nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added PMA_escapeJsString() to escape strings for JavaScript inside CDATA blocks

Browse Source
This commit is contained in:
Sebastian Mendel
2006-08-02 10:15:56 +00:00
parent a74be01a9a
commit 6d75c0afaf
2 changed files with 30 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -13,6 +13,8 @@ $Source$
added variables to define (text) color for marked and hovered objects added variables to define (text) color for marked and hovered objects
thanks to Juergen Wind - windkiel for hinting this bug (patch #1503529) thanks to Juergen Wind - windkiel for hinting this bug (patch #1503529)
* Documentation.html: updated style config option descriptions * Documentation.html: updated style config option descriptions
* libraries/common.lib.php: added PMA_escapeJsString() to escape strings for
JavaScript inside CDATA blocks
2006-08-01 Marc Delisle <lem9@users.sourceforge.net> 2006-08-01 Marc Delisle <lem9@users.sourceforge.net>
* Documentation.html: patch #1532493 + light editing from me, * Documentation.html: patch #1532493 + light editing from me,

35
libraries/common.lib.php
View File

@@ -1317,12 +1317,18 @@ if (!defined('PMA_MINIMUM_COMMON')) {
/** /**
* Format a string so it can be passed to a javascript function. * Format a string so it can be a string inside JavaScript code inside an
* eventhandler (onclick, onchange, on..., ).
* This function is used to displays a javascript confirmation box for * This function is used to displays a javascript confirmation box for
* "DROP/DELETE/ALTER" queries. * "DROP/DELETE/ALTER" queries.
* *
* @param string the string to format * @uses PMA_escapeJsString()
* @param boolean whether to add backquotes to the string or not * @uses PMA_backquote()
* @uses is_string()
* @uses htmlspecialchars()
* @uses str_replace()
* @param string $a_string the string to format
* @param boolean $add_backquotes whether to add backquotes to the string or not
* *
* @return string the formated string * @return string the formated string
* *
@@ -1332,16 +1338,31 @@ if (!defined('PMA_MINIMUM_COMMON')) {
{ {
if (is_string($a_string)) { if (is_string($a_string)) {
$a_string = htmlspecialchars($a_string); $a_string = htmlspecialchars($a_string);
$a_string = str_replace('\\', '\\\\', $a_string); $a_string = PMA_escapeJsString($a_string);
$a_string = str_replace('\'', '\\\'', $a_string); // TODO: what is this good for?
$a_string = str_replace('#', '\\#', $a_string); $a_string = str_replace('#', '\\#', $a_string);
$a_string = str_replace("\012", '\n', $a_string);
$a_string = str_replace("\015", '\r', $a_string);
} }
return (($add_backquotes) ? PMA_backquote($a_string) : $a_string); return (($add_backquotes) ? PMA_backquote($a_string) : $a_string);
} // end of the 'PMA_jsFormat()' function } // end of the 'PMA_jsFormat()' function
/**
* escapes a string to be inserted as string a JavaScript block
* enclosed by <![CDATA[ ... ]]>
* this requires only to escape ' with \'
*
* @uses str_replace()
* @param string $string the string to be escaped
* @return string the escaped string
*/
function PMA_escapeJsString($string)
{
$string = str_replace('\\', '\\\\', $string);
$string = str_replace('\'', '\\\'', $string);
$string = str_replace("\012", '\n', $string);
$string = str_replace("\015", '\r', $string);
return $string;
}
/** /**
* Defines the <CR><LF> value depending on the user OS. * Defines the <CR><LF> value depending on the user OS.