Shortcut for htmlspecialchars
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@936 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
parent
9fc052b77f
commit
689699aa17
|
@ -1,5 +1,5 @@
|
|||
<?php
|
||||
page_header(lang('Call') . ": " . htmlspecialchars($_GET["call"]), $error);
|
||||
page_header(lang('Call') . ": " . h($_GET["call"]), $error);
|
||||
|
||||
$routine = routine($_GET["call"], (isset($_GET["callf"]) ? "FUNCTION" : "PROCEDURE"));
|
||||
$in = array();
|
||||
|
@ -22,14 +22,14 @@ if (!$error && $_POST) {
|
|||
$val = "''";
|
||||
}
|
||||
if (isset($out[$key])) {
|
||||
$dbh->query("SET @" . idf_escape($field["field"]) . " = " . $val);
|
||||
$dbh->query("SET @" . idf_escape($field["field"]) . " = $val");
|
||||
}
|
||||
}
|
||||
$call[] = (isset($out[$key]) ? "@" . idf_escape($field["field"]) : $val);
|
||||
}
|
||||
$result = $dbh->multi_query((isset($_GET["callf"]) ? "SELECT" : "CALL") . " " . idf_escape($_GET["call"]) . "(" . implode(", ", $call) . ")");
|
||||
if (!$result) {
|
||||
echo "<p class='error'>" . htmlspecialchars($dbh->error) . "\n";
|
||||
echo "<p class='error'>" . h($dbh->error) . "\n";
|
||||
} else {
|
||||
do {
|
||||
$result = $dbh->store_result();
|
||||
|
@ -52,7 +52,7 @@ if ($in) {
|
|||
echo "<table cellspacing='0'>\n";
|
||||
foreach ($in as $key) {
|
||||
$field = $routine["fields"][$key];
|
||||
echo "<tr><th>" . htmlspecialchars($field["field"]);
|
||||
echo "<tr><th>" . h($field["field"]);
|
||||
$value = $_POST["fields"][$key];
|
||||
if (strlen($value) && ($field["type"] == "enum" || $field["type"] == "set")) {
|
||||
$value = intval($value);
|
||||
|
|
|
@ -126,13 +126,13 @@ $collations = collations();
|
|||
|
||||
$suhosin = floor(extension_loaded("suhosin") ? (min(ini_get("suhosin.request.max_vars"), ini_get("suhosin.post.max_vars")) - 13) / 8 : 0);
|
||||
if ($suhosin && count($row["fields"]) > $suhosin) {
|
||||
echo "<p class='error'>" . htmlspecialchars(lang('Maximum number of allowed fields exceeded. Please increase %s and %s.', 'suhosin.post.max_vars', 'suhosin.request.max_vars')) . "\n";
|
||||
echo "<p class='error'>" . h(lang('Maximum number of allowed fields exceeded. Please increase %s and %s.', 'suhosin.post.max_vars', 'suhosin.request.max_vars')) . "\n";
|
||||
}
|
||||
?>
|
||||
|
||||
<form action="" method="post" id="form">
|
||||
<p>
|
||||
<?php echo lang('Table name'); ?>: <input name="name" maxlength="64" value="<?php echo htmlspecialchars($row["name"]); ?>">
|
||||
<?php echo lang('Table name'); ?>: <input name="name" maxlength="64" value="<?php echo h($row["name"]); ?>">
|
||||
<select name="Engine"><option value="">(<?php echo lang('engine'); ?>)<?php echo optionlist($engines, $row["Engine"]); ?></select>
|
||||
<select name="Collation"><option value="">(<?php echo lang('collation'); ?>)<?php echo optionlist($collations, $row["Collation"]); ?></select>
|
||||
<input type="submit" value="<?php echo lang('Save'); ?>">
|
||||
|
@ -141,7 +141,7 @@ if ($suhosin && count($row["fields"]) > $suhosin) {
|
|||
</table>
|
||||
<p>
|
||||
<?php echo lang('Auto Increment'); ?>: <input name="Auto_increment" size="6" value="<?php echo intval($row["Auto_increment"]); ?>">
|
||||
<?php echo lang('Comment'); ?>: <input name="Comment" value="<?php echo htmlspecialchars($row["Comment"]); ?>" maxlength="60">
|
||||
<?php echo lang('Comment'); ?>: <input name="Comment" value="<?php echo h($row["Comment"]); ?>" maxlength="60">
|
||||
<script type="text/javascript">// <![CDATA[
|
||||
document.write('<label><input type="checkbox"<?php if ($column_comments) { ?> checked="checked"<?php } ?> onclick="column_comments_click(this.checked);"><?php echo lang('Show column comments'); ?></label>');
|
||||
// ]]></script>
|
||||
|
@ -155,15 +155,15 @@ if ($dbh->server_info >= 5.1) {
|
|||
<fieldset><legend><?php echo lang('Partition by'); ?></legend>
|
||||
<p>
|
||||
<select name="partition_by" onchange="partition_by_change(this);"><option><?php echo optionlist($partition_by, $row["partition_by"]); ?></select>
|
||||
(<input name="partition" value="<?php echo htmlspecialchars($row["partition"]); ?>">)
|
||||
<?php echo lang('Partitions'); ?>: <input name="partitions" size="2" value="<?php echo htmlspecialchars($row["partitions"]); ?>"<?php echo ($partition_table || !$row["partition_by"] ? " class='hidden'" : ""); ?>>
|
||||
(<input name="partition" value="<?php echo h($row["partition"]); ?>">)
|
||||
<?php echo lang('Partitions'); ?>: <input name="partitions" size="2" value="<?php echo h($row["partitions"]); ?>"<?php echo ($partition_table || !$row["partition_by"] ? " class='hidden'" : ""); ?>>
|
||||
<table cellspacing="0" id="partition-table"<?php echo ($partition_table ? "" : " class='hidden'"); ?>>
|
||||
<thead><tr><th><?php echo lang('Partition name'); ?><th><?php echo lang('Values'); ?></thead>
|
||||
<?php
|
||||
foreach ($row["partition_names"] as $key => $val) {
|
||||
echo '<tr>';
|
||||
echo '<td><input name="partition_names[]" value="' . htmlspecialchars($val) . '"' . ($key == count($row["partition_names"]) - 1 ? ' onchange="partition_name_change(this);"' : '') . '>';
|
||||
echo '<td><input name="partition_values[]" value="' . htmlspecialchars($row["partition_values"][$key]) . '">';
|
||||
echo '<td><input name="partition_names[]" value="' . h($val) . '"' . ($key == count($row["partition_names"]) - 1 ? ' onchange="partition_name_change(this);"' : '') . '>';
|
||||
echo '<td><input name="partition_values[]" value="' . h($row["partition_values"][$key]) . '">';
|
||||
}
|
||||
?>
|
||||
</table>
|
||||
|
|
|
@ -72,8 +72,8 @@ if ($_POST) {
|
|||
<form action="" method="post">
|
||||
<p>
|
||||
<?php echo ($_POST["add_x"]
|
||||
? '<textarea name="name" rows="10" cols="40">' . htmlspecialchars($name) . '</textarea><br>'
|
||||
: '<input name="name" value="' . htmlspecialchars($name) . '" maxlength="64">'
|
||||
? '<textarea name="name" rows="10" cols="40">' . h($name) . '</textarea><br>'
|
||||
: '<input name="name" value="' . h($name) . '" maxlength="64">'
|
||||
) . "\n"; ?>
|
||||
<select name="collation"><option value="">(<?php echo lang('collation'); ?>)<?php echo optionlist($collations, $collate); ?></select>
|
||||
<input type="hidden" name="token" value="<?php echo $token; ?>">
|
||||
|
|
|
@ -31,16 +31,16 @@ if ($tables_views && !$error) {
|
|||
$message = lang('Tables have been dropped.');
|
||||
} else {
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
$message .= htmlspecialchars("$row[Table]: $row[Msg_text]") . "<br>";
|
||||
$message .= h("$row[Table]: $row[Msg_text]") . "<br>";
|
||||
}
|
||||
}
|
||||
}
|
||||
query_redirect(queries(), substr($SELF, 0, -1), $message, $result, false, !$result);
|
||||
}
|
||||
|
||||
page_header(lang('Database') . ": " . htmlspecialchars($_GET["db"]), $error, false);
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a>\n";
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'schema=">' . lang('Database schema') . "</a>\n";
|
||||
page_header(lang('Database') . ": " . h($_GET["db"]), $error, false);
|
||||
echo '<p><a href="' . h($SELF) . 'database=">' . lang('Alter database') . "</a>\n";
|
||||
echo '<p><a href="' . h($SELF) . 'schema=">' . lang('Database schema') . "</a>\n";
|
||||
|
||||
echo "<h3>" . lang('Tables and views') . "</h3>\n";
|
||||
$table_status = table_status();
|
||||
|
@ -53,17 +53,17 @@ if (!$table_status) {
|
|||
foreach ($table_status as $row) {
