Add helper for <input type=hidden>

adminer/foreign.inc.php

@@ -85,8 +85,8 @@ if (support("scheme")) {
 	}
 	echo lang('DB') . ": " . html_select("db", $dbs, $row["db"] != "" ? $row["db"] : $_GET["db"], $onchange);
 }
+echo input_hidden("change-js");
 ?>
-<input type="hidden" name="change-js" value="">
 <noscript><p><input type="submit" name="change" value="<?php echo lang('Change'); ?>"></noscript>
 <table>
 <thead><tr><th id="label-source"><?php echo lang('Source'); ?><th id="label-target"><?php echo lang('Target'); ?></thead>

adminer/include/adminer.inc.php

@@ -1097,7 +1097,7 @@ class Adminer {
 		}
 		foreach (array("import", "sql", "schema", "dump", "privileges") as $val) {
 			if (isset($_GET[$val])) {
-				echo "<input type='hidden' name='$val' value=''>";
+				echo input_hidden($val);
 				break;
 			}
 		}

adminer/include/connect.inc.php

@@ -78,7 +78,7 @@ if (
 			echo (support("database")
 				? "<div class='footer'><div>\n"
 					. "<fieldset><legend>" . lang('Selected') . " <span id='selected'></span></legend><div>\n"
-					. "<input type='hidden' name='all' value=''>" . script("qsl('input').onclick = function () { selectCount('selected', formChecked(this, /^db/)); };") // used by trCheck()
+					. input_hidden("all") . script("qsl('input').onclick = function () { selectCount('selected', formChecked(this, /^db/)); };") // used by trCheck()
 					. "<input type='submit' name='drop' value='" . lang('Drop') . "'>" . confirm() . "\n"
 					. "</div></fieldset>\n"
 					. "</div></div>\n"

adminer/include/editing.inc.php

@@ -357,7 +357,7 @@ function edit_fields($fields, $collations, $type = "TABLE", $foreign_keys = arra
 		if ($display) {
 			echo "<input name='fields[$i][field]' value='" . h($field["field"]) . "' data-maxlength='64' autocapitalize='off' aria-labelledby='label-name'>\n";
 		}
-		echo "<input type='hidden' name='fields[$i][orig]' value='" . h($orig) . "'>";
+		echo input_hidden("fields[$i][orig]", $orig);
 		edit_type("fields[$i]", $field, $collations, $foreign_keys);
 		if ($type == "TABLE") {
 			echo "<td>" . checkbox("fields[$i][null]", 1, $field["null"], "", "", "block", "label-null");

adminer/include/html.inc.php

@@ -25,13 +25,22 @@ function nonce() {
 	return ' nonce="' . get_nonce() . '"';
 }
 
+/** Get <input type="hidden">
+* @param string
+* @param string
+* @return string HTML
+*/
+function input_hidden($name, $value = "") {
+	return "<input type='hidden' name='" . h($name) . "' value='" . h($value) . "'>\n";
+}
+
 /** Get <input type="hidden" name="token">
 * @param string token to use instead of global $token
 * @return string HTML
 */
 function input_token($special = "") {
 	global $token;
-	return "<input type='hidden' name='token' value='" . ($special ?: $token) . "'>\n";
+	return input_hidden("token", ($special ?: $token));
 }
 
 /** Get a target="_blank" attribute
@@ -201,7 +210,7 @@ function hidden_fields($process, $ignore = array(), $prefix = '') {
 				hidden_fields($val, array(), $key);
 			} else {
 				$return = true;
-				echo '<input type="hidden" name="' . h($prefix ? $prefix . "[$key]" : $key) . '" value="' . h($val) . '">';
+				echo input_hidden(($prefix ? $prefix . "[$key]" : $key), $val);
 			}
 		}
 	}
@@ -212,9 +221,9 @@ function hidden_fields($process, $ignore = array(), $prefix = '') {
 * @return null
 */
 function hidden_fields_get() {
-	echo (sid() ? '<input type="hidden" name="' . session_name() . '" value="' . h(session_id()) . '">' : '');
-	echo (SERVER !== null ? '<input type="hidden" name="' . DRIVER . '" value="' . h(SERVER) . '">' : "");
-	echo '<input type="hidden" name="username" value="' . h($_GET["username"]) . '">';
+	echo (sid() ? input_hidden(session_name(), session_id()) : '');
+	echo (SERVER !== null ? input_hidden(DRIVER, SERVER) : "");
+	echo input_hidden("username", $_GET["username"]);
 }
 
