From 70083ad58346ff7190bcd8e56b63ab92f6abfa40 Mon Sep 17 00:00:00 2001
From: Piotr Przybylski <piotrprz@gmail.com>
Date: Thu, 14 Jul 2011 00:05:58 +0200
Subject: [PATCH] Fix XML export so it actually can export table structure More
 escaping fixes

---
 libraries/export/xml.php | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/libraries/export/xml.php b/libraries/export/xml.php
index cc6fe957a..83b51ee4c 100644
--- a/libraries/export/xml.php
+++ b/libraries/export/xml.php
@@ -86,7 +86,9 @@ function PMA_exportHeader() {
     global $table;
     global $tables;
     
-    $export_struct = isset($GLOBALS['xml_export_struc']) ? true : false;
+    $export_struct = isset($GLOBALS['xml_export_functions']) || isset($GLOBALS['xml_export_procedures'])
+        || isset($GLOBALS['xml_export_tables']) || isset($GLOBALS['xml_export_triggers'])
+        || isset($GLOBALS['xml_export_views']);
     $export_data = isset($GLOBALS['xml_export_contents']) ? true : false;
 
     if ($GLOBALS['output_charset_conversion']) {
@@ -151,7 +153,7 @@ function PMA_exportHeader() {
             
             $head .= '            <pma:' . $type . ' name="' . $table . '">' . $crlf;
             
-            $tbl = "                " . $tbl;
+            $tbl = "                " . htmlspecialchars($tbl);
             $tbl = str_replace("\n", "\n                ", $tbl);
             
             $head .= $tbl . ';' . $crlf;
@@ -167,7 +169,7 @@ function PMA_exportHeader() {
                         
                         // Do some formatting
                         $code = substr(rtrim($code), 0, -3);
-                        $code = "                " . $code;
+                        $code = "                " . htmlspecialchars($code);
                         $code = str_replace("\n", "\n                ", $code);
                         
                         $head .= $code . $crlf;
@@ -190,7 +192,7 @@ function PMA_exportHeader() {
                     // Do some formatting
                     $sql = PMA_DBI_get_definition($db, 'FUNCTION', $function);
                     $sql = rtrim($sql);
-                    $sql = "                " . $sql;
+                    $sql = "                " . htmlspecialchars($sql);
                     $sql = str_replace("\n", "\n                ", $sql);
                     
                     $head .= $sql . $crlf;
@@ -213,7 +215,7 @@ function PMA_exportHeader() {
                     // Do some formatting
                     $sql = PMA_DBI_get_definition($db, 'PROCEDURE', $procedure);
                     $sql = rtrim($sql);
-                    $sql = "                " . $sql;
+                    $sql = "                " . htmlspecialchars($sql);
                     $sql = str_replace("\n", "\n                ", $sql);
                     
                     $head .= $sql . $crlf;
@@ -255,7 +257,7 @@ function PMA_exportDBHeader($db) {
         $head = '    <!--' . $crlf
               . '    - ' . __('Database') . ': ' . (isset($GLOBALS['use_backquotes']) ? PMA_backquote($db) : '\'' . $db . '\''). $crlf
               . '    -->' . $crlf
-              . '    <database name="' . $db . '">' . $crlf;
+              . '    <database name="' . htmlspecialchars($db) . '">' . $crlf;
         
         return PMA_exportOutputHandler($head);
     }