From 00add5c43f594f80dab6304a5bb35d2e50540d2d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <mcihar@novell.com>
Date: Tue, 17 Aug 2010 16:09:07 +0200
Subject: [PATCH] Add option to escape PMA_sanitize output.

This is required when it is used in form values.
---
 libraries/sanitizing.lib.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/libraries/sanitizing.lib.php b/libraries/sanitizing.lib.php
index 2b54bf197..890e4a287 100644
--- a/libraries/sanitizing.lib.php
+++ b/libraries/sanitizing.lib.php
@@ -19,7 +19,7 @@
  *
  * @access  public
  */
-function PMA_sanitize($message)
+function PMA_sanitize($message, $escape = false)
 {
     $replace_pairs = array(
         '<'         => '&lt;',
@@ -67,6 +67,10 @@ function PMA_sanitize($message)
         $message = preg_replace($pattern, '<a href="\1" target="\2">', $message);
     }
 
+    if ($escape) {
+        $message = htmlspecialchars($message);
+    }
+
     return $message;
 }
 ?>