|
||||
$name = $row["Name"];
|
||||
table_comment($row);
|
||||
echo '<tr' . odd() . '><td><input type="checkbox" name="' . (isset($row["Rows"]) ? 'tables' : 'views') . '[]" value="' . htmlspecialchars($name) . '"' . (in_array($name, $tables_views, true) ? ' checked="checked"' : '') . ' onclick="form_uncheck(\'check-all\');">';
|
||||
echo '<th><a href="' . htmlspecialchars($SELF) . 'table=' . urlencode($name) . '">' . htmlspecialchars($name) . '</a>';
|
||||
echo '<tr' . odd() . '><td><input type="checkbox" name="' . (isset($row["Rows"]) ? 'tables' : 'views') . '[]" value="' . h($name) . '"' . (in_array($name, $tables_views, true) ? ' checked="checked"' : '') . ' onclick="form_uncheck(\'check-all\');">';
|
||||
echo '<th><a href="' . h($SELF) . 'table=' . urlencode($name) . '">' . h($name) . '</a>';
|
||||
if (isset($row["Rows"])) {
|
||||
echo "<td>$row[Engine]<td>$row[Collation]";
|
||||
foreach (array("Data_length" => "create", "Index_length" => "indexes", "Data_free" => "edit", "Auto_increment" => "create", "Rows" => "select") as $key => $link) {
|
||||
$val = number_format($row[$key], 0, '.', lang(','));
|
||||
echo '<td align="right">' . (strlen($row[$key]) ? '<a href="' . htmlspecialchars("$SELF$link=") . urlencode($name) . '">' . str_replace(" ", " ", ($key == "Rows" && $row["Engine"] == "InnoDB" && $val ? lang('~ %s', $val) : $val)) . '</a>' : ' ');
|
||||
echo '<td align="right">' . (strlen($row[$key]) ? '<a href="' . h("$SELF$link=") . urlencode($name) . '">' . str_replace(" ", " ", ($key == "Rows" && $row["Engine"] == "InnoDB" && $val ? lang('~ %s', $val) : $val)) . '</a>' : ' ');
|
||||
}
|
||||
echo "<td>" . (strlen(trim($row["Comment"])) ? htmlspecialchars($row["Comment"]) : " ");
|
||||
echo "<td>" . (strlen(trim($row["Comment"])) ? h($row["Comment"]) : " ");
|
||||
} else {
|
||||
echo '<td colspan="8"><a href="' . htmlspecialchars($SELF) . "select=" . urlencode($name) . '">' . lang('View') . '</a>';
|
||||
echo '<td colspan="8"><a href="' . h($SELF) . "select=" . urlencode($name) . '">' . lang('View') . '</a>';
|
||||
}
|
||||
}
|
||||
echo "</table>\n";
|
||||
|
@ -71,27 +71,27 @@ if (!$table_status) {
|
|||
$dbs = get_databases();
|
||||
if (count($dbs) != 1) {
|
||||
$db = (isset($_POST["target"]) ? $_POST["target"] : $_GET["db"]);
|
||||
echo "<p>" . lang('Move to other database') . ($dbs ? ": <select name='target'>" . optionlist($dbs, $db) . "</select>" : ': <input name="target" value="' . htmlspecialchars($db) . '">') . " <input type='submit' name='move' value='" . lang('Move') . "'>\n";
|
||||
echo "<p>" . lang('Move to other database') . ($dbs ? ": <select name='target'>" . optionlist($dbs, $db) . "</select>" : ': <input name="target" value="' . h($db) . '">') . " <input type='submit' name='move' value='" . lang('Move') . "'>\n";
|
||||
}
|
||||
echo "</form>\n";
|
||||
}
|
||||
|
||||
if ($dbh->server_info >= 5) {
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'view=">' . lang('Create view') . "</a>\n";
|
||||
echo '<p><a href="' . h($SELF) . 'view=">' . lang('Create view') . "</a>\n";
|
||||
echo "<h3>" . lang('Routines') . "</h3>\n";
|
||||
$result = $dbh->query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = " . $dbh->quote($_GET["db"]));
|
||||
if ($result->num_rows) {
|
||||
echo "<table cellspacing='0'>\n";
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
echo "<tr>";
|
||||
echo "<td>" . htmlspecialchars($row["ROUTINE_TYPE"]);
|
||||
echo '<th><a href="' . htmlspecialchars($SELF) . ($row["ROUTINE_TYPE"] == "FUNCTION" ? 'callf=' : 'call=') . urlencode($row["ROUTINE_NAME"]) . '">' . htmlspecialchars($row["ROUTINE_NAME"]) . '</a>';
|
||||
echo '<td><a href="' . htmlspecialchars($SELF) . ($row["ROUTINE_TYPE"] == "FUNCTION" ? 'function=' : 'procedure=') . urlencode($row["ROUTINE_NAME"]) . '">' . lang('Alter') . "</a>";
|
||||
echo "<td>" . h($row["ROUTINE_TYPE"]);
|
||||
echo '<th><a href="' . h($SELF) . ($row["ROUTINE_TYPE"] == "FUNCTION" ? 'callf=' : 'call=') . urlencode($row["ROUTINE_NAME"]) . '">' . h($row["ROUTINE_NAME"]) . '</a>';
|
||||
echo '<td><a href="' . h($SELF) . ($row["ROUTINE_TYPE"] == "FUNCTION" ? 'function=' : 'procedure=') . urlencode($row["ROUTINE_NAME"]) . '">' . lang('Alter') . "</a>";
|
||||
}
|
||||
echo "</table>\n";
|
||||
}
|
||||
$result->free();
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'procedure=">' . lang('Create procedure') . '</a> <a href="' . htmlspecialchars($SELF) . 'function=">' . lang('Create function') . "</a>\n";
|
||||
echo '<p><a href="' . h($SELF) . 'procedure=">' . lang('Create procedure') . '</a> <a href="' . h($SELF) . 'function=">' . lang('Create function') . "</a>\n";
|
||||
}
|
||||
|
||||
if ($dbh->server_info >= 5.1 && ($result = $dbh->query("SHOW EVENTS"))) {
|
||||
|
@ -101,12 +101,12 @@ if ($dbh->server_info >= 5.1 && ($result = $dbh->query("SHOW EVENTS"))) {
|
|||
echo "<thead><tr><th>" . lang('Name') . "<td>" . lang('Schedule') . "<td>" . lang('Start') . "<td>" . lang('End') . "</thead>\n";
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
echo "<tr>";
|
||||
echo '<th><a href="' . htmlspecialchars($SELF) . 'event=' . urlencode($row["Name"]) . '">' . htmlspecialchars($row["Name"]) . "</a>";
|
||||
echo '<th><a href="' . h($SELF) . 'event=' . urlencode($row["Name"]) . '">' . h($row["Name"]) . "</a>";
|
||||
echo "<td>" . ($row["Execute at"] ? lang('At given time') . "<td>" . $row["Execute at"] : lang('Every') . " " . $row["Interval value"] . " " . $row["Interval field"] . "<td>$row[Starts]");
|
||||
echo "<td>$row[Ends]";
|
||||
}
|
||||
echo "</table>\n";
|
||||
}
|
||||
$result->free();
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'event=">' . lang('Create event') . "</a>\n";
|
||||
echo '<p><a href="' . h($SELF) . 'event=">' . lang('Create event') . "</a>\n";
|
||||
}
|
||||
|
|
|
@ -182,11 +182,11 @@ if (strlen($_GET["db"])) {
|
|||
$views = "";
|
||||
foreach (table_status() as $row) {
|
||||
$checked = (strlen($_GET["dump"]) && $row["Name"] != $_GET["dump"] ? '' : " checked='checked'");
|
||||
$print = '<tr><td><label><input type="checkbox" name="tables[]" value="' . htmlspecialchars($row["Name"]) . "\"$checked onclick=\"form_uncheck('check-tables');\">" . htmlspecialchars($row["Name"]) . "</label>";
|
||||
$print = "<tr><td><label><input type='checkbox' name='tables[]' value='" . h($row["Name"]) . "'$checked onclick=\"form_uncheck('check-tables');\">" . h($row["Name"]) . "</label>";
|
||||
if (!$row["Engine"]) {
|
||||
$views .= "$print\n";
|
||||
} else {
|
||||
echo "$print<td align='right'><label>" . ($row["Engine"] == "InnoDB" && $row["Rows"] ? lang('~ %s', $row["Rows"]) : $row["Rows"]) . '<input type="checkbox" name="data[]" value="' . htmlspecialchars($row["Name"]) . "\"$checked onclick=\"form_uncheck('check-data');\"></label>\n";
|
||||
echo "$print<td align='right'><label>" . ($row["Engine"] == "InnoDB" && $row["Rows"] ? lang('~ %s', $row["Rows"]) : $row["Rows"]) . "<input type='checkbox' name='data[]' value='" . h($row["Name"]) . "'$checked onclick=\"form_uncheck('check-data');\"></label>\n";
|
||||
}
|
||||
}
|
||||
echo $views;
|
||||
|
@ -194,7 +194,7 @@ if (strlen($_GET["db"])) {
|
|||
echo "<thead><tr><th style='text-align: left;'><label><input type='checkbox' id='check-databases' checked='checked' onclick='form_check(this, /^databases\\[/);'>" . lang('Database') . "</label></thead>\n";
|
||||
foreach (get_databases() as $db) {
