mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-09 08:06:59 +02:00
Code Issues Releases Wiki Activity

Escape JavaScript strings (bug #3093243)

Browse Source
This commit is contained in:
Jakub Vrana
2010-10-22 23:07:30 +02:00
parent 7d601c07fc
commit 28f21aaa6c
5 changed files with 16 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
adminer/script.inc.php
View File

@@ -7,11 +7,11 @@ if ($_GET["token"] != $token) { // CSRF protection
if ($_GET["script"] == "db") {
$sums = array("Data_length" => 0, "Index_length" => 0, "Data_free" => 0);
foreach (table_status() as $row) {
$id = addcslashes($row["Name"], "\\'/");
echo "setHtml('Comment-$id', '" . addcslashes(nbsp($row["Comment"]), "'\\") . "');\n";
$id = js_escape($row["Name"]);
echo "setHtml('Comment-$id', '" . js_escape(nbsp($row["Comment"])) . "');\n";
if (!is_view($row)) {
foreach (array("Engine", "Collation") as $key) {
echo "setHtml('$key-$id', '" . addcslashes(nbsp($row[$key]), "'\\") . "');\n";
echo "setHtml('$key-$id', '" . js_escape(nbsp($row[$key])) . "');\n";
}
foreach ($sums + array("Auto_increment" => 0, "Rows" => 0) as $key => $val) {
if ($row[$key] != "") {
@@ -31,7 +31,7 @@ if ($_GET["script"] == "db") {
}
} else { // connect
foreach (count_tables(get_databases()) as $db => $val) {
echo "setHtml('tables-" . addcslashes($db, "\\'/") . "', '$val');\n";
echo "setHtml('tables-" . js_escape($db) . "', '$val');\n";
}
}