Fix XSS with $cfg['SQP']['fmtType'] = 'text'.

libraries/sqlparser.lib.php

@@ -2456,7 +2456,7 @@ if (! defined('PMA_MINIMUM_COMMON')) {
             }
             $after                 .= "\n";
 */
-            $str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : $arr[$i]['data']). $after;
+            $str .= $before . ($mode=='color' ? PMA_SQP_formatHTML_colorize($arr[$i]) : htmlspecialchars($arr[$i]['data'])). $after;
         } // end for
         if ($mode=='color') {
             $str .= '</span>';