nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixes for HTML entities in field/table/db names

Browse Source
This commit is contained in:
Michal Čihař
2003-03-26 14:02:16 +00:00
parent be41dc5bc5
commit b4cadaf745
10 changed files with 23 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
ChangeLog
View File

@@ -5,6 +5,12 @@ phpMyAdmin - Changelog
$Id$
$Source$
2003-03-26 Michal Cihar <nijel@users.sourceforge.net>
* db_details.php3, db_details_qbe.php3, left.php3, tbl_change.php3,
tbl_properties_operations.php3, tbl_properties_structure.php3,
tbl_query_box.php3, tbl_select.php3, libraries/common.lib.php3: Even
more fixes for HTML entities in field/table/db name.
2003-03-25 Alexander M. Turek <rabus@users.sourceforge.net>
* Documentation.html: Fixed GRANT queries for the controluser.

4
db_details.php3
View File

@@ -58,7 +58,7 @@ $auto_sel = ($cfg['TextareaAutoSelect']
<input type="hidden" name="pos" value="0" />
<input type="hidden" name="goto" value="db_details.php3" />
<input type="hidden" name="zero_rows" value="<?php echo htmlspecialchars($strSuccess); ?>" />
<input type="hidden" name="prev_sql_query" value="<?php echo ((!empty($query_to_display)) ? urlencode($query_to_display) : ''); ?>" />
<input type="hidden" name="prev_sql_query" value="<?php echo ((!empty($query_to_display)) ? htmlspecialchars($query_to_display) : ''); ?>" />
<?php echo sprintf($strRunSQLQuery, $db) . ' ' . PMA_showMySQLDocu('Reference', 'SELECT'); ?>&nbsp;:<br />
<div style="margin-bottom: 5px">
<textarea name="sql_query" cols="<?php echo $cfg['TextareaCols'] * 2; ?>" rows="<?php echo $cfg['TextareaRows']; ?>" wrap="virtual" dir="<?php echo $text_dir; ?>"<?php echo $auto_sel; ?>>
@@ -159,7 +159,7 @@ if ($cfg['Bookmark']['db'] && $cfg['Bookmark']['table']) {
echo ' <select name="id_bookmark">' . "\n";
echo ' <option value=""></option>' . "\n";
while (list($key, $value) = each($bookmark_list)) {
echo ' <option value="' . $value . '">' . htmlentities($key) . '</option>' . "\n";
echo ' <option value="' . htmlspecialchars($value) . '">' . htmlspecialchars($key) . '</option>' . "\n";
}
echo ' </select>' . "<br />\n";
echo ' ' . $strVar . ' (<a href="./Documentation.html#faqbookmark" target="documentation">' . $strDocu . '</a>): <input type="text" name="bookmark_variable" class="textfield" size="10" />' . "\n";

6
db_details_qbe.php3
View File

@@ -198,7 +198,7 @@ for ($x = 0; $x < $col; $x++) {
$sel = '';
}
echo ' ';
echo '<option value="' . urlencode($fld[$y]) . '"' . $sel . '>' . htmlspecialchars($fld[$y]) . '</option>' . "\n";
echo '<option value="' . htmlspecialchars($fld[$y]) . '"' . $sel . '>' . htmlspecialchars($fld[$y]) . '</option>' . "\n";
} // end for
?>
</select>
@@ -225,7 +225,7 @@ for ($x = 0; $x < $col; $x++) {
$sel = '';
} // end if
echo ' ';
echo '<option value="' . urlencode($fld[$y]) . '"' . $sel . '>' . htmlspecialchars($fld[$y]) . '</option>' . "\n";
echo '<option value="' . htmlspecialchars($fld[$y]) . '"' . $sel . '>' . htmlspecialchars($fld[$y]) . '</option>' . "\n";
} // end for
?>
</select>
@@ -632,7 +632,7 @@ for ($x = 0; $x < $col; $x++) {
<?php
while (list($key, $val) = each($tbl_names)) {
echo ' ';
echo '<option value="' . urlencode($key) . '"' . $val . '>' . htmlspecialchars($key) . '</option>' . "\n";
echo '<option value="' . htmlspecialchars($key) . '"' . $val . '>' . htmlspecialchars($key) . '</option>' . "\n";
}
?>
</select>

4
left.php3
View File

@@ -307,9 +307,9 @@ if ($num_dbs > 1) {
} // end if... else...
if (!empty($num_tables)) {
echo ' <option value="' . urlencode($db) . '"' . $selected . '>' . ($db_tooltip != '' && $cfg['ShowTooltipAliasDB'] ? htmlspecialchars($db_tooltip) : htmlspecialchars($db)) . ' (' . $num_tables . ')</option>' . "\n";
echo ' <option value="' . htmlspecialchars($db) . '"' . $selected . '>' . ($db_tooltip != '' && $cfg['ShowTooltipAliasDB'] ? htmlspecialchars($db_tooltip) : htmlspecialchars($db)) . ' (' . $num_tables . ')</option>' . "\n";
} else {
echo ' <option value="' . urlencode($db) . '"' . $selected . '>' . ($db_tooltip != '' && $cfg['ShowTooltipAliasDB'] ? htmlspecialchars($db_tooltip) : htmlspecialchars($db)) . ' (-)</option>' . "\n";
echo ' <option value="' . htmlspecialchars($db) . '"' . $selected . '>' . ($db_tooltip != '' && $cfg['ShowTooltipAliasDB'] ? htmlspecialchars($db_tooltip) : htmlspecialchars($db)) . ' (-)</option>' . "\n";
} // end if... else...
} // end if (light mode)

