Escape $functions

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@945 7c3ca157-0c34-0410-bff1-cbf682f78f5c
2009-07-30 08:37:38 +00:00 · 2009-07-30 08:37:38 +00:00 · 3b592c64b4
parent 98507da3ea
commit 3b592c64b4
1 changed files with 1 additions and 1 deletions
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@ -303,7 +303,7 @@ function input($field, $value, $function) {
 		$functions = (isset($_GET["select"]) ? array("orig" => lang('original')) : array()) + $adminer->editFunctions($field);
 		$first = array_search("", $functions) + (isset($_GET["select"]) ? 1 : 0);
 		$onchange = ($first ? " onchange=\"var f = this.form['function[" . addcslashes($name, "\r\n'\\") . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
-		echo (count($functions) > 1 ? "<select name='function[$name]'>" . optionlist($functions, $function) . "</select>" : (strlen($functions[0]) ? $functions[0] : "&nbsp;")) . '<td>';
+		echo (count($functions) > 1 ? "<select name='function[$name]'>" . optionlist($functions, $function) . "</select>" : (strlen($functions[0]) ? h($functions[0]) : "&nbsp;")) . '<td>';
 		$input = $adminer->editInput($_GET["edit"], $field, " name='fields[$name]'$onchange", $value); // usage in call is without a table
 		if (strlen($input)) {
 			echo $input;