From 7d5efb58dc67ddd1b654bb2431c82d9562e321bd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Michal=20=C4=8Ciha=C5=99?= <michal@cihar.com>
Date: Thu, 3 Mar 2011 07:13:49 +0100
Subject: [PATCH] Escape html

---
 db_search.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/db_search.php b/db_search.php
index 4b09ebaca..c401a4fa9 100644
--- a/db_search.php
+++ b/db_search.php
@@ -256,7 +256,7 @@ if (isset($_REQUEST['submit_search'])) {
             $this_url_params['sql_query'] = $newsearchsqls['delete'];
             $delete_result_path = 'sql.php' . PMA_generate_common_url($this_url_params);
             ?>
-            <td> <a name="delete_search" href="<?php echo $delete_result_path; ?>" onclick="deleteResult('<?php echo $delete_result_path ?>' , ' <?php printf(__('Delete the matches for the %s table?'), . $each_table ); ?>','<?php echo ($GLOBALS['cfg']['AjaxEnable']); ?>');return false;" ><?php echo __('Delete') ?></a>   </td>
+            <td> <a name="delete_search" href="<?php echo $delete_result_path; ?>" onclick="deleteResult('<?php echo $delete_result_path ?>' , ' <?php printf(__('Delete the matches for the %s table?'), htmlspecialchars($each_table)); ?>','<?php echo ($GLOBALS['cfg']['AjaxEnable']); ?>');return false;" ><?php echo __('Delete') ?></a>   </td>
             <?php
          } else {
             echo '<td>&nbsp;</td>' . "\n"