More of missing escaping

2011-08-19 11:56:38 +02:00
parent e7d6cab2a2
commit 599c9b5e1b
1 changed files with 2 additions and 2 deletions
--- a/db_datadict.php
+++ b/db_datadict.php
@@ -249,9 +249,9 @@ while ($row = PMA_DBI_fetch_assoc($rowset)) {
    <td nowrap="nowrap">
        <?php
        if (isset($pk_array[$row['Field']])) {
-            echo '<u>' . $field_name . '</u>';
+            echo '<u>' . htmlspecialchars($field_name) . '</u>';
        } else {
-            echo $field_name;
+            echo htmlspecialchars($field_name);
        }
        ?>
    </td>