|
||||
if (!information_schema($db)) {
|
||||
echo '<tr><td><label><input type="checkbox" name="databases[]" value="' . htmlspecialchars($db) . '" checked="checked" onclick="form_uncheck(\'check-databases\');">' . htmlspecialchars($db) . "</label>\n";
|
||||
echo '<tr><td><label><input type="checkbox" name="databases[]" value="' . h($db) . '" checked="checked" onclick="form_uncheck(\'check-databases\');">' . h($db) . "</label>\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -85,7 +85,7 @@ if ($fields) {
|
|||
$create = $dbh->result($dbh->query("SHOW CREATE TABLE " . idf_escape($_GET["edit"])), 1);
|
||||
}
|
||||
$checked = ($_POST ? $_POST["on_update"][bracket_escape($name)] : preg_match("~\n\\s*" . preg_quote(idf_escape($name), '~') . " timestamp.* on update CURRENT_TIMESTAMP~i", $create));
|
||||
echo '<label><input type="checkbox" name="on_update[' . htmlspecialchars(bracket_escape($name)) . ']" value="1"' . ($checked ? ' checked="checked"' : '') . '>' . lang('ON UPDATE CURRENT_TIMESTAMP') . '</label>';
|
||||
echo '<label><input type="checkbox" name="on_update[' . h(bracket_escape($name)) . ']" value="1"' . ($checked ? ' checked="checked"' : '') . '>' . lang('ON UPDATE CURRENT_TIMESTAMP') . '</label>';
|
||||
}
|
||||
echo "\n";
|
||||
}
|
||||
|
|
|
@ -23,7 +23,7 @@ if ($_POST && !$error) {
|
|||
}
|
||||
}
|
||||
|
||||
page_header((strlen($_GET["event"]) ? lang('Alter event') . ": " . htmlspecialchars($_GET["event"]) : lang('Create event')), $error);
|
||||
page_header((strlen($_GET["event"]) ? lang('Alter event') . ": " . h($_GET["event"]) : lang('Create event')), $error);
|
||||
|
||||
$row = array();
|
||||
if ($_POST) {
|
||||
|
@ -37,15 +37,15 @@ if ($_POST) {
|
|||
|
||||
<form action="" method="post">
|
||||
<table cellspacing="0">
|
||||
<tr><th><?php echo lang('Name'); ?><td><input name="EVENT_NAME" value="<?php echo htmlspecialchars($row["EVENT_NAME"]); ?>" maxlength="64">
|
||||
<tr><th><?php echo lang('Start'); ?><td><input name="STARTS" value="<?php echo htmlspecialchars("$row[EXECUTE_AT]$row[STARTS]"); ?>">
|
||||
<tr><th><?php echo lang('End'); ?><td><input name="ENDS" value="<?php echo htmlspecialchars($row["ENDS"]); ?>">
|
||||
<tr><th><?php echo lang('Every'); ?><td><input name="INTERVAL_VALUE" value="<?php echo htmlspecialchars($row["INTERVAL_VALUE"]); ?>" size="6"> <select name="INTERVAL_FIELD"><?php echo optionlist($intervals, $row["INTERVAL_FIELD"]); ?></select>
|
||||
<tr><th><?php echo lang('Name'); ?><td><input name="EVENT_NAME" value="<?php echo h($row["EVENT_NAME"]); ?>" maxlength="64">
|
||||
<tr><th><?php echo lang('Start'); ?><td><input name="STARTS" value="<?php echo h("$row[EXECUTE_AT]$row[STARTS]"); ?>">
|
||||
<tr><th><?php echo lang('End'); ?><td><input name="ENDS" value="<?php echo h($row["ENDS"]); ?>">
|
||||
<tr><th><?php echo lang('Every'); ?><td><input name="INTERVAL_VALUE" value="<?php echo h($row["INTERVAL_VALUE"]); ?>" size="6"> <select name="INTERVAL_FIELD"><?php echo optionlist($intervals, $row["INTERVAL_FIELD"]); ?></select>
|
||||
<tr><th><?php echo lang('Status'); ?><td><select name="STATUS"><?php echo optionlist($statuses, $row["STATUS"]); ?></select>
|
||||
<tr><th><?php echo lang('Comment'); ?><td><input name="EVENT_COMMENT" value="<?php echo htmlspecialchars($row["EVENT_COMMENT"]); ?>" maxlength="64">
|
||||
<tr><th><?php echo lang('Comment'); ?><td><input name="EVENT_COMMENT" value="<?php echo h($row["EVENT_COMMENT"]); ?>" maxlength="64">
|
||||
<tr><th> <td><label><input type="checkbox" name="ON_COMPLETION" value="PRESERVE"<?php echo ($row["ON_COMPLETION"] == "PRESERVE" ? " checked='checked'" : ""); ?>><?php echo lang('On completion preserve'); ?></label>
|
||||
</table>
|
||||
<p><textarea name="EVENT_DEFINITION" rows="10" cols="80" style="width: 98%;"><?php echo htmlspecialchars($row["EVENT_DEFINITION"]); ?></textarea>
|
||||
<p><textarea name="EVENT_DEFINITION" rows="10" cols="80" style="width: 98%;"><?php echo h($row["EVENT_DEFINITION"]); ?></textarea>
|
||||
<p>
|
||||
<input type="hidden" name="token" value="<?php echo $token; ?>">
|
||||
<input type="submit" value="<?php echo lang('Save'); ?>">
|
||||
|
|
|
@ -33,8 +33,8 @@ class Adminer {
|
|||
function loginForm($username) {
|
||||
?>
|
||||
<table cellspacing="0">
|
||||
<tr><th><?php echo lang('Server'); ?><td><input name="server" value="<?php echo htmlspecialchars($_GET["server"]); ?>">
|
||||
<tr><th><?php echo lang('Username'); ?><td><input name="username" value="<?php echo htmlspecialchars($username); ?>">
|
||||
<tr><th><?php echo lang('Server'); ?><td><input name="server" value="<?php echo h($_GET["server"]); ?>">
|
||||
<tr><th><?php echo lang('Username'); ?><td><input name="username" value="<?php echo h($username); ?>">
|
||||
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
|
||||
</table>
|
||||
<?php
|
||||
|
@ -54,7 +54,7 @@ class Adminer {
|
|||
* @return string
|
||||
*/
|
||||
function tableName($tableStatus) {
|
||||
return htmlspecialchars($tableStatus["Name"]);
|
||||
return h($tableStatus["Name"]);
|
||||
}
|
||||
|
||||
/** Field caption used in select and edit
|
||||
|
@ -63,7 +63,7 @@ class Adminer {
|
|||
* @return string
|
||||
*/
|
||||
function fieldName($field, $order = 0) {
|
||||
return '<span title="' . htmlspecialchars($field["full_type"]) . '">' . htmlspecialchars($field["field"]) . '</span>';
|
||||
return '<span title="' . h($field["full_type"]) . '">' . h($field["field"]) . '</span>';
|
||||
}
|
||||
|
||||
/** Links after select heading
|
||||
|
@ -72,7 +72,7 @@ class Adminer {
|
|||
*/
|
||||
function selectLinks($tableStatus) {
|
||||
global $SELF;
|
||||
return '<a href="' . htmlspecialchars($SELF) . 'table=' . urlencode($_GET['select']) . '">' . lang('Table structure') . '</a>';
|
||||
return '<a href="' . h($SELF) . 'table=' . urlencode($_GET['select']) . '">' . lang('Table structure') . '</a>';
|
||||
}
|
||||
|
||||
/** Find backward keys for table
|
||||
|
@ -90,7 +90,7 @@ class Adminer {
|
|||
function selectQuery($query) {
|
||||
global $SELF;
|
||||
// it would be nice if $query can be passed by reference and printed value would be returned but call_user() doesn't allow reference parameters
|
||||
return "<p><code class='jush-sql'>" . htmlspecialchars($query) . "</code> <a href='" . htmlspecialchars($SELF) . "sql=" . urlencode($query) . "'>" . lang('Edit') . "</a>\n";
|
||||
return "<p><code class='jush-sql'>" . h($query) . "</code> <a href='" . h($SELF) . "sql=" . urlencode($query) . "'>" . lang('Edit') . "</a>\n";
|
||||
}
|
||||
|
||||
/** Description of a row in a table
|
||||
|
@ -163,8 +163,8 @@ class Adminer {
|
|||
echo '<fieldset><legend><a href="#fieldset-search" onclick="return !toggle(\'fieldset-search\');">' . lang('Search') . "</a></legend><div id='fieldset-search'" . ($where ? "" : " class='hidden'") . ">\n";
|
||||
foreach ($indexes as $i => $index) {
|
||||
if ($index["type"] == "FULLTEXT") {
|
||||
echo "(<i>" . implode("</i>, <i>", array_map('htmlspecialchars', $index["columns"])) . "</i>) AGAINST";
|
||||
echo ' <input name="fulltext[' . $i . ']" value="' . htmlspecialchars($_GET["fulltext"][$i]) . '">';
|
||||
echo "(<i>" . implode("</i>, <i>", array_map('h', $index["columns"])) . "</i>) AGAINST";
|
||||
echo " <input name='fulltext[$i]' value='" . h($_GET["fulltext"][$i]) . "'>";
|
||||
echo "<label><input type='checkbox' name='boolean[$i]' value='1'" . (isset($_GET["boolean"][$i]) ? " checked='checked'" : "") . ">" . lang('BOOL') . "</label>";
