nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed escaping for JavaScript

Browse Source
This commit is contained in:
Sebastian Mendel
2007-03-22 17:30:09 +00:00
parent aaac3066d6
commit 2391142941
1 changed files with 33 additions and 42 deletions
Download Patch File Download Diff File Expand all files Collapse all files

75
querywindow.php
View File

@@ -259,49 +259,40 @@ if (! empty($_sql_history)
foreach ($_sql_history as $query) { foreach ($_sql_history as $query) {
echo '<li>' . "\n"; echo '<li>' . "\n";
// edit link // edit link
echo '<a href="#" onclick="' echo '<a href="#" onclick="';
.' document.getElementById(\'hiddenqueryform\').' ?>
.'querydisplay_tab.value = \'' . $tab . '\';' // <![CDATA[
.' document.getElementById(\'hiddenqueryform\').' var form = document.getElementById('hiddenqueryform');
.'query_history_latest.value = \'' form.querydisplay_tab.value = '<?php echo $tab ?>';
. preg_replace('/(\r|\n)+/i', '\\n', form.query_history_latest.value = '<?php
PMA_jsFormat($query['sqlquery'], false)) . '\';' echo preg_replace('/(\r|\n)+/i', '\\n', PMA_jsFormat($query['sqlquery'], false)) ?>';
.' document.getElementById(\'hiddenqueryform\').' form.auto_commit.value = 'false';
.'auto_commit.value = \'false\';' form.db.value = '<?php echo PMA_jsFormat($query['db'], false) ?>';
.' document.getElementById(\'hiddenqueryform\').' form.query_history_latest_db.value = '<?php echo PMA_jsFormat($query['db'], false) ?>';
.'db.value = \'' . htmlspecialchars($query['db']) . '\';' form.table.value = '<?php echo PMA_jsFormat($query['table'], false) ?>';
.' document.getElementById(\'hiddenqueryform\').' form.query_history_latest_table.value = '<?php echo PMA_jsFormat($query['table'], false) ?>';
.'query_history_latest_db.value = \'' form.submit();
. htmlspecialchars($query['db']) . '\';' return false;
.' document.getElementById(\'hiddenqueryform\').' // ]]
.'table.value = \'' . htmlspecialchars($query['table']) . '\';' <?php
.' document.getElementById(\'hiddenqueryform\').' echo '">' . $titles['Change'] . '</a>';
.'query_history_latest_table.value = \''
. htmlspecialchars($query['table']) . '\';'
.' document.getElementById(\'hiddenqueryform\').submit();'
.' return false;">' . $titles['Change'] . '</a>';
// execute link // execute link
echo '<a href="#" onclick="' echo '<a href="#" onclick="';
.' document.getElementById(\'hiddenqueryform\').' ?>
.'querydisplay_tab.value = \'' . $tab . '\';' // <![CDATA[
.' document.getElementById(\'hiddenqueryform\').' var form = document.getElementById('hiddenqueryform');
.'query_history_latest.value = \'' form.querydisplay_tab.value = '<?php echo $tab ?>';
. preg_replace('/(\r|\n)+/i', '\\r\\n', form.query_history_latest.value = '<?php
PMA_jsFormat($query['sqlquery'], false)) . '\';' echo preg_replace('/(\r|\n)+/i', '\\r\\n', PMA_jsFormat($query['sqlquery'], false)) ?>';
.' document.getElementById(\'hiddenqueryform\').' form.auto_commit.value = 'true';
.'auto_commit.value = \'true\';' form.db.value = '<?php echo PMA_jsFormat($query['db'], false) ?>';
.' document.getElementById(\'hiddenqueryform\').' form.query_history_latest_db.value = '<?php echo PMA_jsFormat($query['db'], false) ?>';
.'db.value = \'' . htmlspecialchars($query['db']) . '\';' form.table.value = '<?php echo PMA_jsFormat($query['table'], false) ?>';
.' document.getElementById(\'hiddenqueryform\').' form.query_history_latest_table.value = '<?php echo PMA_jsFormat($query['table'], false) ?>';
.'query_history_latest_db.value = \'' form.submit();
. htmlspecialchars($query['db']) . '\';' return false;
.' document.getElementById(\'hiddenqueryform\').' // ]]">
.'table.value = \'' . htmlspecialchars($query['table']) . '\';' <?php
.' document.getElementById(\'hiddenqueryform\').'
.'query_history_latest_table.value = \''
. htmlspecialchars($query['table']) . '\';'
.' document.getElementById(\'hiddenqueryform\').submit();'
.' return false;">';
if (! empty($query['db'])) { if (! empty($query['db'])) {
echo '['; echo '[';
echo htmlspecialchars(PMA_backquote($query['db'])); echo htmlspecialchars(PMA_backquote($query['db']));