Sanitize column sorting

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@462 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/select.inc.php b/select.inc.php
index ff89274c7a0bb9c147199774a5976ab7fa81d0e7..ab7afcd07e1469b1939d93ef97b3e5939217bcd5 100644 (file)
--- a/select.inc.php
+++ b/select.inc.php
@@ -233,7 +233,7 @@ for (var i=0; <?php echo $i; ?> > i; i++) {
                                if (!$j) {
                                        echo '<thead><tr>' . (count($select) == count($group) ? '<td><label><input type="checkbox" name="delete_selected" value="1" onclick="var elems = this.form.elements; for (var i=0; i < elems.length; i++) if (elems[i].name == \'delete[]\') elems[i].checked = this.checked;" />' . lang('all') . '</label></td>' : '');
                                        foreach ($row as $key => $val) {
-                                               echo '<th><a href="' . remove_from_uri('(order|desc)[^=]*') . '&amp;order%5B0%5D=' . htmlspecialchars($key) . ($_GET["order"][0] === $key && !$_GET["desc"][0] ? '&amp;desc%5B0%5D=1' : '') . '">' . htmlspecialchars($key) . "</a></th>";
+                                               echo '<th><a href="' . htmlspecialchars(remove_from_uri('(order|desc)[^=]*')) . '&amp;order%5B0%5D=' . htmlspecialchars($key) . ($_GET["order"][0] === $key && !$_GET["desc"][0] ? '&amp;desc%5B0%5D=1' : '') . '">' . htmlspecialchars($key) . "</a></th>";
                                        }
                                        echo "</tr></thead>\n";
                                }