mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-18 04:11:27 +02:00
Code Issues Releases Wiki Activity

Use script() for <script>

Browse Source
This commit is contained in:
Jakub Vrana
2018-01-12 15:27:44 +01:00
parent 12fbfc9847
commit e645693147
21 changed files with 69 additions and 64 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
adminer/include/adminer.inc.php
View File

@@ -100,10 +100,8 @@ class Adminer {
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
<tr><th><?php echo lang('Database'); ?><td><input name="auth[db]" value="<?php echo h($_GET["db"]); ?>" autocapitalize="off">
</table>
<script>
focus(qs('#username'));
</script>
<?php
echo script("focus(qs('#username'));");
echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
}
@@ -336,7 +334,7 @@ focus(qs('#username'));
if ($index["type"] == "FULLTEXT") {
echo "(<i>" . implode("</i>, <i>", array_map('h', $index["columns"])) . "</i>) AGAINST";
echo " <input type='search' name='fulltext[$i]' value='" . h($_GET["fulltext"][$i]) . "'>";
echo "<script>qsl('input').onchange = selectFieldChange;</script>";
echo script("qsl('input').onchange = selectFieldChange;", "");
echo checkbox("boolean[$i]", 1, isset($_GET["boolean"][$i]), "BOOL");
echo "<br>\n";
}
@@ -383,7 +381,7 @@ focus(qs('#username'));
function selectLimitPrint($limit) {
echo "<fieldset><legend>" . lang('Limit') . "</legend><div>"; // <div> for easy styling
echo "<input type='number' name='limit' class='size' value='" . h($limit) . "'>";
echo "<script>qsl('input').onchange = selectFieldChange;</script>";
echo script("qsl('input').onchange = selectFieldChange;", "");
echo "</div></fieldset>\n";
}
@@ -585,7 +583,7 @@ focus(qs('#username'));
}
$history[$_GET["db"]][] = array($query, time(), $time); // not DB - $_GET["db"] is changed in database.inc.php //! respect $_GET["ns"]
return " <span class='time'>" . @date("H:i:s") . "</span>" // @ - time zone may be not set
. " <a href='#$id'>" . lang('SQL command') . "</a><script>qsl('a').onclick = partial(toggle, '$id');</script>"
. " <a href='#$id'>" . lang('SQL command') . "</a>" . script("qsl('a').onclick = partial(toggle, '$id');", "")
. "<div id='$id' class='hidden'><pre><code class='jush-$jush'>" . shorten_utf8($query, 1000) . '</code></pre>'
. ($time ? " <span class='time'>($time)</span>" : '')
. (support("sql") ? '<p><a href="' . h(str_replace("db=" . urlencode(DB), "db=" . urlencode($_GET["db"]), ME) . 'sql=&history=' . (count($history[$_GET["db"]]) - 1)) . '">' . lang('Edit') . '</a>' : '')
@@ -861,7 +859,7 @@ focus(qs('#username'));
foreach ($usernames as $username => $password) {
if ($password !== null) {
if ($first) {
echo "<p id='logins'><script>mixin(qs('#logins'), {onmouseover: menuOver, onmouseout: menuOut});</script>\n";
echo "<p id='logins'>" . script("mixin(qs('#logins'), {onmouseover: menuOver, onmouseout: menuOut});");
$first = false;
}
$dbs = $_SESSION["db"][$vendor][$server][$username];
@@ -933,7 +931,7 @@ bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info,
<p id="dbs">
<?php
hidden_fields_get();
$db_events = "<script>mixin(qsl('select'), {onmousedown: dbMouseDown, onchange: dbChange});</script>";
$db_events = script("mixin(qsl('select'), {onmousedown: dbMouseDown, onchange: dbChange});", "");
echo "<span title='" . lang('database') . "'>DB</span>: " . ($databases
? "<select name='db'>" . optionlist(array("" => "") + $databases, DB) . "</select>$db_events"
: '<input name="db" value="' . h(DB) . '" autocapitalize="off">'
@@ -960,7 +958,7 @@ bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info,
* @return null
*/
function tablesPrint($tables) {
echo "<ul id='tables'><script>mixin(qs('#tables'), {onmouseover: menuOver, onmouseout: menuOut});</script>\n";
echo "<ul id='tables'>" . script("mixin(qs('#tables'), {onmouseover: menuOver, onmouseout: menuOut});");
foreach ($tables as $table => $status) {
echo '<li><a href="' . h(ME) . 'select=' . urlencode($table) . '"' . bold($_GET["select"] == $table || $_GET["edit"] == $table, "select") . ">" . lang('select') . "</a> ";
$name = $this->tableName($status);

