$NetBSD: patch-bh,v 1.3 2009/01/28 09:44:34 he Exp $

What was here before: workaround for our use of -ledit instead
of the real readline (?).

New: add patch from http://bugs.mysql.com/file.php?id=9232,
referenced on http://bugs.mysql.com/bug.php?id=27884, to fix the
vulnerability recorded in
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4456.

--- client/mysql.cc.orig	2008-08-04 12:19:04.000000000 +0000
+++ client/mysql.cc
@@ -2263,7 +2263,11 @@ static char **new_mysql_completion (cons
 */
 
 #if defined(USE_NEW_READLINE_INTERFACE) || defined(USE_LIBEDIT_INTERFACE)
+#  if defined(__NetBSD__) || defined(__DragonFly__)
+int no_completion(const char *, int)
+#  else
 char *no_completion(const char*,int)
+#  endif
 #else
 char *no_completion()
 #endif
@@ -3361,9 +3365,12 @@ print_table_data_html(MYSQL_RES *result)
   {
     while((field = mysql_fetch_field(result)))
     {
-      tee_fprintf(PAGER, "<TH>%s</TH>", (field->name ? 
-					 (field->name[0] ? field->name : 
-					  " &nbsp; ") : "NULL"));
+      tee_fputs("<TH>", PAGER);
+      if (field->name && field->name[0])
+        xmlencode_print(field->name, field->name_length);
+      else
+        tee_fputs(field->name ? " &nbsp; " : "NULL", PAGER);
+      tee_fputs("</TH>", PAGER);
     }
     (void) tee_fputs("</TR>", PAGER);
   }
@@ -3374,7 +3381,7 @@ print_table_data_html(MYSQL_RES *result)
     for (uint i=0; i < mysql_num_fields(result); i++)
     {
       (void) tee_fputs("<TD>", PAGER);
-      safe_put_field(cur[i],lengths[i]);
+      xmlencode_print(cur[i], lengths[i]);
       (void) tee_fputs("</TD>", PAGER);
     }
     (void) tee_fputs("</TR>", PAGER);