|
||||
echo "<br>\n";
|
||||
}
|
||||
|
@ -174,7 +174,7 @@ class Adminer {
|
|||
if (strlen("$val[col]$val[val]") && in_array($val["op"], $this->operators)) {
|
||||
echo "<div><select name='where[$i][col]'><option value=''>" . lang('(anywhere)') . optionlist($columns, $val["col"], true) . "</select>";
|
||||
echo "<select name='where[$i][op]'>" . optionlist($this->operators, $val["op"]) . "</select>";
|
||||
echo "<input name='where[$i][val]' value=\"" . htmlspecialchars($val["val"]) . "\"></div>\n";
|
||||
echo "<input name='where[$i][val]' value='" . h($val["val"]) . "'></div>\n";
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
|
@ -211,7 +211,7 @@ class Adminer {
|
|||
*/
|
||||
function selectLimitPrint($limit) {
|
||||
echo "<fieldset><legend>" . lang('Limit') . "</legend><div>"; // <div> for easy styling
|
||||
echo "<input name='limit' size='3' value=\"" . htmlspecialchars($limit) . "\">";
|
||||
echo "<input name='limit' size='3' value='" . h($limit) . "'>";
|
||||
echo "</div></fieldset>\n";
|
||||
}
|
||||
|
||||
|
@ -222,7 +222,7 @@ class Adminer {
|
|||
function selectLengthPrint($text_length) {
|
||||
if (isset($text_length)) {
|
||||
echo "<fieldset><legend>" . lang('Text length') . "</legend><div>";
|
||||
echo '<input name="text_length" size="3" value="' . htmlspecialchars($text_length) . '">';
|
||||
echo '<input name="text_length" size="3" value="' . h($text_length) . '">';
|
||||
echo "</div></fieldset>\n";
|
||||
}
|
||||
}
|
||||
|
@ -340,7 +340,7 @@ class Adminer {
|
|||
global $SELF;
|
||||
$id = "sql-" . count($_SESSION["messages"]);
|
||||
$_SESSION["history"][$_GET["server"]][$_GET["db"]][] = $query;
|
||||
return " <a href='#$id' onclick=\"return !toggle('$id');\">" . lang('SQL command') . "</a><div id='$id' class='hidden'><pre class='jush-sql'>" . htmlspecialchars($query) . '</pre><a href="' . htmlspecialchars($SELF . 'sql=&history=' . (count($_SESSION["history"][$_GET["server"]][$_GET["db"]]) - 1)) . '">' . lang('Edit') . '</a></div>';
|
||||
return " <a href='#$id' onclick=\"return !toggle('$id');\">" . lang('SQL command') . "</a><div id='$id' class='hidden'><pre class='jush-sql'>" . h($query) . '</pre><a href="' . h($SELF . 'sql=&history=' . (count($_SESSION["history"][$_GET["server"]][$_GET["db"]]) - 1)) . '">' . lang('Edit') . '</a></div>';
|
||||
}
|
||||
|
||||
/** Functions displayed in edit form
|
||||
|
@ -422,18 +422,18 @@ class Adminer {
|
|||
?>
|
||||
<form action="" method="post">
|
||||
<p>
|
||||
<a href="<?php echo htmlspecialchars($SELF); ?>sql="><?php echo lang('SQL command'); ?></a>
|
||||
<a href="<?php echo htmlspecialchars($SELF); ?>dump=<?php echo urlencode(isset($_GET["table"]) ? $_GET["table"] : $_GET["select"]); ?>"><?php echo lang('Dump'); ?></a>
|
||||
<a href="<?php echo h($SELF); ?>sql="><?php echo lang('SQL command'); ?></a>
|
||||
<a href="<?php echo h($SELF); ?>dump=<?php echo urlencode(isset($_GET["table"]) ? $_GET["table"] : $_GET["select"]); ?>"><?php echo lang('Dump'); ?></a>
|
||||
<input type="hidden" name="token" value="<?php echo $_SESSION["tokens"][$_GET["server"]]; ?>">
|
||||
<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>">
|
||||
</p>
|
||||
</form>
|
||||
<form action="">
|
||||
<p><?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo htmlspecialchars($_GET["server"]); ?>"><?php } ?>
|
||||
<p><?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
|
||||
<?php if ($databases) { ?>
|
||||
<select name="db" onchange="this.form.submit();"><option value="">(<?php echo lang('database'); ?>)<?php echo optionlist($databases, $_GET["db"]); ?></select>
|
||||
<?php } else { ?>
|
||||
<input name="db" value="<?php echo htmlspecialchars($_GET["db"]); ?>">
|
||||
<input name="db" value="<?php echo h($_GET["db"]); ?>">
|
||||
<?php } ?>
|
||||
<?php if (isset($_GET["sql"])) { ?><input type="hidden" name="sql" value=""><?php } ?>
|
||||
<?php if (isset($_GET["schema"])) { ?><input type="hidden" name="schema" value=""><?php } ?>
|
||||
|
@ -449,12 +449,12 @@ class Adminer {
|
|||
} else {
|
||||
echo "<p>\n";
|
||||
while ($row = $result->fetch_row()) {
|
||||
echo '<a href="' . htmlspecialchars($SELF) . 'select=' . urlencode($row[0]) . '">' . lang('select') . '</a> ';
|
||||
echo '<a href="' . htmlspecialchars($SELF) . 'table=' . urlencode($row[0]) . '">' . $this->tableName(array("Name" => $row[0])) . "</a><br>\n"; //! Adminer::tableName may work with full table status
|
||||
echo '<a href="' . h($SELF) . 'select=' . urlencode($row[0]) . '">' . lang('select') . '</a> ';
|
||||
echo '<a href="' . h($SELF) . 'table=' . urlencode($row[0]) . '">' . $this->tableName(array("Name" => $row[0])) . "</a><br>\n"; //! Adminer::tableName may work with full table status
|
||||
}
|
||||
}
|
||||
$result->free();
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'create=">' . lang('Create new table') . "</a>\n";
|
||||
echo '<p><a href="' . h($SELF) . 'create=">' . lang('Create new table') . "</a>\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -40,13 +40,13 @@ function auth_error($exception = null) {
|
|||
global $ignore, $dbh, $adminer;
|
||||
$username = $_SESSION["usernames"][$_GET["server"]];
|
||||
unset($_SESSION["usernames"][$_GET["server"]]);
|
||||
page_header(lang('Login'), (isset($username) ? htmlspecialchars($exception ? $exception->getMessage() : (is_string($dbh) ? $dbh : lang('Invalid credentials.'))) : (isset($_POST["server"]) ? lang('Sessions must be enabled.') : ($_POST ? lang('Session expired, please login again.') : ""))), null);
|
||||
page_header(lang('Login'), (isset($username) ? h($exception ? $exception->getMessage() : (is_string($dbh) ? $dbh : lang('Invalid credentials.'))) : (isset($_POST["server"]) ? lang('Sessions must be enabled.') : ($_POST ? lang('Session expired, please login again.') : ""))), null);
|
||||
echo "<form action='' method='post'>\n";
|
||||
$adminer->loginForm($username);
|
||||
echo "<p>\n";
|
||||
hidden_fields($_POST, $ignore); // expired session
|
||||
foreach ($_FILES as $key => $val) {
|
||||
echo '<input type="hidden" name="files[' . htmlspecialchars($key) . ']" value="' . ($val["error"] ? $val["error"] : base64_encode(file_get_contents($val["tmp_name"]))) . '">';
|
||||
echo '<input type="hidden" name="files[' . h($key) . ']" value="' . ($val["error"] ? $val["error"] : base64_encode(file_get_contents($val["tmp_name"]))) . '">';
|
||||
}
|
||||
echo "<input type='submit' value='" . lang('Login') . "'>\n</form>\n";
|
||||
page_footer("auth");
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
function connect_error() {
|
||||
global $dbh, $SELF, $VERSION;
|
||||
if (strlen($_GET["db"])) {
|
||||
page_header(lang('Database') . ": " . htmlspecialchars($_GET["db"]), lang('Invalid database.'), false);
|
||||
page_header(lang('Database') . ": " . h($_GET["db"]), lang('Invalid database.'), false);
|
||||
} else {
|
||||
page_header(lang('Select database'), "", null);
|
||||
foreach (array(
|
||||
|
@ -11,10 +11,10 @@ function connect_error() {
|
|||
'processlist' => lang('Process list'),
|
||||
'variables' => lang('Variables'),
|
||||
) as $key => $val) {
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . "$key=\">$val</a>\n";
|
||||
echo '<p><a href="' . h($SELF) . "$key=\">$val</a>\n";
|
||||
}
|
||||
