Avoid double escaping
This commit is contained in:
parent
07e4476e78
commit
5ee14079b8
|
@ -43,7 +43,7 @@ page_header(
|
|||
($update ? lang('Edit') : lang('Insert')),
|
||||
$error,
|
||||
array("select" => array($TABLE, $table_name)),
|
||||
$table_name
|
||||
$table_name //! two calls of h()
|
||||
);
|
||||
|
||||
$row = null;
|
||||
|
|
|
@ -80,7 +80,7 @@ username.form['driver'].onchange();
|
|||
|
||||
/** Table caption used in navigation and headings
|
||||
* @param array result of SHOW TABLE STATUS
|
||||
* @return string
|
||||
* @return string HTML code, "" to ignore table
|
||||
*/
|
||||
function tableName($tableStatus) {
|
||||
return h($tableStatus["Name"]);
|
||||
|
@ -89,7 +89,7 @@ username.form['driver'].onchange();
|
|||
/** Field caption used in select and edit
|
||||
* @param array single field returned from fields()
|
||||
* @param int order of column in select
|
||||
* @return string
|
||||
* @return string HTML code, "" to ignore field
|
||||
*/
|
||||
function fieldName($field, $order = 0) {
|
||||
return '<span title="' . h($field["full_type"]) . '">' . h($field["field"]) . '</span>';
|
||||
|
|
|
@ -757,7 +757,7 @@ function search_tables() {
|
|||
echo "<ul>\n";
|
||||
$found = true;
|
||||
}
|
||||
echo "<li><a href='" . h(ME . "select=" . urlencode($table) . "&where[0][op]=" . urlencode($_GET["where"][0]["op"]) . "&where[0][val]=" . urlencode($_GET["where"][0]["val"])) . "'>" . h($name) . "</a>\n";
|
||||
echo "<li><a href='" . h(ME . "select=" . urlencode($table) . "&where[0][op]=" . urlencode($_GET["where"][0]["op"]) . "&where[0][val]=" . urlencode($_GET["where"][0]["val"])) . "'>$name</a>\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -13,7 +13,7 @@ if ($adminer->homepage()) {
|
|||
$name = $adminer->tableName($row);
|
||||
if (isset($row["Engine"]) && $name != "") {
|
||||
echo '<tr' . odd() . '><td>' . checkbox("tables[]", $table, in_array($table, (array) $_POST["tables"], true), "", "formUncheck('check-all');");
|
||||
echo '<th><a href="' . h(ME) . 'select=' . urlencode($table) . '">' . h($name) . '</a>';
|
||||
echo "<th><a href='" . h(ME) . 'select=' . urlencode($table) . "'>$name</a>";
|
||||
$val = number_format($row["Rows"], 0, '.', lang(','));
|
||||
echo "<td align='right'><a href='" . h(ME . "edit=") . urlencode($table) . "'>" . ($row["Engine"] == "InnoDB" && $val ? "~ $val" : $val) . "</a>";
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue