Fix escaping of long query with js (thanks to Erwin for report).

2006-10-19 15:57:17 +00:00
parent 384c97721c
commit dea9bc31fe
2 changed files with 25 additions and 12 deletions
--- a/4
+++ b/4
@@ -5,6 +5,10 @@ phpMyAdmin - ChangeLog
 $Id$
 $Source$

+2006-10-19 Michal Čihař  <michal@cihar.com>
+    * libraries/common.lib.php: Fix escaping of long query with js (thanks to
+      Erwin for report).
+
 2006-10-18 Marc Delisle  <lem9@users.sourceforge.net>
    * db_operations.php, libraries/Table.class.php: bug #1567316,
      renaming a db containing a view
--- a/libraries/common.lib.php
+++ b/libraries/common.lib.php
@@ -1395,19 +1395,20 @@ if (!defined('PMA_MINIMUM_COMMON')) {
    /**
     * escapes a string to be inserted as string a JavaScript block
     * enclosed by <![CDATA[ ... ]]>
-     * this requires only to escape ' with \'
+     * this requires only to escape ' with \' and end of script block
     *
-     * @uses    str_replace()
+     * @uses    strtr()
     * @param   string  $string the string to be escaped
     * @return  string  the escaped string
     */
    function PMA_escapeJsString($string)
    {
-        $string = str_replace('\\', '\\\\', $string);
-        $string = str_replace('\'', '\\\'', $string);
-        $string = str_replace("\012", '\n', $string);
-        $string = str_replace("\015", '\r', $string);
-        return $string;
+        return strtr($string, array(
+                            '\\' => '\\\\',
+                            '\'' => '\\\'',
+                            "\n" => '\n',
+                            "\r" => '\r',
+                            '</script' => '<\' + \'script'));
    }

    /**
@@ -1544,7 +1545,15 @@ window.parent.updateTableTitle('<?php echo $uni_tbl; ?>', '<?php echo PMA_jsForm

        if ($cfg['ShowSQL'] == true
          && (!empty($GLOBALS['sql_query']) || !empty($GLOBALS['display_query']))) {
-            $local_query = !empty($GLOBALS['display_query']) ? $GLOBALS['display_query'] : (($cfg['SQP']['fmtType'] == 'none' && isset($GLOBALS['unparsed_sql']) && $GLOBALS['unparsed_sql'] != '') ? $GLOBALS['unparsed_sql'] : $GLOBALS['sql_query']);
+            if (!empty($GLOBALS['display_query'])) {
+                $local_query = $GLOBALS['display_query'];
+            } else {
+                if ($cfg['SQP']['fmtType'] == 'none' && !empty($GLOBALS['unparsed_sql'])) {
+                    $local_query = $GLOBALS['unparsed_sql'];
+                } else {
+                    $local_query = $GLOBALS['sql_query'];
+                }
+            }
            // Basic url query part
            $url_qpart = '?' . PMA_generate_common_url(isset($GLOBALS['db']) ? $GLOBALS['db'] : '', isset($GLOBALS['table']) ? $GLOBALS['table'] : '');

@@ -1563,7 +1572,7 @@ window.parent.updateTableTitle('<?php echo $uni_tbl; ?>', '<?php echo PMA_jsForm
                 /* SQL-Parser-Analyzer */
                $query_base = preg_replace("@((\015\012)|(\015)|(\012))+@", $new_line, $query_base);
            } else {
-                $query_base = $local_query;
+                $query_base = htmlspecialchars($local_query);
            }

            // Parse SQL if needed