8
adminer/include/connect.inc.php
View File

@@ -30,13 +30,13 @@ function connect_error() {
$collations = collations();
echo "<form action='' method='post'>\n";
echo "<table cellspacing='0' class='checkable'>\n";
echo "<script>mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});</script>\n";
echo script("mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});");
echo "<thead><tr>"
. (support("database") ? "<td>&nbsp;" : "")
. "<th>" . lang('Database') . " - <a href='" . h(ME) . "refresh=1'>" . lang('Refresh') . "</a>"
. "<td>" . lang('Collation')
. "<td>" . lang('Tables')
. "<td>" . lang('Size') . " - <a href='" . h(ME) . "dbsize=1'>" . lang('Compute') . "</a><script>qsl('a').onclick = partial(ajaxSetHtml, '" . js_escape(ME) . "script=connect');</script>"
. "<td>" . lang('Size') . " - <a href='" . h(ME) . "dbsize=1'>" . lang('Compute') . "</a>" . script("qsl('a').onclick = partial(ajaxSetHtml, '" . js_escape(ME) . "script=connect');", "")
. "</thead>\n"
;
@@ -57,12 +57,12 @@ function connect_error() {
echo "</table>\n";
echo (support("database")
? "<fieldset><legend>" . lang('Selected') . " <span id='selected'></span></legend><div>\n"
. "<input type='hidden' name='all' value=''><script>qsl('input').onclick = function () { selectCount('selected', formChecked(this, /^db/)); };</script>\n" // used by trCheck()
. "<input type='hidden' name='all' value=''>" . script("qsl('input').onclick = function () { selectCount('selected', formChecked(this, /^db/)); };") // used by trCheck()
. "<input type='submit' name='drop' value='" . lang('Drop') . "'>" . confirm() . "\n"
. "</div></fieldset>\n"
: ""
);
echo "<script>tableCheck();</script>\n";
echo script("tableCheck();");
echo "<input type='hidden' name='token' value='$token'>\n";
echo "</form>\n";
}

2
adminer/include/design.inc.php
View File

@@ -151,6 +151,6 @@ function page_footer($missing = "") {
<div id="menu">
<?php $adminer->navigation($missing); ?>
</div>
<script>setupSubmitHighlight(document);</script>
<?php
echo script("setupSubmitHighlight(document);");
}

2
adminer/include/editing.inc.php
View File

@@ -253,7 +253,7 @@ function edit_fields($fields, $collations, $type = "TABLE", $foreign_keys = arra
<td id="label-default"><?php echo lang('Default value'); ?>
<?php echo (support("comment") ? "<td id='label-comment'" . ($comments ? "" : " class='hidden'") . ">" . lang('Comment') : ""); ?>
<?php } ?>
<td><?php echo "<input type='image' class='icon' name='add[" . (support("move_col") ? 0 : count($fields)) . "]' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'>"; ?><script>row_count = <?php echo count($fields); ?>;</script>
<td><?php echo "<input type='image' class='icon' name='add[" . (support("move_col") ? 0 : count($fields)) . "]' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'>" . script("row_count = " . count($fields) . ";"); ?>
</thead>
<tbody onkeydown="return editingKeydown(event);">
<?php