echo "<p>" . lang('MySQL version: %s through PHP extension %s', "<b" . ($dbh->server_info < 4.1 ? " class='binary'" : "") . ">$dbh->server_info</b>", "<b>$dbh->extension</b>") . "\n";
|
||||
echo "<p>" . lang('Logged as: %s', "<b>" . htmlspecialchars($dbh->result($dbh->query("SELECT USER()"))) . "</b>") . "\n";
|
||||
echo "<p>" . lang('Logged as: %s', "<b>" . h($dbh->result($dbh->query("SELECT USER()"))) . "</b>") . "\n";
|
||||
}
|
||||
page_footer("db");
|
||||
}
|
||||
|
|
|
@ -8,7 +8,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
|||
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
|
||||
<meta http-equiv="Content-Script-Type" content="text/javascript">
|
||||
<meta name="robots" content="noindex">
|
||||
<title><?php echo $title . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . (strlen($_GET["server"]) && $_GET["server"] != "localhost" ? htmlspecialchars("- $_GET[server]") : "") . " - " . $adminer->name(); ?></title>
|
||||
<title><?php echo $title . (strlen($title2) ? ": " . h($title2) : "") . (strlen($_GET["server"]) && $_GET["server"] != "localhost" ? h("- $_GET[server]") : "") . " - " . $adminer->name(); ?></title>
|
||||
<link rel="shortcut icon" type="image/x-icon" href="../adminer/favicon.ico">
|
||||
<link rel="stylesheet" type="text/css" href="../adminer/default.css<?php // Ondrej Valka, http://valka.info ?>">
|
||||
<?php if (file_exists("adminer.css")) { ?>
|
||||
|
@ -23,21 +23,21 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
|||
<?php
|
||||
if (isset($breadcrumb)) {
|
||||
$link = substr(preg_replace('~db=[^&]*&~', '', $SELF), 0, -1);
|
||||
echo '<p id="breadcrumb"><a href="' . (strlen($link) ? htmlspecialchars($link) : ".") . '">' . (isset($_GET["server"]) ? htmlspecialchars($_GET["server"]) : lang('Server')) . '</a> » ';
|
||||
echo '<p id="breadcrumb"><a href="' . (strlen($link) ? h($link) : ".") . '">' . (isset($_GET["server"]) ? h($_GET["server"]) : lang('Server')) . '</a> » ';
|
||||
if (is_array($breadcrumb)) {
|
||||
if (strlen($_GET["db"])) {
|
||||
echo '<a href="' . htmlspecialchars(substr($SELF, 0, -1)) . '">' . htmlspecialchars($_GET["db"]) . '</a> » ';
|
||||
echo '<a href="' . h(substr($SELF, 0, -1)) . '">' . h($_GET["db"]) . '</a> » ';
|
||||
}
|
||||
foreach ($breadcrumb as $key => $val) {
|
||||
$desc = (is_array($val) ? $val[1] : $val);
|
||||
if (strlen($desc)) {
|
||||
echo '<a href="' . htmlspecialchars("$SELF$key=") . urlencode(is_array($val) ? $val[0] : $val) . '">' . htmlspecialchars($desc) . '</a> » ';
|
||||
echo '<a href="' . h("$SELF$key=") . urlencode(is_array($val) ? $val[0] : $val) . '">' . h($desc) . '</a> » ';
|
||||
}
|
||||
}
|
||||
}
|
||||
echo "$title\n";
|
||||
}
|
||||
echo "<h2>$title" . (strlen($title2) ? ": " . htmlspecialchars($title2) : "") . "</h2>\n";
|
||||
echo "<h2>$title" . (strlen($title2) ? ": " . h($title2) : "") . "</h2>\n";
|
||||
if ($_SESSION["messages"]) {
|
||||
echo "<div class='message'>" . implode("</div>\n<div class='message'>", $_SESSION["messages"]) . "</div>\n";
|
||||
$_SESSION["messages"] = array();
|
||||
|
@ -63,7 +63,7 @@ function page_footer($missing = false) {
|
|||
<?php switch_lang(); ?>
|
||||
<div id="menu">
|
||||
<h1><a href="http://www.adminer.org/" class="h1"><?php echo $adminer->name(); ?></a> <?php echo $VERSION; ?>
|
||||
<a href='http://www.adminer.org/#download' id="version"><?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? htmlspecialchars($_COOKIE["adminer_version"]) : ""); ?></a>
|
||||
<a href='http://www.adminer.org/#download' id="version"><?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : ""); ?></a>
|
||||
</h1>
|
||||
<?php $adminer->navigation($missing); ?>
|
||||
</div>
|
||||
|
|
|
@ -21,7 +21,7 @@ function edit_type($key, $field, $collations, $foreign_keys = array()) {
|
|||
global $structured_types, $unsigned, $inout;
|
||||
?>
|
||||
<td><select name="<?php echo $key; ?>[type]" onchange="editing_type_change(this);"><?php echo optionlist($structured_types + ($foreign_keys ? array(lang('Foreign keys') => $foreign_keys) : array()), $field["type"]); ?></select>
|
||||
<td><input name="<?php echo $key; ?>[length]" value="<?php echo htmlspecialchars($field["length"]); ?>" size="3">
|
||||
<td><input name="<?php echo $key; ?>[length]" value="<?php echo h($field["length"]); ?>" size="3">
|
||||
<td><?php
|
||||
echo "<select name=\"$key" . '[collation]"' . (ereg('(char|text|enum|set)$', $field["type"]) ? "" : " class='hidden'") . '><option value="">(' . lang('collation') . ')' . optionlist($collations, $field["collation"]) . '</select>';
|
||||
echo ($unsigned ? " <select name=\"$key" . '[unsigned]"' . (!$field["type"] || ereg('(int|float|double|decimal)$', $field["type"]) ? "" : " class='hidden'") . '><option>' . optionlist($unsigned, $field["unsigned"]) . '</select>' : '');
|
||||
|
@ -84,12 +84,12 @@ function edit_fields($fields, $collations, $type = "TABLE", $allowed = 0, $forei
|
|||
?>
|
||||
<tr<?php echo ($display ? "" : " style='display: none;'"); ?>>
|
||||
<?php if ($type == "PROCEDURE") { ?><td><select name="fields[<?php echo $i; ?>][inout]"><?php echo optionlist($inout, $field["inout"]); ?></select><?php } ?>
|
||||
<th><?php if ($display) { ?><input name="fields[<?php echo $i; ?>][field]" value="<?php echo htmlspecialchars($field["field"]); ?>" onchange="<?php echo (strlen($field["field"]) || count($fields) > 1 ? "" : "editing_add_row(this, $allowed); "); ?>editing_name_change(this);" maxlength="64"><?php } ?><input type="hidden" name="fields[<?php echo $i; ?>][orig]" value="<?php echo htmlspecialchars($field[($_POST ? "orig" : "field")]); ?>">
|
||||
<th><?php if ($display) { ?><input name="fields[<?php echo $i; ?>][field]" value="<?php echo h($field["field"]); ?>" onchange="<?php echo (strlen($field["field"]) || count($fields) > 1 ? "" : "editing_add_row(this, $allowed); "); ?>editing_name_change(this);" maxlength="64"><?php } ?><input type="hidden" name="fields[<?php echo $i; ?>][orig]" value="<?php echo h($field[($_POST ? "orig" : "field")]); ?>">
|
||||
<?php edit_type("fields[$i]", $field, $collations, $foreign_keys); ?>
|
||||
<?php if ($type == "TABLE") { ?>
|
||||
<td><input type="checkbox" name="fields[<?php echo $i; ?>][null]" value="1"<?php if ($field["null"]) { ?> checked="checked"<?php } ?>>
|
||||
<td><input type="radio" name="auto_increment_col" value="<?php echo $i; ?>"<?php if ($field["auto_increment"]) { ?> checked="checked"<?php } ?>>
|
||||
<td<?php echo ($column_comments ? "" : " class='hidden'"); ?>><input name="fields[<?php echo $i; ?>][comment]" value="<?php echo htmlspecialchars($field["comment"]); ?>" maxlength="255">
|
||||
<td<?php echo ($column_comments ? "" : " class='hidden'"); ?>><input name="fields[<?php echo $i; ?>][comment]" value="<?php echo h($field["comment"]); ?>" maxlength="255">
|
||||
<?php } ?>
|
||||
<?php
|
||||
echo "<td class='nowrap'><input type='image' name='add[$i]' src='../adminer/plus.gif' alt='+' title='" . lang('Add next') . "' onclick='var x = editing_add_row(this, $allowed); if (x) { x.focus(); x.onchange = function () { }; } return !x;'>";
|
||||
|
|
|
@ -25,14 +25,18 @@ function bracket_escape($idf, $back = false) {
|
|||
return strtr($idf, ($back ? array_flip($trans) : $trans));
|
||||
}
|
||||
|
||||
function h($string) {
|
||||
return htmlspecialchars($string, ENT_QUOTES);
|
||||
}
|
||||
|
||||
function optionlist($options, $selected = null, $use_keys = false) {
|
||||
$return = "";
|
||||
foreach ($options as $k => $v) {
