mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-16 11:34:10 +02:00
Code Issues Releases Wiki Activity

Shortcut for htmlspecialchars

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@936 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2009-07-28 16:20:50 +00:00
parent 9fc052b77f
commit 689699aa17
28 changed files with 171 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
editor/example.php
View File

@@ -25,12 +25,12 @@ function adminer_object() {
function tableName($tableStatus) {
// tables without comments would return empty string and will be ignored by Adminer
return htmlspecialchars($tableStatus["Comment"]);
return h($tableStatus["Comment"]);
}
function fieldName($field, $order = 0) {
// only first five columns with comments will be displayed
return ($order < 5 ? htmlspecialchars($field["comment"]) : "");
return ($order < 5 ? h($field["comment"]) : "");
}
}

16
editor/include/adminer.inc.php
View File

@@ -17,7 +17,7 @@ class Adminer {
function loginForm($username) {
?>
<table cellspacing="0">
<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="server" value="" /><input name="username" value="<?php echo htmlspecialchars($username); ?>">
<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="server" value="" /><input name="username" value="<?php echo h($username); ?>">
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
</table>
<?php
@@ -29,11 +29,11 @@ class Adminer {
function tableName($tableStatus) {
table_comment($tableStatus);
return htmlspecialchars(strlen($tableStatus["Comment"]) ? $tableStatus["Comment"] : $tableStatus["Name"]);
return h(strlen($tableStatus["Comment"]) ? $tableStatus["Comment"] : $tableStatus["Name"]);
}
function fieldName($field, $order = 0) {
return htmlspecialchars(strlen($field["comment"]) ? $field["comment"] : $field["field"]);
return h(strlen($field["comment"]) ? $field["comment"] : $field["field"]);
}
function selectLinks($tableStatus) {
@@ -116,7 +116,7 @@ ORDER BY ORDINAL_POSITION"); //! requires MySQL 5
}
}
if ($field["full_type"] == "tinyint(1)" && $return != "&nbsp;") { // bool
$return = '<img src="' . ($val ? "../adminer/plus.gif" : "../adminer/cross.gif") . '" alt="' . htmlspecialchars($val) . '">';
$return = '<img src="' . ($val ? "../adminer/plus.gif" : "../adminer/cross.gif") . '" alt="' . h($val) . '">';
}
return ($link ? "<a href=\"$link\">$return</a>" : $return);
}
@@ -139,7 +139,7 @@ ORDER BY ORDINAL_POSITION"); //! requires MySQL 5
foreach ((array) $_GET["where"] as $val) {
if (strlen("$val[col]$val[val]")) {
echo "<div><select name='where[$i][col]'><option value=''>" . lang('(anywhere)') . optionlist($columns, $val["col"], true) . "</select>";
echo "<input name='where[$i][val]' value=\"" . htmlspecialchars($val["val"]) . "\"></div>\n";
echo "<input name='where[$i][val]' value='" . h($val["val"]) . "'></div>\n";
$i++;
}
}
@@ -189,7 +189,7 @@ ORDER BY ORDINAL_POSITION"); //! requires MySQL 5
echo "<p>" . lang('From') . ": <input name='email_from'>\n";
echo lang('Subject') . ": <input name='email_subject'>\n";
echo "<p><textarea name='email_message' rows='15' cols='60'></textarea>\n";
echo "<p>" . (count($emailFields) == 1 ? '<input type="hidden" name="email_field" value="' . htmlspecialchars(key($emailFields)) . '">' : '<select name="email_field">' . optionlist($emailFields) . '</select> ');
echo "<p>" . (count($emailFields) == 1 ? '<input type="hidden" name="email_field" value="' . h(key($emailFields)) . '">' : '<select name="email_field">' . optionlist($emailFields) . '</select> ');
echo "<input type='submit' name='email' value='" . lang('Send') . "'$confirm>\n";
echo "</div></fieldset>\n";
}
@@ -310,7 +310,7 @@ ORDER BY ORDINAL_POSITION"); //! requires MySQL 5
}
}
if ($field["full_type"] == "tinyint(1)") { // bool
return '<input type="checkbox" value="' . htmlspecialchars($value ? $value : 1) . '"' . ($value ? ' checked="checked"' : '') . "$attrs>";
return '<input type="checkbox" value="' . h($value ? $value : 1) . '"' . ($value ? ' checked="checked"' : '') . "$attrs>";
}
return '';
}
@@ -346,7 +346,7 @@ ORDER BY ORDINAL_POSITION"); //! requires MySQL 5
foreach ($table_status as $row) {
$name = $this->tableName($row);
if (isset($row["Engine"]) && strlen($name)) { // ignore views and tables without name
echo '<a href="' . htmlspecialchars($SELF) . 'select=' . urlencode($row["Name"]) . "\">$name</a><br>\n";
echo "<a href='" . h($SELF) . 'select=' . urlencode($row["Name"]) . "'>$name</a><br>\n";
}
}
}