Fix HTML escaping for db and table parameters on "Privileges" page

Signed-off-by: William Desportes <williamdes@wdes.fr>
phpmyadmin · May 20, 2020 · 10ef81d · 10ef81d
1 parent 1686770
commit 10ef81d
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/templates/table/privileges/index.twig b/templates/table/privileges/index.twig
@@ -8,7 +8,7 @@
         {{ 'Users having access to "%s"'|trans|format('<a href="' ~ table_url ~ get_common({
           'db': db,
           'table': table
-        }, '&') ~ '">' ~ db ~ '.' ~ table ~ '</a>')|raw }}
+        }, '&') ~ '">' ~ db|escape('html') ~ '.' ~ table|escape('html') ~ '</a>')|raw }}
       </legend>
 
       <div class="responsivetable jsresponsive">