Avoid double escaping in second page title

adminer/create.inc.php

@@ -108,7 +108,7 @@ if ($_POST && !process_fields($row["fields"]) && !$error) {
 	}
 }
 
-page_header(($TABLE != "" ? lang('Alter table') : lang('Create table')), $error, array("table" => $TABLE), $TABLE);
+page_header(($TABLE != "" ? lang('Alter table') : lang('Create table')), $error, array("table" => $TABLE), h($TABLE));
 
 if (!$_POST) {
 	$row = array(

adminer/database.inc.php

@@ -35,7 +35,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
 	}
 }
 
-page_header(DB != "" ? lang('Alter database') : lang('Create database'), $error, array(), DB);
+page_header(DB != "" ? lang('Alter database') : lang('Create database'), $error, array(), h(DB));
 
 $collations = collations();
 $name = DB;

adminer/dump.inc.php

@@ -117,7 +117,7 @@ SET sql_mode = 'NO_AUTO_VALUE_ON_ZERO';
 	exit;
 }
 
-page_header(lang('Export'), $error, ($_GET["export"] != "" ? array("table" => $_GET["export"]) : array()), DB);
+page_header(lang('Export'), $error, ($_GET["export"] != "" ? array("table" => $_GET["export"]) : array()), h(DB));
 ?>
 
 <form action="" method="post">

adminer/edit.inc.php

@@ -65,7 +65,7 @@ page_header(
 	($update ? lang('Edit') : lang('Insert')),
 	$error,
 	array("select" => array($TABLE, $table_name)),
-	$table_name //! two calls of h()
+	$table_name
 );
 
 $row = null;

adminer/foreign.inc.php

@@ -24,7 +24,7 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["change"] && !$_POST["change-
 	}
 }
 
-page_header(lang('Foreign key'), $error, array("table" => $TABLE), $TABLE);
+page_header(lang('Foreign key'), $error, array("table" => $TABLE), h($TABLE));
 
 if ($_POST) {
 	ksort($row["source"]);

adminer/include/design.inc.php

@@ -2,14 +2,14 @@
 /** Print HTML header
 * @param string used in title, breadcrumb and heading, should be HTML escaped
 * @param string
-* @param mixed array("key" => "link=desc", "key2" => array("link", "desc")), null for nothing, false for driver only, true for driver and server
-* @param string used after colon in title and heading, will be HTML escaped
+* @param mixed array("key" => "link", "key2" => array("link", "desc")), null for nothing, false for driver only, true for driver and server
+* @param string used after colon in title and heading, should be HTML escaped
 * @return null
 */
 function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
 	global $LANG, $adminer, $connection, $drivers;
 	page_headers();
-	$title_all = $title . ($title2 != "" ? ": " . h($title2) : "");
+	$title_all = $title . ($title2 != "" ? ": $title2" : "");
 	$title_page = strip_tags($title_all . (SERVER != "" && SERVER != "localhost" ? h(" - " . SERVER) : "") . " - " . $adminer->name());
 	?>
 <!DOCTYPE html>

adminer/indexes.inc.php

@@ -64,7 +64,7 @@ if ($_POST && !$error && !$_POST["add"]) {
 	queries_redirect(ME . "table=" . urlencode($TABLE), lang('Indexes have been altered.'), alter_indexes($TABLE, $alter));
 }
 
-page_header(lang('Indexes'), $error, array("table" => $TABLE), $TABLE);
+page_header(lang('Indexes'), $error, array("table" => $TABLE), h($TABLE));
 
 $fields = array_keys(fields($TABLE));
 if ($_POST["add"]) {

adminer/schema.inc.php

@@ -1,5 +1,5 @@
 <?php
-page_header(lang('Database schema'), "", array(), DB . ($_GET["ns"] ? ".$_GET[ns]" : ""));
+page_header(lang('Database schema'), "", array(), h(DB . ($_GET["ns"] ? ".$_GET[ns]" : "")));
 
 $table_pos = array();
 $table_pos_js = array();

adminer/view.inc.php

@@ -36,7 +36,7 @@ if (!$_POST && $TABLE != "") {
 	}
 }
 
-page_header(($TABLE != "" ? lang('Alter view') : lang('Create view')), $error, array("table" => $TABLE), $TABLE);
+page_header(($TABLE != "" ? lang('Alter view') : lang('Create view')), $error, array("table" => $TABLE), h($TABLE));
 ?>
 
 <form action="" method="post">