|
||||
if (is_array($v)) {
|
||||
$return .= '<optgroup label="' . htmlspecialchars($k) . '">';
|
||||
$return .= '<optgroup label="' . h($k) . '">';
|
||||
}
|
||||
foreach ((is_array($v) ? $v : array($k => $v)) as $key => $val) {
|
||||
$return .= '<option' . ($use_keys || is_string($key) ? ' value="' . htmlspecialchars($key) . '"' : '') . (($use_keys || is_string($key) ? (string) $key : $val) === $selected ? ' selected="selected"' : '') . '>' . htmlspecialchars($val);
|
||||
$return .= '<option' . ($use_keys || is_string($key) ? ' value="' . h($key) . '"' : '') . (($use_keys || is_string($key) ? (string) $key : $val) === $selected ? ' selected="selected"' : '') . '>' . h($val);
|
||||
}
|
||||
if (is_array($v)) {
|
||||
$return .= '</optgroup>';
|
||||
|
@ -121,7 +125,7 @@ function query_redirect($query, $location, $message, $redirect = true, $execute
|
|||
$failed = !$dbh->query($query);
|
||||
}
|
||||
if ($failed) {
|
||||
$error = htmlspecialchars($dbh->error) . $sql;
|
||||
$error = h($dbh->error) . $sql;
|
||||
return false;
|
||||
}
|
||||
if ($redirect) {
|
||||
|
@ -147,7 +151,7 @@ function remove_from_uri($param = "") {
|
|||
}
|
||||
|
||||
function pagination($page) {
|
||||
return " " . ($page == $_GET["page"] ? $page + 1 : '<a href="' . htmlspecialchars(remove_from_uri("page") . ($page ? "&page=$page" : "")) . '">' . ($page + 1) . "</a>");
|
||||
return " " . ($page == $_GET["page"] ? $page + 1 : '<a href="' . h(remove_from_uri("page") . ($page ? "&page=$page" : "")) . '">' . ($page + 1) . "</a>");
|
||||
}
|
||||
|
||||
function get_file($key) {
|
||||
|
@ -212,7 +216,7 @@ function select($result, $dbh2 = null) {
|
|||
$blobs[$j] = true;
|
||||
}
|
||||
$types[$j] = $field->type;
|
||||
echo "<th>" . htmlspecialchars($field->name);
|
||||
echo "<th>" . h($field->name);
|
||||
}
|
||||
echo "</thead>\n";
|
||||
}
|
||||
|
@ -226,7 +230,7 @@ function select($result, $dbh2 = null) {
|
|||
} elseif (!strlen(trim($val, " \t"))) {
|
||||
$val = " "; // some content to print a border
|
||||
} else {
|
||||
$val = nl2br(htmlspecialchars($val));
|
||||
$val = nl2br(h($val));
|
||||
if ($types[$key] == 254) {
|
||||
$val = "<code>$val</code>";
|
||||
}
|
||||
|
@ -236,7 +240,7 @@ function select($result, $dbh2 = null) {
|
|||
foreach ($indexes[$links[$key]] as $col => $j) {
|
||||
$link .= "&where" . urlencode("[" . bracket_escape($col) . "]") . "=" . urlencode($row[$j]);
|
||||
}
|
||||
$val = '<a href="' . htmlspecialchars($SELF) . $link . '">' . $val . '</a>';
|
||||
$val = "<a href='" . h($SELF) . "$link'>$val</a>";
|
||||
}
|
||||
}
|
||||
echo "<td>$val";
|
||||
|
@ -254,7 +258,7 @@ function is_utf8($val) {
|
|||
|
||||
function shorten_utf8($string, $length = 80, $suffix = "") {
|
||||
preg_match("~^((?:.|\n){0,$length})(.|\n)?~u", $string, $match); // ~s causes trash in $match[2] under some PHP versions
|
||||
return htmlspecialchars($match[1]) . $suffix . ($match[2] ? "<em>...</em>" : "");
|
||||
return h($match[1]) . $suffix . ($match[2] ? "<em>...</em>" : "");
|
||||
}
|
||||
|
||||
function friendly_url($val) {
|
||||
|
@ -269,7 +273,7 @@ function hidden_fields($process, $ignore = array()) {
|
|||
$process[$key . "[$k]"] = $v;
|
||||
}
|
||||
} elseif (!in_array($key, $ignore)) {
|
||||
echo '<input type="hidden" name="' . htmlspecialchars($key) . '" value="' . htmlspecialchars($val) . '">';
|
||||
echo '<input type="hidden" name="' . h($key) . '" value="' . h($val) . '">';
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -286,28 +290,28 @@ function column_foreign_keys($table) {
|
|||
|
||||
function input($field, $value, $function) {
|
||||
global $types, $adminer;
|
||||
$name = htmlspecialchars(bracket_escape($field["field"]));
|
||||
$name = h(bracket_escape($field["field"]));
|
||||
echo "<td class='function'>";
|
||||
if ($field["type"] == "enum") {
|
||||
echo " <td>" . (isset($_GET["select"]) ? ' <label><input type="radio" name="fields[' . $name . ']" value="-1" checked="checked"><em>' . lang('original') . '</em></label>' : "");
|
||||
echo " <td>" . (isset($_GET["select"]) ? " <label><input type='radio' name='fields[$name]' value='-1' checked='checked'><em>" . lang('original') . "</em></label>" : "");
|
||||
if ($field["null"] || isset($_GET["default"])) {
|
||||
echo ' <label><input type="radio" name="fields[' . $name . ']" value=""' . (($field["null"] ? isset($value) : strlen($value)) || isset($_GET["select"]) ? '' : ' checked="checked"') . '>' . ($field["null"] ? '<em>NULL</em>' : '') . '</label>';
|
||||
echo " <label><input type='radio' name='fields[$name]' value=''" . (($field["null"] ? isset($value) : strlen($value)) || isset($_GET["select"]) ? '' : ' checked="checked"') . '>' . ($field["null"] ? '<em>NULL</em>' : '') . '</label>';
|
||||
}
|
||||
if (!isset($_GET["default"])) {
|
||||
echo '<input type="radio" name="fields[' . $name . ']" value="0"' . ($value === 0 ? ' checked="checked"' : '') . '>';
|
||||
echo "<input type='radio' name='fields[$name]' value='0'" . ($value === 0 ? ' checked="checked"' : '') . '>';
|
||||
}
|
||||
preg_match_all("~'((?:[^']+|'')*)'~", $field["length"], $matches);
|
||||
foreach ($matches[1] as $i => $val) {
|
||||
$val = stripcslashes(str_replace("''", "'", $val));
|
||||
$checked = (is_int($value) ? $value == $i+1 : $value === $val);
|
||||
echo ' <label><input type="radio" name="fields[' . $name . ']" value="' . (isset($_GET["default"]) ? (strlen($val) ? htmlspecialchars($val) : " ") : $i+1) . '"' . ($checked ? ' checked="checked"' : '') . '>' . htmlspecialchars($val) . '</label>';
|
||||
echo " <label><input type='radio' name='fields[$name]' value='" . (isset($_GET["default"]) ? (strlen($val) ? h($val) : " ") : $i+1) . "'" . ($checked ? ' checked="checked"' : '') . '>' . h($val) . '</label>';
|
||||
}
|
||||
} else {
|
||||
$functions = (isset($_GET["select"]) ? array("orig" => lang('original')) : array()) + $adminer->editFunctions($field);
|
||||
$first = array_search("", $functions) + (isset($_GET["select"]) ? 1 : 0);
|
||||
$onchange = ($first ? ' onchange="var f = this.form[\'function[' . addcslashes($name, "\r\n'\\") . ']\']; if (' . $first . ' > f.selectedIndex) f.selectedIndex = ' . $first . ';"' : '');
|
||||
echo (count($functions) > 1 ? '<select name="function[' . $name . ']">' . optionlist($functions, $function) . '</select>' : " ") . '<td>';
|
||||
$input = $adminer->editInput($_GET["edit"], $field, ' name="fields[' . $name . ']"' . $onchange, $value); // usage in call is without a table
|
||||
$onchange = ($first ? " onchange=\"var f = this.form['function[" . addcslashes($name, "\r\n'\\") . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
|
||||
echo (count($functions) > 1 ? "<select name='function[$name]'>" . optionlist($functions, $function) . "</select>" : " ") . '<td>';
|
||||
$input = $adminer->editInput($_GET["edit"], $field, " name='fields[$name]'$onchange", $value); // usage in call is without a table
|
||||
if (strlen($input)) {
|
||||
echo $input;
|
||||
} elseif ($field["type"] == "set") { //! 64 bits
|
||||
|
@ -315,16 +319,16 @@ function input($field, $value, $function) {
|
|||
foreach ($matches[1] as $i => $val) {
|
||||
$val = stripcslashes(str_replace("''", "'", $val));
|
||||
$checked = (is_int($value) ? ($value >> $i) & 1 : in_array($val, explode(",", $value), true));
|
||||
