diff --git a/server_privileges.php b/server_privileges.php
index 23d174b98..1e6d64edc 100644
--- a/server_privileges.php
+++ b/server_privileges.php
@@ -1595,7 +1595,7 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
} else {
echo ' - ' . $GLOBALS['strDatabase'];
}
- $url_dbname = urlencode(str_replace('\_', '_', $dbname));
+ $url_dbname = htmlspecialchars(urlencode(str_replace('\_', '_', $dbname)));
echo ' ' . htmlspecialchars($dbname) . '' . "\n";
if (isset($tablename) && strlen($tablename)) {
echo ' - ' . $GLOBALS['strTable'] . ' ' . htmlspecialchars($tablename) . '' . "\n";
@@ -1841,14 +1841,14 @@ if (empty($adduser) && (! isset($checkprivs) || ! strlen($checkprivs))) {
. ' | ';
printf($link_edit, urlencode($username),
urlencode($hostname),
- urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname),
+ htmlspecialchars(urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname)),
urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name']));
echo ' | ' . "\n"
. ' ';
if (! empty($row['can_delete']) || isset($row['Table_name']) && strlen($row['Table_name'])) {
printf($link_revoke, urlencode($username),
urlencode($hostname),
- urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname),
+ htmlspecialchars(urlencode((! isset($dbname) || ! strlen($dbname)) ? $row['Db'] : $dbname)),
urlencode((! isset($dbname) || ! strlen($dbname)) ? '' : $row['Table_name']));
}
echo ' | ' . "\n"