' . "\n"
. ($GLOBALS['cfg']['PropertiesIconic'] ? '
' : '')
- . $GLOBALS['strUser'] . ' \'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'' . "\n";
+ . $GLOBALS['strUser'] . ' \'' . htmlspecialchars($username) . '\'@\'' . htmlspecialchars($hostname) . '\'' . "\n";
if (isset($dbname) && strlen($dbname)) {
if ($dbname_is_wildcard) {
echo ' - ' . $GLOBALS['strDatabases'];
@@ -1839,14 +1839,14 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
}
echo '' . "\n"
. ' ';
- printf($link_edit, urlencode($username),
+ printf($link_edit, htmlspecialchars(urlencode($username)),
urlencode($hostname),
htmlspecialchars(urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname)),
urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name']));
echo ' | ' . "\n"
. ' ';
if (! empty($row['can_delete']) || isset($row['Table_name']) && strlen($row['Table_name'])) {
- printf($link_revoke, urlencode($username),
+ printf($link_revoke, htmlspecialchars(urlencode($username)),
urlencode($hostname),
htmlspecialchars(urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname)),
urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name']));
|