From: Jakub Vrana <jakub@vrana.cz>
Date: Fri, 5 Jul 2013 08:31:53 +0000 (-0700)
Subject: Avoid double escaping in second page title
X-Git-Tag: v4.0.0~178
X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=f4addc525922cf3b819a4f7ffff8a0f120a26428;p=adminer.git

Avoid double escaping in second page title
---

diff --git a/adminer/create.inc.php b/adminer/create.inc.php
index 93c415ad..1bb8715d 100644
--- a/adminer/create.inc.php
+++ b/adminer/create.inc.php
@@ -108,7 +108,7 @@ if ($_POST && !process_fields($row["fields"]) && !$error) {
 	}
 }
 
-page_header(($TABLE != "" ? lang('Alter table') : lang('Create table')), $error, array("table" => $TABLE), $TABLE);
+page_header(($TABLE != "" ? lang('Alter table') : lang('Create table')), $error, array("table" => $TABLE), h($TABLE));
 
 if (!$_POST) {
 	$row = array(
diff --git a/adminer/database.inc.php b/adminer/database.inc.php
index caf31583..d2a5b618 100644
--- a/adminer/database.inc.php
+++ b/adminer/database.inc.php
@@ -35,7 +35,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
 	}
 }
 
-page_header(DB != "" ? lang('Alter database') : lang('Create database'), $error, array(), DB);
+page_header(DB != "" ? lang('Alter database') : lang('Create database'), $error, array(), h(DB));
 
 $collations = collations();
 $name = DB;
diff --git a/adminer/dump.inc.php b/adminer/dump.inc.php
index cb51f181..4ad663a3 100644
--- a/adminer/dump.inc.php
+++ b/adminer/dump.inc.php
@@ -117,7 +117,7 @@ SET sql_mode = 'NO_AUTO_VALUE_ON_ZERO';
 	exit;
 }
 
-page_header(lang('Export'), $error, ($_GET["export"] != "" ? array("table" => $_GET["export"]) : array()), DB);
+page_header(lang('Export'), $error, ($_GET["export"] != "" ? array("table" => $_GET["export"]) : array()), h(DB));
 ?>
 
 <form action="" method="post">
diff --git a/adminer/edit.inc.php b/adminer/edit.inc.php
index 844e5354..d63e1534 100644
--- a/adminer/edit.inc.php
+++ b/adminer/edit.inc.php
@@ -65,7 +65,7 @@ page_header(
 	($update ? lang('Edit') : lang('Insert')),
 	$error,
 	array("select" => array($TABLE, $table_name)),
-	$table_name //! two calls of h()
+	$table_name
 );
 
 $row = null;
diff --git a/adminer/foreign.inc.php b/adminer/foreign.inc.php
index 1768a101..e9dc8bab 100644
--- a/adminer/foreign.inc.php
+++ b/adminer/foreign.inc.php
@@ -24,7 +24,7 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["change"] && !$_POST["change-
 	}
 }
 
-page_header(lang('Foreign key'), $error, array("table" => $TABLE), $TABLE);
+page_header(lang('Foreign key'), $error, array("table" => $TABLE), h($TABLE));
 
 if ($_POST) {
 	ksort($row["source"]);
diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index 8771e17a..312fa1c5 100644
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -2,14 +2,14 @@
 /** Print HTML header
 * @param string used in title, breadcrumb and heading, should be HTML escaped
 * @param string
-* @param mixed array("key" => "link=desc", "key2" => array("link", "desc")), null for nothing, false for driver only, true for driver and server
-* @param string used after colon in title and heading, will be HTML escaped
+* @param mixed array("key" => "link", "key2" => array("link", "desc")), null for nothing, false for driver only, true for driver and server
+* @param string used after colon in title and heading, should be HTML escaped
 * @return null
 */
 function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
 	global $LANG, $adminer, $connection, $drivers;
 	page_headers();
-	$title_all = $title . ($title2 != "" ? ": " . h($title2) : "");
+	$title_all = $title . ($title2 != "" ? ": $title2" : "");
 	$title_page = strip_tags($title_all . (SERVER != "" && SERVER != "localhost" ? h(" - " . SERVER) : "") . " - " . $adminer->name());
 	?>
 <!DOCTYPE html>
diff --git a/adminer/indexes.inc.php b/adminer/indexes.inc.php
index e9ab675f..8ca12c61 100644
--- a/adminer/indexes.inc.php
+++ b/adminer/indexes.inc.php
@@ -64,7 +64,7 @@ if ($_POST && !$error && !$_POST["add"]) {
 	queries_redirect(ME . "table=" . urlencode($TABLE), lang('Indexes have been altered.'), alter_indexes($TABLE, $alter));
 }
 
-page_header(lang('Indexes'), $error, array("table" => $TABLE), $TABLE);
+page_header(lang('Indexes'), $error, array("table" => $TABLE), h($TABLE));
 
 $fields = array_keys(fields($TABLE));
 if ($_POST["add"]) {
diff --git a/adminer/schema.inc.php b/adminer/schema.inc.php
index 6383c86d..c49da537 100644
--- a/adminer/schema.inc.php
+++ b/adminer/schema.inc.php
@@ -1,5 +1,5 @@
 <?php
-page_header(lang('Database schema'), "", array(), DB . ($_GET["ns"] ? ".$_GET[ns]" : ""));
+page_header(lang('Database schema'), "", array(), h(DB . ($_GET["ns"] ? ".$_GET[ns]" : "")));
 
 $table_pos = array();
 $table_pos_js = array();
diff --git a/adminer/view.inc.php b/adminer/view.inc.php
index c627b446..32578b58 100644
--- a/adminer/view.inc.php
+++ b/adminer/view.inc.php
@@ -36,7 +36,7 @@ if (!$_POST && $TABLE != "") {
 	}
 }
 
-page_header(($TABLE != "" ? lang('Alter view') : lang('Create view')), $error, array("table" => $TABLE), $TABLE);
+page_header(($TABLE != "" ? lang('Alter view') : lang('Create view')), $error, array("table" => $TABLE), h($TABLE));
 ?>
 
 <form action="" method="post">