From a4bc939599a2b231eff3daabaea839e110f4d394 Mon Sep 17 00:00:00 2001
From: AlexanderDCrane <40072887+AlexanderDCrane@users.noreply.github.com>
Date: Mon, 27 Aug 2018 20:31:38 -0600
Subject: [PATCH] Update databases.php (#3315)

---
 core/databases/databases.php | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/core/databases/databases.php b/core/databases/databases.php
index 71ee35c79f..699d9e31c3 100644
--- a/core/databases/databases.php
+++ b/core/databases/databases.php
@@ -117,17 +117,17 @@ else {
 		foreach($result as $row) {
 			$tr_link = "href='database_edit.php?id=".$row['database_uuid']."'";
 			echo "<tr ".$tr_link.">\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['database_driver']."&nbsp;</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['database_type']."&nbsp;</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'>".$row['database_host']."&nbsp;</td>\n";
-			//echo "	<td valign='top' class='".$row_style[$c]."'>".$row['database_port']."&nbsp;</td>\n";
-			echo "	<td valign='top' class='".$row_style[$c]."'><a href='database_edit.php?id=".$row['database_uuid']."'>".$row['database_name']."</a>&nbsp;</td>\n";
-			//echo "	<td valign='top' class='".$row_style[$c]."'>".$row['database_username']."&nbsp;</td>\n";
-			//echo "	<td valign='top' class='".$row_style[$c]."'>".$row['database_path']."&nbsp;</td>\n";
-			echo "	<td valign='top' class='row_stylebg'>".$row['database_description']."&nbsp;</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['database_driver'])."&nbsp;</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['database_type'])."&nbsp;</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['database_host'])."&nbsp;</td>\n";
+			//echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['database_port'])."&nbsp;</td>\n";
+			echo "	<td valign='top' class='".$row_style[$c]."'><a href='database_edit.php?id=".$row['database_uuid']."'>".escape($row['database_name'])."</a>&nbsp;</td>\n";
+			//echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['database_username'])."&nbsp;</td>\n";
+			//echo "	<td valign='top' class='".$row_style[$c]."'>".escape($row['database_path'])."&nbsp;</td>\n";
+			echo "	<td valign='top' class='row_stylebg'>".escape($row['database_description'])."&nbsp;</td>\n";
 			echo "	<td class='list_control_icons'>";
-			echo 		"<a href='database_edit.php?id=".$row['database_uuid']."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
-			echo 		"<a href='database_delete.php?id=".$row['database_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
+			echo 		"<a href='database_edit.php?id=".escape($row['database_uuid'])."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
+			echo 		"<a href='database_delete.php?id=".escape($row['database_uuid'])."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">$v_link_label_delete</a>";
 			echo "	</td>\n";
 			echo "</tr>\n";
 			if ($c==0) { $c=1; } else { $c=0; }
@@ -154,4 +154,4 @@ else {
 
 //include the footer
 	require_once "resources/footer.php";
-?>
\ No newline at end of file
+?>