26
adminer/include/functions.inc.php
View File

@@ -81,6 +81,15 @@ function charset($connection) {
return (version_compare($connection->server_info, "5.5.3") >= 0 ? "utf8mb4" : "utf8"); // SHOW CHARSET would require an extra query
}
/** Return <script> element
* @param string
* @param string
* @return string
*/
function script($source, $trailing = "\n") {
return "<script>$source</script>$newline";
}
/** Escape for HTML
* @param string
* @return string
@@ -120,7 +129,7 @@ function checkbox($name, $value, $checked, $label = "", $onclick = "", $class =
. ($checked ? " checked" : "")
. ($labelled_by ? " aria-labelledby='$labelled_by'" : "")
. ">"
. ($onclick ? "<script>qsl('input').onclick = function () { $onclick };</script>" : "")
. ($onclick ? script("qsl('input').onclick = function () { $onclick };", "") : "")
;
return ($label != "" || $class ? "<label" . ($class ? " class='$class'" : "") . ">$return" . h($label) . "</label>" : $return);
}
@@ -162,7 +171,7 @@ function html_select($name, $options, $value = "", $onchange = true, $labelled_b
return "<select name='" . h($name) . "'"
. ($labelled_by ? " aria-labelledby='$labelled_by'" : "")
. ">" . optionlist($options, $value) . "</select>"
. (is_string($onchange) ? "<script>qsl('select').onchange = function () { $onchange };</script>" : "")
. (is_string($onchange) ? script("qsl('select').onchange = function () { $onchange };", "") : "")
;
}
$return = "";
@@ -185,7 +194,7 @@ function select_input($attrs, $options, $value = "", $onchange = "", $placeholde
return "<$tag$attrs" . ($options
? "><option value=''>$placeholder" . optionlist($options, $value, true) . "</select>"
: " size='10' value='" . h($value) . "' placeholder='$placeholder'>"
) . ($onchange ? "<script>qsl('$tag').onchange = $onchange;</script>" : "");
) . ($onchange ? script("qsl('$tag').onchange = $onchange;", "") : "");
}
/** Get onclick confirmation
@@ -193,7 +202,7 @@ function select_input($attrs, $options, $value = "", $onchange = "", $placeholde
* @return string
*/
function confirm($selector = "qsl('input')") {
return "<script>$selector.onclick = function () { return confirm('" . lang('Are you sure?') . "'); };</script>";
return script("$selector.onclick = function () { return confirm('" . lang('Are you sure?') . "'); };", "");
}
/** Print header for hidden fieldset (close by </div></fieldset>)
@@ -205,7 +214,7 @@ function confirm($selector = "qsl('input')") {
function print_fieldset($id, $legend, $visible = false) {
echo "<fieldset><legend>";
echo "<a href='#fieldset-$id'>$legend</a>";
echo "<script>qsl('a').onclick = partial(toggle, 'fieldset-$id');</script>";
echo script("qsl('a').onclick = partial(toggle, 'fieldset-$id');", "");
echo "</legend>";
echo "<div id='fieldset-$id'" . ($visible ? "" : " class='hidden'") . ">\n";
}
@@ -885,7 +894,8 @@ function input($field, $value, $function) {
$attrs .= $onchange;
$has_function = (in_array($function, $functions) || isset($functions[$function]));
echo (count($functions) > 1
? "<select name='function[$name]'" . on_help("getTarget(event).value.replace(/^SQL\$/, '')", 1) . ">" . optionlist($functions, $function === null || $has_function ? $function : "") . "</select><script>qsl('select').onchange = functionChange;</script>"
? "<select name='function[$name]'" . on_help("getTarget(event).value.replace(/^SQL\$/, '')", 1) . ">" . optionlist($functions, $function === null || $has_function ? $function : "") . "</select>"
. script("qsl('select').onchange = functionChange;", "")
: nbsp(reset($functions))
) . '<td>';
$input = $adminer->editInput($_GET["edit"], $field, $attrs, $value); // usage in call is without a table
@@ -1236,7 +1246,7 @@ var timeout = setTimeout(function () {
flush();
$return = @get_key_vals($query, $connection2, $timeout); // @ - may be killed
if ($connection2) {
echo "<script>clearTimeout(timeout);</script>\n";
echo script("clearTimeout(timeout);");
ob_flush();
flush();
}
@@ -1390,7 +1400,7 @@ function edit_form($TABLE, $fields, $row, $update) {
}
}
echo ($update ? "<input type='submit' name='delete' value='" . lang('Delete') . "'>" . confirm() . "\n"
: ($_POST || !$fields ? "" : "<script>focus(qsa('td', qs('#form'))[1].firstChild);</script>\n")
: ($_POST || !$fields ? "" : script("focus(qsa('td', qs('#form'))[1].firstChild);"))
);
if (isset($_GET["select"])) {
hidden_fields(array("check" => (array) $_POST["check"], "clone" => $_POST["clone"], "all" => $_POST["all"]));