Bug #27884: mysql --html does not quote HTML special characters in output

  Fix encoding of field values and names in HTML output from mysql client.

client/mysql.cc

@@ -3381,9 +3381,12 @@ print_table_data_html(MYSQL_RES *result)
   {
     while((field = mysql_fetch_field(result)))
     {
-      tee_fprintf(PAGER, "<TH>%s</TH>", (field->name ? 
-					 (field->name[0] ? field->name : 
-					  " &nbsp; ") : "NULL"));
+      tee_fputs("<TH>", PAGER);
+      if (field->name && field->name[0])
+        xmlencode_print(field->name, field->name_length);
+      else
+        tee_fputs(field->name ? " &nbsp; " : "NULL", PAGER);
+      tee_fputs("</TH>", PAGER);
     }
     (void) tee_fputs("</TR>", PAGER);
   }
@@ -3396,7 +3399,7 @@ print_table_data_html(MYSQL_RES *result)
     for (uint i=0; i < mysql_num_fields(result); i++)
     {
       (void) tee_fputs("<TD>", PAGER);
-      safe_put_field(cur[i],lengths[i]);
+      xmlencode_print(cur[i], lengths[i]);
       (void) tee_fputs("</TD>", PAGER);
     }
     (void) tee_fputs("</TR>", PAGER);

mysql-test/r/mysql.result

@@ -200,4 +200,5 @@ Warning (Code 1286): Unknown table engine 'nonexistent2'
 Warning (Code 1266): Using storage engine MyISAM for table 't2'
 Error (Code 1050): Table 't2' already exists
 drop tables t1, t2;
+<TABLE BORDER=1><TR><TH>&lt;</TH></TR><TR><TD>&lt; &amp; &gt;</TD></TR></TABLE>
 End of tests

mysql-test/t/mysql.test

@@ -367,4 +367,10 @@ remove_file $MYSQLTEST_VARDIR/tmp/bug31060.sql;
 
 drop tables t1, t2;
 
+#
+# Bug #27884: mysql --html does not quote HTML special characters in output
+# 
+--exec $MYSQL --html test -e "select '< & >' as \`<\`"
+
+--echo
 --echo End of tests