Escape JavaScript strings (bug #3093243)
This commit is contained in:
Jakub Vrana
parent
7d601c07fc
commit
28f21aaa6c
|
|
@ -560,7 +560,7 @@ document.getElementById('username').focus();
|
|||
$links[] = preg_quote($table, '/');
|
||||
}
|
||||
echo "<script type='text/javascript'>\n";
|
||||
echo "var jushLinks = { $jush: [ '" . addcslashes(h(ME), "\\'/") . "table=\$&', /\\b(" . implode("|", $links) . ")\\b/g ] };\n";
|
||||
echo "var jushLinks = { $jush: [ '" . js_escape(ME) . "table=\$&', /\\b(" . implode("|", $links) . ")\\b/g ] };\n";
|
||||
foreach (array("bac", "bra", "sqlite_quo", "mssql_bra") as $val) {
|
||||
echo "jushLinks.$val = jushLinks.$jush;\n";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -143,6 +143,14 @@ function confirm($count = "") {
|
|||
return " onclick=\"return confirm('" . lang('Are you sure?') . ($count ? " (' + $count + ')" : "") . "');\"";
|
||||
}
|
||||
|
||||
/** Escape string for JavaScript apostrophes
|
||||
* @param string
|
||||
* @return string
|
||||
*/
|
||||
function js_escape($string) {
|
||||
return addcslashes($string, "\r\n'\\/"); // slash for <script>
|
||||
}
|
||||
|
||||
/** Get INI boolean value
|
||||
* @param string
|
||||
* @return bool
|
||||
|
|
@ -591,7 +599,7 @@ function input($field, $value, $function) {
|
|||
}
|
||||
$first++;
|
||||
}
|
||||
$onchange = ($first ? " onchange=\"var f = this.form['function[" . addcslashes($name, "\r\n'\\") . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
|
||||
$onchange = ($first ? " onchange=\"var f = this.form['function[" . js_escape($name) . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
|
||||
$attrs .= $onchange;
|
||||
echo (count($functions) > 1 ? html_select("function[$name]", $functions, !isset($function) || in_array($function, $functions) || isset($functions[$function]) ? $function : "") : nbsp(reset($functions))) . '<td>';
|
||||
$input = $adminer->editInput($_GET["edit"], $field, $attrs, $value); // usage in call is without a table
|
||||
|
|
|
|||
|
|
@ -7,7 +7,7 @@ $table_pos_js = array();
|
|||
preg_match_all('~([^:]+):([-0-9.]+)x([-0-9.]+)(_|$)~', $_COOKIE["adminer_schema"], $matches, PREG_SET_ORDER); //! ':' in table name
|
||||
foreach ($matches as $i => $match) {
|
||||
$table_pos[$match[1]] = array($match[2], $match[3]);
|
||||
$table_pos_js[] = "\n\t'" . addcslashes($match[1], "\r\n'\\/") . "': [ $match[2], $match[3] ]";
|
||||
$table_pos_js[] = "\n\t'" . js_escape($match[1]) . "': [ $match[2], $match[3] ]";
|
||||
}
|
||||
|
||||
$top = 0;
|
||||
|
|
|
|||
|
|
@ -7,11 +7,11 @@ if ($_GET["token"] != $token) { // CSRF protection
|
|||
if ($_GET["script"] == "db") {
|
||||
$sums = array("Data_length" => 0, "Index_length" => 0, "Data_free" => 0);
|
||||
foreach (table_status() as $row) {
|
||||
$id = addcslashes($row["Name"], "\\'/");
|
||||
echo "setHtml('Comment-$id', '" . addcslashes(nbsp($row["Comment"]), "'\\") . "');\n";
|
||||
$id = js_escape($row["Name"]);
|
||||
echo "setHtml('Comment-$id', '" . js_escape(nbsp($row["Comment"])) . "');\n";
|
||||
if (!is_view($row)) {
|
||||
foreach (array("Engine", "Collation") as $key) {
|
||||
echo "setHtml('$key-$id', '" . addcslashes(nbsp($row[$key]), "'\\") . "');\n";
|
||||
echo "setHtml('$key-$id', '" . js_escape(nbsp($row[$key])) . "');\n";
|
||||
}
|
||||
foreach ($sums + array("Auto_increment" => 0, "Rows" => 0) as $key => $val) {
|
||||
if ($row[$key] != "") {
|
||||
|
|
@ -31,7 +31,7 @@ if ($_GET["script"] == "db") {
|
|||
}
|
||||
} else { // connect
|
||||
foreach (count_tables(get_databases()) as $db => $val) {
|
||||
echo "setHtml('tables-" . addcslashes($db, "\\'/") . "', '$val');\n";
|
||||
echo "setHtml('tables-" . js_escape($db) . "', '$val');\n";
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ if ($_POST) {
|
|||
|
||||
<form action="" method="post" id="form">
|
||||
<table cellspacing="0">
|
||||
<tr><th><?php echo lang('Time'); ?><td><?php echo html_select("Timing", $trigger_options["Timing"], $row["Timing"], "if (/^" . h(preg_quote($TABLE, "/")) . "_[ba][iud]$/.test(this.form['Trigger'].value)) this.form['Trigger'].value = '" . h(addcslashes($TABLE, "\r\n'\\")) . "_' + selectValue(this).charAt(0).toLowerCase() + selectValue(this.form['Event']).charAt(0).toLowerCase();"); ?>
|
||||
<tr><th><?php echo lang('Time'); ?><td><?php echo html_select("Timing", $trigger_options["Timing"], $row["Timing"], "if (/^" . h(preg_quote($TABLE, "/")) . "_[ba][iud]$/.test(this.form['Trigger'].value)) this.form['Trigger'].value = '" . h(js_escape($TABLE)) . "_' + selectValue(this).charAt(0).toLowerCase() + selectValue(this.form['Event']).charAt(0).toLowerCase();"); ?>
|
||||
<tr><th><?php echo lang('Event'); ?><td><?php echo html_select("Event", $trigger_event, $row["Event"], "this.form['Timing'].onchange();"); ?>
|
||||
<tr><th><?php echo lang('Type'); ?><td><?php echo html_select("Type", $trigger_options["Type"], $row["Type"]); ?>
|
||||
</table>
|
||||
|
|
|
|||
Loading…
Reference in a new issue