Escape $functions

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@945 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index f4a43da3a3b49bb0585d8c97344427c450d4e60e..4859e4f2e07f52c6fa4f87b7bb18a77d71b4c00c 100644 (file)
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -303,7 +303,7 @@ function input($field, $value, $function) {
                $functions = (isset($_GET["select"]) ? array("orig" => lang('original')) : array()) + $adminer->editFunctions($field);
                $first = array_search("", $functions) + (isset($_GET["select"]) ? 1 : 0);
                $onchange = ($first ? " onchange=\"var f = this.form['function[" . addcslashes($name, "\r\n'\\") . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
-               echo (count($functions) > 1 ? "<select name='function[$name]'>" . optionlist($functions, $function) . "</select>" : (strlen($functions[0]) ? $functions[0] : "&nbsp;")) . '<td>';
+               echo (count($functions) > 1 ? "<select name='function[$name]'>" . optionlist($functions, $function) . "</select>" : (strlen($functions[0]) ? h($functions[0]) : "&nbsp;")) . '<td>';
                $input = $adminer->editInput($_GET["edit"], $field, " name='fields[$name]'$onchange", $value); // usage in call is without a table
                if (strlen($input)) {
                        echo $input;