From ea1acfc8bcbbbb7073fc96a03e4065f64165d5ee Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Sun, 23 May 2021 11:38:51 +0200
Subject: [PATCH] Preventively escape name

---
 adminer/include/editing.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/adminer/include/editing.inc.php b/adminer/include/editing.inc.php
index 5556b014..5e12d44b 100644
--- a/adminer/include/editing.inc.php
+++ b/adminer/include/editing.inc.php
@@ -151,7 +151,7 @@ function set_adminer_settings($settings) {
 */
 function textarea($name, $value, $rows = 10, $cols = 80) {
 	global $jush;
-	echo "<textarea name='$name' rows='$rows' cols='$cols' class='sqlarea jush-$jush' spellcheck='false' wrap='off'>";
+	echo "<textarea name='" . h($name) . "' rows='$rows' cols='$cols' class='sqlarea jush-$jush' spellcheck='false' wrap='off'>";
 	if (is_array($value)) {
 		foreach ($value as $val) { // not implode() to save memory
 			echo h($val[0]) . "\n\n\n"; // $val == array($query, $time, $elapsed)