bug #3319466 [edit] Inline query edit does not escape special characters

2011-06-17 21:10:00 +01:00
parent b45de543c0
commit ada8916b98
2 changed files with 7 additions and 1 deletions
--- a/1
+++ b/1
@@ -13,6 +13,7 @@ phpMyAdmin - ChangeLog
 - bug #3315741 [display] Inline query edit broken
 - patch #3317206 [privileges] Generate password option missing on new accounts
 - bug #3317293 [edit] Inline edit places HTML line breaks in edit area
+- bug #3319466 [interface] Inline query edit does not escape special characters

 3.4.2.0 (2011-06-07)
 - bug #3301249 [interface] Iconic table operations does not remove inline edit label
--- a/js/functions.js
+++ b/js/functions.js
@@ -1131,7 +1131,12 @@ $(document).ready(function(){
        $(".btnSave").each(function(){
            $(this).click(function(){
                sql_query = $(this).prev().val();
-                window.location.replace("import.php?db=" + db +"&table=" + table + "&sql_query=" + sql_query + "&show_query=1&token=" + token);
+                window.location.replace("import.php"
+                                      + "?db=" + encodeURIComponent(db)
+                                      + "&table=" + encodeURIComponent(table)
+                                      + "&sql_query=" + encodeURIComponent(sql_query)
+                                      + "&show_query=1"
+                                      + "&token=" + token);
            });
        });
        $(".btnDiscard").each(function(){