
 			$ret = '';
 			$block = $params['render_as'];
-			foreach ($a_data AS $a_row)
-			{
+			$a_data = unserialize($this->Application->GetVar('sql_rows'));
+
+			foreach ($a_data as $a_row) {
 				$cells = '';
-				foreach ($a_row AS $col => $value)
-				{
-					$cells .= '<td>'.$value.'</td>';
+				$a_row = array_map('htmlspecialchars', $a_row);
+
+				foreach ($a_row as $value) {
+					$cells .= '<td>' . $value . '</td>';
 				}
-				$ret .= $this->Application->ParseBlock(Array('name'=>$block, 'cells'=>$cells));
+
+				$ret .= $this->Application->ParseBlock(Array ('name' => $block, 'cells' => $cells));
 			}
+
 			return $ret;
 		}