 /** Print enum input field
@@ -520,8 +529,8 @@ function edit_form($table, $fields, $row, $update) {
 	if (isset($_GET["select"])) {
 		hidden_fields(array("check" => (array) $_POST["check"], "clone" => $_POST["clone"], "all" => $_POST["all"]));
 	}
-	echo "<input type='hidden' name='referer' value='" . h(isset($_POST["referer"]) ? $_POST["referer"] : $_SERVER["HTTP_REFERER"]) . "'>\n";
-	echo "<input type='hidden' name='save' value='1'>\n";
+	echo input_hidden("referer", (isset($_POST["referer"]) ? $_POST["referer"] : $_SERVER["HTTP_REFERER"]));
+	echo input_hidden("save", 1);
 	echo input_token();
 	echo "</form>\n";
 }

adminer/privileges.inc.php

@@ -14,8 +14,8 @@ if (!$result) {
 
 echo "<form action=''><p>\n";
 hidden_fields_get();
-echo "<input type='hidden' name='db' value='" . h(DB) . "'>\n";
-echo ($grant ? "" : "<input type='hidden' name='grant' value=''>\n");
+echo input_hidden("db", DB);
+echo ($grant ? "" : input_hidden("grant"));
 echo "<table class='odds'>\n";
 echo "<thead><tr><th>" . lang('Username') . "<th>" . lang('Server') . "<th></thead>\n";
 

adminer/select.inc.php

@@ -258,8 +258,8 @@ if (!$columns && support("table")) {
 	echo "<form action='' id='form'>\n";
 	echo "<div style='display: none;'>";
 	hidden_fields_get();
-	echo (DB != "" ? '<input type="hidden" name="db" value="' . h(DB) . '">' . (isset($_GET["ns"]) ? '<input type="hidden" name="ns" value="' . h($_GET["ns"]) . '">' : "") : ""); // not used in Editor
-	echo '<input type="hidden" name="select" value="' . h($TABLE) . '">';
+	echo (DB != "" ? input_hidden("db", DB) . (isset($_GET["ns"]) ? input_hidden("ns", $_GET["ns"]) : "") : ""); // not used in Editor
+	echo input_hidden("select", $TABLE);
 	echo "</div>\n";
 	$adminer->selectColumnsPrint($select, $columns);
 	$adminer->selectSearchPrint($where, $search_columns, $indexes);

adminer/sql.inc.php

@@ -168,8 +168,8 @@ if (!$error && $_POST) {
 											echo ", <a href='#$id'>" . lang('Export') . "</a>" . script("qsl('a').onclick = partial(toggle, '$id');", "") . "<span id='$id' class='hidden'>: "
 												. html_select("output", $adminer->dumpOutput(), $adminer_export["output"]) . " "
 												. html_select("format", $dump_format, $adminer_export["format"])
-												. "<input type='hidden' name='query' value='" . h($q) . "'>"
-												. " <input type='submit' name='export' value='" . lang('Export') . "'>" . input_token() . "</span>\n"
+												. input_hidden("query", $q)
+												. "<input type='submit' name='export' value='" . lang('Export') . "'>" . input_token() . "</span>\n"
 												. "</form>\n"
 											;
 										}

adminer/user.inc.php

@@ -150,7 +150,7 @@ $i = 0;
 foreach ($grants as $object => $grant) {
 	echo '<th>' . ($object != "*.*"
 		? "<input name='objects[$i]' value='" . h($object) . "' size='10' autocapitalize='off'>"
-		: "<input type='hidden' name='objects[$i]' value='*.*' size='10'>*.*"
+		: input_hidden("objects[$i]", "*.*") . "*.*"
 	); //! separate db, table, columns, PROCEDURE|FUNCTION, routine
 	$i++;
 }

compile.php

@@ -307,7 +307,7 @@ if ($vendor) {
 		}
 	}
 	if ($project != "editor" && count($drivers) == 1) {
-		$file = str_replace('html_select("auth[driver]", $drivers, DRIVER, "loginDriver(this);")', "\"<input type='hidden' name='auth[driver]' value='" . ($vendor == "mysql" ? "server" : $vendor) . "'>" . reset($drivers) . "\"", $file, $count);
+		$file = str_replace('html_select("auth[driver]", $drivers, DRIVER, "loginDriver(this);")', 'input_hidden("auth[driver]", "' . ($vendor == "mysql" ? "server" : $vendor) . '") . "' . reset($drivers) . '"', $file, $count);
 		if (!$count) {
 			echo "auth[driver] form field not found\n";
 		}

