nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

do not URL-encode form values

Browse Source
This commit is contained in:
Sebastian Mendel
2007-05-15 09:09:54 +00:00
parent 6cab26e3d1
commit 4b368f8b42
1 changed files with 12 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
libraries/display_tbl.lib.php
View File

@@ -224,7 +224,7 @@ function PMA_setDisplayMode(&$the_disp_mode, &$the_total)
* *
* @see PMA_displayTable() * @see PMA_displayTable()
*/ */
function PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_query) function PMA_displayTableNavigation($pos_next, $pos_prev, $sql_query)
{ {
global $db, $table, $goto, $dontlimitchars; global $db, $table, $goto, $dontlimitchars;
global $num_rows, $unlim_num_rows, $pos, $session_max_rows; global $num_rows, $unlim_num_rows, $pos, $session_max_rows;
@@ -232,6 +232,8 @@ function PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_query)
global $is_innodb; global $is_innodb;
global $showtable; global $showtable;
$html_sql_query = htmlentities($sql_query);
/** /**
* @todo move this to a central place * @todo move this to a central place
* @todo for other future table types * @todo for other future table types
@@ -262,7 +264,7 @@ function PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_query)
<td> <td>
<form action="sql.php" method="post"> <form action="sql.php" method="post">
<?php echo PMA_generate_common_hidden_inputs($db, $table); ?> <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
<input type="hidden" name="sql_query" value="<?php echo $encoded_query; ?>" /> <input type="hidden" name="sql_query" value="<?php echo $html_sql_query; ?>" />
<input type="hidden" name="pos" value="0" /> <input type="hidden" name="pos" value="0" />
<input type="hidden" name="session_max_rows" value="<?php echo $session_max_rows; ?>" /> <input type="hidden" name="session_max_rows" value="<?php echo $session_max_rows; ?>" />
<input type="hidden" name="disp_direction" value="<?php echo $disp_direction; ?>" /> <input type="hidden" name="disp_direction" value="<?php echo $disp_direction; ?>" />
@@ -275,7 +277,7 @@ function PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_query)
<td> <td>
<form action="sql.php" method="post"> <form action="sql.php" method="post">
<?php echo PMA_generate_common_hidden_inputs($db, $table); ?> <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
<input type="hidden" name="sql_query" value="<?php echo $encoded_query; ?>" /> <input type="hidden" name="sql_query" value="<?php echo $html_sql_query; ?>" />
<input type="hidden" name="pos" value="<?php echo $pos_prev; ?>" /> <input type="hidden" name="pos" value="<?php echo $pos_prev; ?>" />
<input type="hidden" name="session_max_rows" value="<?php echo $session_max_rows; ?>" /> <input type="hidden" name="session_max_rows" value="<?php echo $session_max_rows; ?>" />
<input type="hidden" name="disp_direction" value="<?php echo $disp_direction; ?>" /> <input type="hidden" name="disp_direction" value="<?php echo $disp_direction; ?>" />
@@ -295,7 +297,7 @@ function PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_query)
<form action="sql.php" method="post" <form action="sql.php" method="post"
onsubmit="return (checkFormElementInRange(this, 'session_max_rows', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 1) &amp;&amp; checkFormElementInRange(this, 'pos', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 0, <?php echo $unlim_num_rows - 1; ?>))"> onsubmit="return (checkFormElementInRange(this, 'session_max_rows', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 1) &amp;&amp; checkFormElementInRange(this, 'pos', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 0, <?php echo $unlim_num_rows - 1; ?>))">
<?php echo PMA_generate_common_hidden_inputs($db, $table); ?> <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
<input type="hidden" name="sql_query" value="<?php echo $encoded_query; ?>" /> <input type="hidden" name="sql_query" value="<?php echo $html_sql_query; ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" /> <input type="hidden" name="goto" value="<?php echo $goto; ?>" />
<input type="hidden" name="dontlimitchars" value="<?php echo $dontlimitchars; ?>" /> <input type="hidden" name="dontlimitchars" value="<?php echo $dontlimitchars; ?>" />
<input type="submit" name="navig" value="<?php echo $GLOBALS['strShow']; ?> :" /> <input type="submit" name="navig" value="<?php echo $GLOBALS['strShow']; ?> :" />
@@ -341,7 +343,7 @@ function PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_query)
<td> <td>
<form action="sql.php" method="post"> <form action="sql.php" method="post">
