Preventively escape name

author Jakub Vrana <jakub@vrana.cz>

Sun, 23 May 2021 09:38:51 +0000 (11:38 +0200)

committer Jakub Vrana <jakub@vrana.cz>

Sun, 23 May 2021 09:38:51 +0000 (11:38 +0200)
author Jakub Vrana <jakub@vrana.cz>
Sun, 23 May 2021 09:38:51 +0000 (11:38 +0200)
committer Jakub Vrana <jakub@vrana.cz>
Sun, 23 May 2021 09:38:51 +0000 (11:38 +0200)
diff --git a/adminer/include/editing.inc.php b/adminer/include/editing.inc.php

index 5556b01472d926bef1237f707d317ded52e1922a..5e12d44bc7d238ad5306767a08a31ff9c4f4b928 100644 (file)
--- a/adminer/include/editing.inc.php
+++ b/adminer/include/editing.inc.php
@@ -151,7 +151,7 @@ function set_adminer_settings($settings) {
  */
  function textarea($name, $value, $rows = 10, $cols = 80) {
         global $jush;
-       echo "<textarea name='$name' rows='$rows' cols='$cols' class='sqlarea jush-$jush' spellcheck='false' wrap='off'>";
+       echo "<textarea name='" . h($name) . "' rows='$rows' cols='$cols' class='sqlarea jush-$jush' spellcheck='false' wrap='off'>";
         if (is_array($value)) {
                 foreach ($value as $val) { // not implode() to save memory
                         echo h($val[0]) . "\n\n\n"; // $val == array($query, $time, $elapsed)
author	Jakub Vrana <jakub@vrana.cz>
	Sun, 23 May 2021 09:38:51 +0000 (11:38 +0200)
committer	Jakub Vrana <jakub@vrana.cz>
	Sun, 23 May 2021 09:38:51 +0000 (11:38 +0200)