editor/include/adminer.inc.php

@@ -76,7 +76,7 @@ class Adminer {
 
 	function loginForm() {
 		echo "<table class='layout'>\n";
-		echo $this->loginFormField('username', '<tr><th>' . lang('Username') . '<td>', '<input type="hidden" name="auth[driver]" value="server"><input name="auth[username]" autofocus value="' . h($_GET["username"]) . '" autocomplete="username" autocapitalize="off">');
+		echo $this->loginFormField('username', '<tr><th>' . lang('Username') . '<td>', input_hidden("auth[driver]", "server") . '<input name="auth[username]" autofocus value="' . h($_GET["username"]) . '" autocomplete="username" autocapitalize="off">');
 		echo $this->loginFormField('password', '<tr><th>' . lang('Password') . '<td>', '<input type="password" name="auth[password]" autocomplete="current-password">');
 		echo "</table>\n";
 		echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
@@ -245,7 +245,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row
 			if (preg_match("~enum~", $field["type"]) || like_bool($field)) { //! set - uses 1 << $i and FIND_IN_SET()
 				$key = $keys[$name];
 				$i--;
-				echo "<div>" . h($desc) . "<input type='hidden' name='where[$i][col]' value='" . h($name) . "'>:";
+				echo "<div>" . h($desc) . input_hidden("where[$i][col]", $name) . ":";
 				echo (like_bool($field)
 					? " <select name='where[$i][val]'>" . optionlist(array("" => "", lang('no'), lang('yes')), $where[$key]["val"], true) . "</select>"
 					: enum_input("checkbox", " name='where[$i][val][]'", $field, (array) $where[$key]["val"], ($field["null"] ? 0 : null))
@@ -258,7 +258,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row
 				}
 				$key = $keys[$name];
 				$i--;
-				echo "<div>" . h($desc) . "<input type='hidden' name='where[$i][col]' value='" . h($name) . "'><input type='hidden' name='where[$i][op]' value='='>: <select name='where[$i][val]'>" . optionlist($options, $where[$key]["val"], true) . "</select></div>\n";
+				echo "<div>" . h($desc) . input_hidden("where[$i][col]", $name) . input_hidden("where[$i][op]", "=") . ": <select name='where[$i][val]'>" . optionlist($options, $where[$key]["val"], true) . "</select></div>\n";
 				unset($columns[$name]);
 			}
 		}
@@ -337,7 +337,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row
 			echo "<p><textarea name='email_message' rows='15' cols='75'>" . h($_POST["email_message"] . ($_POST["email_append"] ? '{$' . "$_POST[email_addition]}" : "")) . "</textarea>\n";
 			echo "<p>" . script("qsl('p').onkeydown = partialArg(bodyKeydown, 'email_append');", "") . html_select("email_addition", $columns, $_POST["email_addition"]) . "<input type='submit' name='email_append' value='" . lang('Insert') . "'>\n"; //! JavaScript
 			echo "<p>" . lang('Attachments') . ": <input type='file' name='email_files[]'>" . script("qsl('input').onchange = emailFileChange;");
-			echo "<p>" . (count($emailFields) == 1 ? '<input type="hidden" name="email_field" value="' . h(key($emailFields)) . '">' : html_select("email_field", $emailFields));
+			echo "<p>" . (count($emailFields) == 1 ? input_hidden("email_field", key($emailFields)) : html_select("email_field", $emailFields));
 			echo "<input type='submit' name='email' value='" . lang('Send') . "'>" . confirm();
 			echo "</div>\n";
 			echo "</div></fieldset>\n";

plugins/designs.php

@@ -35,7 +35,7 @@ class AdminerDesigns {
 	function navigation($missing) {
 		echo "<form action='' method='post' style='position: fixed; bottom: .5em; right: .5em;'>";
 		echo Adminer\html_select("design", array("" => "(design)") + $this->designs, $_SESSION["design"], "this.form.submit();");
-		echo '<input type="hidden" name="token" value="' . Adminer\get_token() . '">';
+		echo Adminer\input_token();
 		echo "</form>\n";
 	}
 }

plugins/email-table.php

@@ -38,7 +38,7 @@ class AdminerEmailTable {
 	el.value = '';
 	this.parentNode.appendChild(el);
 };");
-			echo "<p>" . (count($emailFields) == 1 ? '<input type="hidden" name="email_field" value="' . Adminer\h(key($emailFields)) . '">' : Adminer\html_select("email_field", $emailFields));
+			echo "<p>" . (count($emailFields) == 1 ? Adminer\input_hidden("email_field", key($emailFields)) : Adminer\html_select("email_field", $emailFields));
 			echo "<input type='submit' name='email' value='" . ('Send') . "'>" . Adminer\confirm();
 			echo "</div>\n";
 			echo "</div></fieldset>\n";