mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-08 15:47:00 +02:00
Code Issues Releases Wiki Activity

Escape JavaScript strings (bug #3093243)

Browse Source
This commit is contained in:
Jakub Vrana
2010-10-22 23:07:30 +02:00
parent 7d601c07fc
commit 28f21aaa6c
5 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
adminer/include/functions.inc.php
View File

@@ -143,6 +143,14 @@ function confirm($count = "") {
return " onclick=\"return confirm('" . lang('Are you sure?') . ($count ? " (' + $count + ')" : "") . "');\"";
}
/** Escape string for JavaScript apostrophes
* @param string
* @return string
*/
function js_escape($string) {
return addcslashes($string, "\r\n'\\/"); // slash for <script>
}
/** Get INI boolean value
* @param string
* @return bool
@@ -591,7 +599,7 @@ function input($field, $value, $function) {
}
$first++;
}
$onchange = ($first ? " onchange=\"var f = this.form['function[" . addcslashes($name, "\r\n'\\") . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
$onchange = ($first ? " onchange=\"var f = this.form['function[" . js_escape($name) . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
$attrs .= $onchange;
echo (count($functions) > 1 ? html_select("function[$name]", $functions, !isset($function) || in_array($function, $functions) || isset($functions[$function]) ? $function : "") : nbsp(reset($functions))) . '<td>';
$input = $adminer->editInput($_GET["edit"], $field, $attrs, $value); // usage in call is without a table