echo ' <label><input type="checkbox" name="fields[' . $name . '][' . $i . ']" value="' . (isset($_GET["default"]) ? htmlspecialchars($val) : 1 << $i) . '"' . ($checked ? ' checked="checked"' : '') . "$onchange>" . htmlspecialchars($val) . '</label>';
|
||||
echo " <label><input type='checkbox' name='fields[$name][$i]' value='" . (isset($_GET["default"]) ? h($val) : 1 << $i) . "'" . ($checked ? ' checked="checked"' : '') . "$onchange>" . h($val) . '</label>';
|
||||
}
|
||||
} elseif (strpos($field["type"], "text") !== false) {
|
||||
echo '<textarea name="fields[' . $name . ']" cols="50" rows="12"' . "$onchange>" . htmlspecialchars($value) . '</textarea>';
|
||||
echo "<textarea name='fields[$name]' cols='50' rows='12'$onchange>" . h($value) . '</textarea>';
|
||||
} elseif (ereg('binary|blob', $field["type"])) {
|
||||
echo (ini_get("file_uploads") ? '<input type="file" name="' . $name . '"' . "$onchange>" : lang('File uploads are disabled.'));
|
||||
echo (ini_get("file_uploads") ? "<input type='file' name='$name'$onchange>" : lang('File uploads are disabled.'));
|
||||
} else {
|
||||
// int(3) is only a display hint
|
||||
$maxlength = (!ereg('int', $field["type"]) && preg_match('~^([0-9]+)(,([0-9]+))?$~', $field["length"], $match) ? ($match[1] + ($match[3] ? 1 : 0) + ($match[2] && !$field["unsigned"] ? 1 : 0)) : ($types[$field["type"]] ? $types[$field["type"]] + ($field["unsigned"] ? 0 : 1) : 0));
|
||||
echo '<input name="fields[' . $name . ']" value="' . htmlspecialchars($value) . '"' . ($maxlength ? " maxlength='$maxlength'" : "") . "$onchange>";
|
||||
echo "<input name='fields[$name]' value='" . h($value) . "'" . ($maxlength ? " maxlength='$maxlength'" : "") . "$onchange>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -74,7 +74,7 @@ foreach ($row["indexes"] as $index) {
|
|||
ksort($index["columns"]);
|
||||
foreach ($index["columns"] as $i => $column) {
|
||||
echo "<span><select name='indexes[$j][columns][$i]'" . ($i == count($index["columns"]) ? " onchange='indexes_add_column(this);'" : "") . "><option>" . optionlist($fields, $column) . "</select>";
|
||||
echo "<input name='indexes[$j][lengths][$i]' size='2' value=\"" . htmlspecialchars($index["lengths"][$i]) . "\"> </span>\n";
|
||||
echo "<input name='indexes[$j][lengths][$i]' size='2' value='" . h($index["lengths"][$i]) . "'> </span>\n";
|
||||
}
|
||||
echo "\n";
|
||||
$j++;
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
<?php
|
||||
page_header(lang('Privileges'));
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'user=">' . lang('Create user') . "</a>";
|
||||
echo '<p><a href="' . h($SELF) . 'user=">' . lang('Create user') . "</a>";
|
||||
|
||||
$result = $dbh->query("SELECT User, Host FROM mysql.user ORDER BY Host, User");
|
||||
if (!$result) {
|
||||
?>
|
||||
<form action=""><p>
|
||||
<?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo htmlspecialchars($_GET["server"]); ?>"><?php } ?>
|
||||
<?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
|
||||
<?php echo lang('Username'); ?>: <input name="user">
|
||||
<?php echo lang('Server'); ?>: <input name="host" value="localhost">
|
||||
<input type="hidden" name="grant" value="">
|
||||
|
@ -19,7 +19,7 @@ if (!$result) {
|
|||
echo "<table cellspacing='0'>\n";
|
||||
echo "<thead><tr><th> <th>" . lang('Username') . "<th>" . lang('Server') . "</thead>\n";
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
echo '<tr' . odd() . '><td><a href="' . htmlspecialchars($SELF . 'user=' . urlencode($row["User"]) . '&host=' . urlencode($row["Host"])) . '">' . lang('edit') . '</a><td>' . htmlspecialchars($row["User"]) . "<td>" . htmlspecialchars($row["Host"]) . "\n";
|
||||
echo '<tr' . odd() . '><td><a href="' . h($SELF . 'user=' . urlencode($row["User"]) . '&host=' . urlencode($row["Host"])) . '">' . lang('edit') . '</a><td>' . h($row["User"]) . "<td>" . h($row["Host"]) . "\n";
|
||||
}
|
||||
echo "</table>\n";
|
||||
$result->free();
|
||||
|
|
|
@ -23,7 +23,7 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"] && !$_POST["up"]
|
|||
}
|
||||
}
|
||||
|
||||
page_header((strlen($_GET["procedure"]) ? (isset($_GET["function"]) ? lang('Alter function') : lang('Alter procedure')) . ": " . htmlspecialchars($_GET["procedure"]) : (isset($_GET["function"]) ? lang('Create function') : lang('Create procedure'))), $error);
|
||||
page_header((strlen($_GET["procedure"]) ? (isset($_GET["function"]) ? lang('Alter function') : lang('Alter procedure')) . ": " . h($_GET["procedure"]) : (isset($_GET["function"]) ? lang('Create function') : lang('Create procedure'))), $error);
|
||||
|
||||
$collations = get_vals("SHOW CHARACTER SET");
|
||||
sort($collations);
|
||||
|
@ -43,11 +43,11 @@ if ($_POST) {
|
|||
<?php edit_fields($row["fields"], $collations, $routine); ?>
|
||||
<?php if (isset($_GET["function"])) { ?><tr><td><?php echo lang('Return type'); ?><?php echo edit_type("returns", $row["returns"], $collations); ?><?php } ?>
|
||||
</table>
|
||||
<p><textarea name="definition" rows="10" cols="80" style="width: 98%;"><?php echo htmlspecialchars($row["definition"]); ?></textarea>
|
||||
<p><textarea name="definition" rows="10" cols="80" style="width: 98%;"><?php echo h($row["definition"]); ?></textarea>
|
||||
<p>
|
||||
<input type="hidden" name="token" value="<?php echo $token; ?>">
|
||||
<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
|
||||
<?php echo lang('Name'); ?>: <input name="name" value="<?php echo htmlspecialchars($row["name"]); ?>" maxlength="64">
|
||||
<?php echo lang('Name'); ?>: <input name="name" value="<?php echo h($row["name"]); ?>" maxlength="64">
|
||||
<input type="submit" value="<?php echo lang('Save'); ?>">
|
||||
<?php if (strlen($_GET["procedure"])) { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo $confirm; ?>><?php } ?>
|
||||
</form>
|
||||
|
|
|
@ -60,9 +60,9 @@ document.onmouseup = schema_mouseup;
|
|||
<?php
|
||||
foreach ($schema as $name => $table) {
|
||||
echo "<div class='table' style='top: " . $table["pos"][0] . "em; left: " . $table["pos"][1] . "em;' onmousedown='schema_mousedown(this, event);'>";
|
||||
echo '<a href="' . htmlspecialchars($SELF) . 'table=' . urlencode($name) . '"><strong>' . htmlspecialchars($name) . "</strong></a><br>\n";
|
||||
echo '<a href="' . h($SELF) . 'table=' . urlencode($name) . '"><strong>' . h($name) . "</strong></a><br>\n";
|
||||
foreach ($table["fields"] as $field) {
|
||||
$val = '<span' . type_class($field["type"]) . ' title="' . htmlspecialchars($field["full_type"] . ($field["null"] ? " " . lang('NULL') : '')) . '">' . htmlspecialchars($field["field"]) . '</span>';
|
||||
$val = '<span' . type_class($field["type"]) . ' title="' . h($field["full_type"] . ($field["null"] ? " " . lang('NULL') : '')) . '">' . h($field["field"]) . '</span>';
|
||||
echo ($field["primary"] ? "<em>$val</em>" : $val) . "<br>\n";
|
||||
}
|
||||
foreach ((array) $table["references"] as $target_name => $refs) {
|
||||
|
@ -70,7 +70,7 @@ foreach ($schema as $name => $table) {
|
|||
$left1 = $left - $table_pos[$name][1];
|
||||
$i = 0;
|
||||
foreach ($ref[0] as $source) {
|
||||
echo '<div class="references" title="' . htmlspecialchars($target_name) . "\" id='refs$left-" . ($i++) . "' style='left: $left1" . "em; top: " . $table["fields"][$source]["pos"] . "em; padding-top: .5em;'><div style='border-top: 1px solid Gray; width: " . (-$left1) . "em;'></div></div>\n";
|
||||
