Index: branches/5.2.x/core/units/admin/admin_tag_processor.php
===================================================================
diff -u -N -r15590 -r15618
--- branches/5.2.x/core/units/admin/admin_tag_processor.php	(.../admin_tag_processor.php)	(revision 15590)
+++ branches/5.2.x/core/units/admin/admin_tag_processor.php	(.../admin_tag_processor.php)	(revision 15618)
@@ -1,6 +1,6 @@
 <?php
 /**
-* @version	$Id: admin_tag_processor.php 15590 2012-10-18 15:37:18Z alex $
+* @version	$Id: admin_tag_processor.php 15618 2012-11-07 16:27:32Z alex $
 * @package	In-Portal
 * @copyright	Copyright (C) 1997 - 2009 Intechnic. All rights reserved.
 * @license      GNU/GPL
@@ -957,34 +957,36 @@
 
 		function PrintSqlCols($params)
 		{
-			$a_data = unserialize($this->Application->GetVar('sql_rows'));
 			$ret = '';
 			$block = $params['render_as'];
-			foreach ($a_data AS $a_row)
-			{
-				foreach ($a_row AS $col => $value)
-				{
-					$ret .= $this->Application->ParseBlock(Array('name'=>$block, 'value'=>$col));
-				}
-				break;
+			$a_data = unserialize($this->Application->GetVar('sql_rows'));
+
+			$a_row = current($a_data);
+
+			foreach ($a_row AS $col => $value) {
+				$ret .= $this->Application->ParseBlock(Array ('name' => $block, 'value' => $col));
 			}
+
 			return $ret;
 		}
 
 		function PrintSqlRows($params)
 		{
-			$a_data = unserialize($this->Application->GetVar('sql_rows'));
 			$ret = '';
 			$block = $params['render_as'];
-			foreach ($a_data AS $a_row)
-			{
+			$a_data = unserialize($this->Application->GetVar('sql_rows'));
+
+			foreach ($a_data as $a_row) {
 				$cells = '';
-				foreach ($a_row AS $col => $value)
-				{
-					$cells .= '<td>'.$value.'</td>';
+				$a_row = array_map('htmlspecialchars', $a_row);
+
+				foreach ($a_row as $value) {
+					$cells .= '<td>' . $value . '</td>';
 				}
-				$ret .= $this->Application->ParseBlock(Array('name'=>$block, 'cells'=>$cells));
+
+				$ret .= $this->Application->ParseBlock(Array ('name' => $block, 'cells' => $cells));
 			}
+
 			return $ret;
 		}