<?php echo PMA_generate_common_hidden_inputs($db, $table); ?> <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
<input type="hidden" name="sql_query" value="<?php echo $encoded_query; ?>" /> <input type="hidden" name="sql_query" value="<?php echo $html_sql_query; ?>" />
<input type="hidden" name="pos" value="<?php echo $pos_next; ?>" /> <input type="hidden" name="pos" value="<?php echo $pos_next; ?>" />
<input type="hidden" name="session_max_rows" value="<?php echo $session_max_rows; ?>" /> <input type="hidden" name="session_max_rows" value="<?php echo $session_max_rows; ?>" />
<input type="hidden" name="disp_direction" value="<?php echo $disp_direction; ?>" /> <input type="hidden" name="disp_direction" value="<?php echo $disp_direction; ?>" />
@@ -355,7 +357,7 @@ function PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_query)
<form action="sql.php" method="post" <form action="sql.php" method="post"
onsubmit="return <?php echo (($pos + $session_max_rows < $unlim_num_rows && $num_rows >= $session_max_rows) ? 'true' : 'false'); ?>"> onsubmit="return <?php echo (($pos + $session_max_rows < $unlim_num_rows && $num_rows >= $session_max_rows) ? 'true' : 'false'); ?>">
<?php echo PMA_generate_common_hidden_inputs($db, $table); ?> <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
<input type="hidden" name="sql_query" value="<?php echo $encoded_query; ?>" /> <input type="hidden" name="sql_query" value="<?php echo $html_sql_query; ?>" />
<input type="hidden" name="pos" value="<?php echo @((ceil($unlim_num_rows / $session_max_rows)- 1) * $session_max_rows); ?>" /> <input type="hidden" name="pos" value="<?php echo @((ceil($unlim_num_rows / $session_max_rows)- 1) * $session_max_rows); ?>" />
<?php <?php
if ($is_innodb && $unlim_num_rows > $GLOBALS['cfg']['MaxExactCount']) { if ($is_innodb && $unlim_num_rows > $GLOBALS['cfg']['MaxExactCount']) {
@@ -389,7 +391,7 @@ function PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_query)
<?php //<form> for keep the form alignment of button < and << ?> <?php //<form> for keep the form alignment of button < and << ?>
<form action="none"> <form action="none">
<?php echo PMA_pageselector( <?php echo PMA_pageselector(
'sql.php?sql_query=' . $encoded_query . 'sql.php?sql_query=' . urlencode($sql_query) .
'&amp;session_max_rows=' . $session_max_rows . '&amp;session_max_rows=' . $session_max_rows .
'&amp;disp_direction=' . $disp_direction . '&amp;disp_direction=' . $disp_direction .
'&amp;repeat_cells=' . $repeat_cells . '&amp;repeat_cells=' . $repeat_cells .
@@ -418,7 +420,7 @@ function PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_query)
<td> <td>
<form action="sql.php" method="post"> <form action="sql.php" method="post">
<?php echo PMA_generate_common_hidden_inputs($db, $table); ?> <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
<input type="hidden" name="sql_query" value="<?php echo $encoded_query; ?>" /> <input type="hidden" name="sql_query" value="<?php echo $html_sql_query; ?>" />
<input type="hidden" name="pos" value="0" /> <input type="hidden" name="pos" value="0" />
<input type="hidden" name="session_max_rows" value="all" /> <input type="hidden" name="session_max_rows" value="all" />
<input type="hidden" name="disp_direction" value="<?php echo $disp_direction; ?>" /> <input type="hidden" name="disp_direction" value="<?php echo $disp_direction; ?>" />
@@ -1827,7 +1829,7 @@ function PMA_displayTable(&$dt_result, &$the_disp_mode, $analyzed_sql)
PMA_displayResultsOperations($the_disp_mode, $analyzed_sql); PMA_displayResultsOperations($the_disp_mode, $analyzed_sql);
} }
if ($is_display['nav_bar'] == '1') { if ($is_display['nav_bar'] == '1') {
PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_sql_query); PMA_displayTableNavigation($pos_next, $pos_prev, $sql_query);
echo "\n"; echo "\n";
} elseif (!isset($GLOBALS['printview']) || $GLOBALS['printview'] != '1') { } elseif (!isset($GLOBALS['printview']) || $GLOBALS['printview'] != '1') {
echo "\n" . '<br /><br />' . "\n"; echo "\n" . '<br /><br />' . "\n";
@@ -1955,7 +1957,7 @@ function PMA_displayTable(&$dt_result, &$the_disp_mode, $analyzed_sql)
if ($is_display['nav_bar'] == '1') { if ($is_display['nav_bar'] == '1') {
echo '<br />' . "\n"; echo '<br />' . "\n";
PMA_displayTableNavigation($pos_next, $pos_prev, $encoded_sql_query); PMA_displayTableNavigation($pos_next, $pos_prev, $sql_query);
} elseif (!isset($GLOBALS['printview']) || $GLOBALS['printview'] != '1') { } elseif (!isset($GLOBALS['printview']) || $GLOBALS['printview'] != '1') {
echo "\n" . '<br /><br />' . "\n"; echo "\n" . '<br /><br />' . "\n";
} }