2
libraries/common.lib.php3
View File

@@ -1167,7 +1167,7 @@ h1 {font-family: sans-serif; font-size: large; font-weight: bold}
function PMA_jsFormat($a_string = '', $add_backquotes = TRUE)
{
if (is_string($a_string)) {
$a_string = htmlentities($a_string);
$a_string = htmlspecialchars($a_string);
$a_string = str_replace('\\', '\\\\', $a_string);
$a_string = str_replace('\'', '\\\'', $a_string);
$a_string = str_replace('#', '\\#', $a_string);

4
tbl_change.php3
View File

@@ -487,7 +487,7 @@ for ($i = 0; $i < $fields_cnt; $i++) {
// Removes automatic MySQL escape format
$enum_atom = str_replace('\'\'', '\'', str_replace('\\\\', '\\', $enum[$j]));
echo ' ';
echo '<option value="' . urlencode($enum_atom) . '"';
echo '<option value="' . htmlspecialchars($enum_atom) . '"';
if ($data == $enum_atom
|| ($data == '' && (!isset($primary_key) || $row_table_def['Null'] != 'YES')
&& isset($row_table_def['Default']) && $enum_atom == $row_table_def['Default'])) {
@@ -549,7 +549,7 @@ for ($i = 0; $i < $fields_cnt; $i++) {
// Removes automatic MySQL escape format
$subset = str_replace('\'\'', '\'', str_replace('\\\\', '\\', $subset));
echo ' ';
echo '<option value="'. urlencode($subset) . '"';
echo '<option value="'. htmlspecialchars($subset) . '"';
if (isset($vset[$subset]) && $vset[$subset]) {
echo ' selected="selected"';
}

2
tbl_properties_operations.php3
View File

@@ -65,7 +65,7 @@ if (PMA_MYSQL_INT_VERSION >= 32334) {
echo "\n";
reset($columns);
while (list($junk, $fieldname) = each($columns)) {
echo ' <option value="' . urlencode($fieldname) . '">' . htmlspecialchars($fieldname) . '</option>' . "\n";
echo ' <option value="' . htmlspecialchars($fieldname) . '">' . htmlspecialchars($fieldname) . '</option>' . "\n";
}
unset($columns);
?>

2
tbl_properties_structure.php3
View File

@@ -605,7 +605,7 @@ echo "\n";
<?php
reset($aryFields);
while (list($junk, $fieldname) = each($aryFields)) {
echo ' <option value="' . urlencode($fieldname) . '">' . sprintf($strAfter, htmlspecialchars($fieldname)) . '</option>' . "\n";
echo ' <option value="' . htmlspecialchars($fieldname) . '">' . sprintf($strAfter, htmlspecialchars($fieldname)) . '</option>' . "\n";
}
unset($aryFields);
?>

2
tbl_query_box.php3
View File

@@ -228,7 +228,7 @@ if (!isset($is_inside_querywindow) ||
echo ' <select name="id_bookmark" style="vertical-align: middle">' . "\n";
echo ' <option value=""></option>' . "\n";
while (list($key, $value) = each($bookmark_list)) {
echo ' <option value="' . $value . '">' . htmlentities($key) . '</option>' . "\n";
echo ' <option value="' . $value . '">' . htmlspecialchars($key) . '</option>' . "\n";
}
echo ' </select>' . "<br />\n";
echo ' ' . $strVar . ' (<a href="./Documentation.html#faqbookmark" target="documentation">' . $strDocu . '</a>): <input type="text" name="bookmark_variable" class="textfield" size="10" />' . "\n";

8
tbl_select.php3
View File

@@ -81,7 +81,7 @@ if (!isset($param) || $param[0] == '') {
echo "\n";
// Displays the list of the fields
for ($i = 0 ; $i < $fields_cnt; $i++) {
echo ' <option value="' . urlencode($fields_list[$i]) . '" selected="selected">' . htmlspecialchars($fields_list[$i]) . '</option>' . "\n";
echo ' <option value="' . htmlspecialchars($fields_list[$i]) . '" selected="selected">' . htmlspecialchars($fields_list[$i]) . '</option>' . "\n";
}
?>
</select><br />
@@ -152,7 +152,7 @@ if (!isset($param) || $param[0] == '') {
while ($relrow = @PMA_mysql_fetch_array($disp)) {
$key = $relrow[$foreign_field];
$value = (($foreign_display != FALSE) ? '-' . htmlspecialchars($relrow[$foreign_display]) : '');
echo ' <option value="' . urlencode($key) . '">'
echo ' <option value="' . htmlspecialchars($key) . '">'
. htmlspecialchars($key) . $value . '</option>' . "\n";
} // end while
echo ' </select>' . "\n";
@@ -171,7 +171,7 @@ if (!isset($param) || $param[0] == '') {
}
?>
<input type="hidden" name="names[]" value="<?php echo urlencode($fields_list[$i]); ?>" />
<input type="hidden" name="names[]" value="<?php echo htmlspecialchars($fields_list[$i]); ?>" />
<input type="hidden" name="types[]" value="<?php echo $fields_type[$i]; ?>" />
</td>
</tr>
@@ -189,7 +189,7 @@ if (!isset($param) || $param[0] == '') {
echo "\n";
for ($i = 0; $i < $fields_cnt; $i++) {
echo ' ';
echo '<option value="' . urlencode($fields_list[$i]) . '">' . htmlspecialchars($fields_list[$i]) . '</option>' . "\n";
echo '<option value="' . htmlspecialchars($fields_list[$i]) . '">' . htmlspecialchars($fields_list[$i]) . '</option>' . "\n";
} // end for
?>
</select>