Preventively escape name
This commit is contained in:
parent
2dd65f0c0f
commit
ea1acfc8bc
|
@ -151,7 +151,7 @@ function set_adminer_settings($settings) {
|
|||
*/
|
||||
function textarea($name, $value, $rows = 10, $cols = 80) {
|
||||
global $jush;
|
||||
echo "<textarea name='$name' rows='$rows' cols='$cols' class='sqlarea jush-$jush' spellcheck='false' wrap='off'>";
|
||||
echo "<textarea name='" . h($name) . "' rows='$rows' cols='$cols' class='sqlarea jush-$jush' spellcheck='false' wrap='off'>";
|
||||
if (is_array($value)) {
|
||||
foreach ($value as $val) { // not implode() to save memory
|
||||
echo h($val[0]) . "\n\n\n"; // $val == array($query, $time, $elapsed)
|
||||
|
|
Loading…
Reference in a new issue