nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

correctly escape strings inside JavaScript (part of bug #1532721)

Browse Source
This commit is contained in:
Sebastian Mendel
2006-08-02 10:25:37 +00:00
parent 6d75c0afaf
commit 91c0522cd1
2 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -15,6 +15,8 @@ $Source$
* Documentation.html: updated style config option descriptions * Documentation.html: updated style config option descriptions
* libraries/common.lib.php: added PMA_escapeJsString() to escape strings for * libraries/common.lib.php: added PMA_escapeJsString() to escape strings for
JavaScript inside CDATA blocks JavaScript inside CDATA blocks
* libraries/footer.inc.php: correctly escape strings inside JavaScript
(part of bug #1532721)
2006-08-01 Marc Delisle <lem9@users.sourceforge.net> 2006-08-01 Marc Delisle <lem9@users.sourceforge.net>
* Documentation.html: patch #1532493 + light editing from me, * Documentation.html: patch #1532493 + light editing from me,

13
libraries/footer.inc.php
View File

@@ -25,7 +25,12 @@ if (! isset($GLOBALS['no_history']) && isset($GLOBALS['db'])
$table = isset($GLOBALS['table']) ? $GLOBALS['table'] : ''; ?> $table = isset($GLOBALS['table']) ? $GLOBALS['table'] : ''; ?>
// updates current settings // updates current settings
if (window.parent.setAll) { if (window.parent.setAll) {
window.parent.setAll('<?php echo $GLOBALS['lang']; ?>', '<?php echo htmlspecialchars($GLOBALS['collation_connection']); ?>', '<?php echo $GLOBALS['server']; ?>', '<?php echo htmlspecialchars($GLOBALS['db']); ?>', '<?php echo htmlspecialchars($table); ?>'); window.parent.setAll('<?php
echo PMA_escapeJsString($GLOBALS['lang']) . "', '";
echo PMA_escapeJsString($GLOBALS['collation_connection']) . "', '";
echo PMA_escapeJsString($GLOBALS['server']) . "', '";
echo PMA_escapeJsString($GLOBALS['db']) . "', '";
echo PMA_escapeJsString($table); ?>');
} }
<?php } ?> <?php } ?>
@@ -54,9 +59,9 @@ if (! isset($GLOBALS['no_history']) && empty($GLOBALS['error_message'])) {
// set current db, table and sql query in the querywindow // set current db, table and sql query in the querywindow
if (window.parent.refreshNavigation) { if (window.parent.refreshNavigation) {
window.parent.reload_querywindow( window.parent.reload_querywindow(
"<?php echo isset($GLOBALS['db']) ? htmlspecialchars(addslashes($GLOBALS['db'])) : '' ?>", '<?php echo isset($GLOBALS['db']) ? PMA_escapeJsString($GLOBALS['db']) : '' ?>',
"<?php echo isset($GLOBALS['table']) ? htmlspecialchars(addslashes($GLOBALS['table'])) : '' ?>", '<?php echo isset($GLOBALS['table']) ? PMA_escapeJsString($GLOBALS['table']) : '' ?>',
"<?php echo isset($GLOBALS['sql_query']) ? htmlspecialchars(urlencode($GLOBALS['sql_query'])) : ''; ?>"); '<?php echo isset($GLOBALS['sql_query']) ? PMA_escapeJsString($GLOBALS['sql_query']) : ''; ?>');
} }
<?php } ?> <?php } ?>