Fix XSS in function.php, reported by Mateusz Goik.

I'm not sure why the name and the type the functions were not escaped
*on purpose* here. There's no more reason here than in any other place
with other PostgreSQL objects to not escape the name or the type...

diff --git a/functions.php b/functions.php
index c1099eafc96ee7078c8c6ad9f879d475a8bc4a32..a94d4b1d3a9659902eca73a7bcd02a8f3c437c22 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -773,14 +773,12 @@
                        'function' => array(
                                'title' => $lang['strfunction'],
                                'field' => field('proproto'),
-                               'type'  => 'verbatim',
                                'url'   => "redirect.php?subject=function&action=properties&{$misc->href}&",
                                'vars'  => array('function' => 'proproto', 'function_oid' => 'prooid'),
                        ),
                        'returns' => array(
                                'title' => $lang['strreturns'],
                                'field' => field('proreturns'),
-                               'type'  => 'verbatim',
                        ),
                        'owner' => array(
                                'title' => $lang['strowner'],