echo "<div class='references' title='" . h($target_name) . "' id='refs$left-" . ($i++) . "' style='left: $left1" . "em; top: " . $table["fields"][$source]["pos"] . "em; padding-top: .5em;'><div style='border-top: 1px solid Gray; width: " . (-$left1) . "em;'></div></div>\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -79,7 +79,7 @@ foreach ($schema as $name => $table) {
|
|||
$left1 = $left - $table_pos[$name][1];
|
||||
$i = 0;
|
||||
foreach ($columns as $target) {
|
||||
echo '<div class="references" title="' . htmlspecialchars($target_name) . "\" id='refd$left-" . ($i++) . "' style='left: $left1" . "em; top: " . $table["fields"][$target]["pos"] . "em; height: 1.25em; background: url(../adminer/arrow.gif) no-repeat right center;'><div style='height: .5em; border-bottom: 1px solid Gray; width: " . (-$left1) . "em;'></div></div>\n";
|
||||
echo "<div class='references' title='" . h($target_name) . "' id='refd$left-" . ($i++) . "' style='left: $left1" . "em; top: " . $table["fields"][$target]["pos"] . "em; height: 1.25em; background: url(../adminer/arrow.gif) no-repeat right center;'><div style='height: .5em; border-bottom: 1px solid Gray; width: " . (-$left1) . "em;'></div></div>\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -119,18 +119,18 @@ page_header(lang('Select') . ": " . $adminer->tableName($table_status), $error);
|
|||
echo "<p>";
|
||||
if (isset($rights["insert"])) {
|
||||
//! pass search values forth and back
|
||||
echo '<a href="' . htmlspecialchars($SELF) . 'edit=' . urlencode($_GET['select']) . '">' . lang('New item') . '</a> ';
|
||||
echo '<a href="' . h($SELF) . 'edit=' . urlencode($_GET['select']) . '">' . lang('New item') . '</a> ';
|
||||
}
|
||||
echo $adminer->selectLinks($table_status);
|
||||
|
||||
if (!$columns) {
|
||||
echo "<p class='error'>" . lang('Unable to select the table') . ($fields ? "" : ": " . htmlspecialchars($dbh->error)) . ".\n";
|
||||
echo "<p class='error'>" . lang('Unable to select the table') . ($fields ? "" : ": " . h($dbh->error)) . ".\n";
|
||||
} else {
|
||||
echo "<form action='' id='form'>\n";
|
||||
echo "<div style='display: none;'>";
|
||||
echo (strlen($_GET["server"]) ? '<input type="hidden" name="server" value="' . htmlspecialchars($_GET["server"]) . '">' : "");
|
||||
echo '<input type="hidden" name="db" value="' . htmlspecialchars($_GET["db"]) . '">';
|
||||
echo '<input type="hidden" name="select" value="' . htmlspecialchars($_GET["select"]) . '">';
|
||||
echo (strlen($_GET["server"]) ? '<input type="hidden" name="server" value="' . h($_GET["server"]) . '">' : "");
|
||||
echo '<input type="hidden" name="db" value="' . h($_GET["db"]) . '">';
|
||||
echo '<input type="hidden" name="select" value="' . h($_GET["select"]) . '">';
|
||||
echo "</div>\n";
|
||||
$adminer->selectColumnsPrint($select, $columns);
|
||||
$adminer->selectSearchPrint($where, $columns, $indexes);
|
||||
|
@ -145,7 +145,7 @@ if (!$columns) {
|
|||
|
||||
$result = $dbh->query($query);
|
||||
if (!$result) {
|
||||
echo "<p class='error'>" . htmlspecialchars($dbh->error) . "\n";
|
||||
echo "<p class='error'>" . h($dbh->error) . "\n";
|
||||
} else {
|
||||
$email_fields = array();
|
||||
echo "<form action='' method='post' enctype='multipart/form-data'>\n";
|
||||
|
@ -184,14 +184,14 @@ if (!$columns) {
|
|||
if (strlen($name)) {
|
||||
$order++;
|
||||
$names[$key] = $name;
|
||||
echo '<th><a href="' . htmlspecialchars(remove_from_uri('(order|desc)[^=]*') . '&order%5B0%5D=' . urlencode($key) . ($_GET["order"] == array($key) && !$_GET["desc"][0] ? '&desc%5B0%5D=1' : '')) . '">' . apply_sql_function($val["fun"], $name) . "</a>"; //! columns looking like functions
|
||||
echo '<th><a href="' . h(remove_from_uri('(order|desc)[^=]*') . '&order%5B0%5D=' . urlencode($key) . ($_GET["order"] == array($key) && !$_GET["desc"][0] ? '&desc%5B0%5D=1' : '')) . '">' . apply_sql_function($val["fun"], $name) . "</a>"; //! columns looking like functions
|
||||
}
|
||||
next($select);
|
||||
}
|
||||
echo ($table_names ? "<th>" . lang('Relations') : "") . "</thead>\n";
|
||||
foreach ($descriptions as $n => $row) {
|
||||
$unique_idf = implode('&', unique_idf($rows[$n], $indexes));
|
||||
echo '<tr' . odd() . '><td><input type="checkbox" name="check[]" value="' . $unique_idf . '" onclick="this.form[\'all\'].checked = false; form_uncheck(\'all-page\');">' . (count($select) != count($group) || information_schema($_GET["db"]) ? '' : ' <a href="' . htmlspecialchars($SELF) . 'edit=' . urlencode($_GET['select']) . '&' . $unique_idf . '">' . lang('edit') . '</a>');
|
||||
echo "<tr" . odd() . "><td><input type='checkbox' name='check[]' value='$unique_idf' onclick=\"this.form['all'].checked = false; form_uncheck('all-page');\">" . (count($select) != count($group) || information_schema($_GET["db"]) ? '' : " <a href='" . h($SELF) . "edit=" . urlencode($_GET['select']) . "&$unique_idf" . "'>" . lang('edit') . "</a>");
|
||||
foreach ($row as $key => $val) {
|
||||
if (isset($names[$key])) {
|
||||
if (strlen($val) && (!isset($email_fields[$key]) || strlen($email_fields[$key]))) {
|
||||
|
@ -203,14 +203,14 @@ if (!$columns) {
|
|||
$val = "<i>NULL</i>";
|
||||
} else {
|
||||
if (ereg('blob|binary', $fields[$key]["type"]) && strlen($val)) {
|
||||
$link = htmlspecialchars($SELF . 'download=' . urlencode($_GET["select"]) . '&field=' . urlencode($key) . '&') . $unique_idf;
|
||||
$link = h($SELF . 'download=' . urlencode($_GET["select"]) . '&field=' . urlencode($key) . '&') . $unique_idf;
|
||||
}
|
||||
if (!strlen(trim($val, " \t"))) {
|
||||
$val = " ";
|
||||
} elseif (strlen($text_length) && ereg('blob|text', $fields[$key]["type"]) && is_utf8($val)) {
|
||||
$val = nl2br(shorten_utf8($val, max(0, intval($text_length)))); // usage of LEFT() would reduce traffic but complicate query
|
||||
} else {
|
||||
$val = nl2br(htmlspecialchars($val));
|
||||
$val = nl2br(h($val));
|
||||
}
|
||||
|
||||
// link related items
|
||||
|
@ -219,7 +219,7 @@ if (!$columns) {
|
|||
foreach ($foreign_key["source"] as $i => $source) {
|
||||
$link .= where_link($i, $foreign_key["target"][$i], $rows[$n][$source]);
|
||||
}
|
||||
$link = htmlspecialchars((strlen($foreign_key["db"]) ? preg_replace('~([?&]db=)[^&]+~', '\\1' . urlencode($foreign_key["db"]), $SELF) : $SELF) . 'select=' . urlencode($foreign_key["table"])) . $link; // InnoDB supports non-UNIQUE keys
|
||||
$link = h((strlen($foreign_key["db"]) ? preg_replace('~([?&]db=)[^&]+~', '\\1' . urlencode($foreign_key["db"]), $SELF) : $SELF) . 'select=' . urlencode($foreign_key["table"])) . $link; // InnoDB supports non-UNIQUE keys
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
@ -235,13 +235,13 @@ if (!$columns) {
|
|||
echo "<td>";
|
||||
foreach ($table_names as $table => $name) {
|
||||
foreach ($backward_keys[$table] as $columns) {
|
||||
echo ' <a href="' . htmlspecialchars($SELF) . 'select=' . urlencode($table);
|
||||
echo " <a href='" . h($SELF) . 'select=' . urlencode($table);
|
||||
$i = 0;
|
||||
foreach ($columns as $column => $val) {
|
||||
echo where_link($i, $column, $rows[$n][$val]);
|
||||
$i++;
|
||||
}
|
||||
echo "\">$name</a>";
|
||||
echo "'>$name</a>";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -42,7 +42,7 @@ if (!$error && $_POST) {
|
|||
$start = explode(" ", microtime()); // microtime(true) is available since PHP 5
|
||||
//! don't allow changing of character_set_results, convert encoding of displayed query
|
||||
if (!$dbh->multi_query(substr($query, 0, $match[0][1]))) {
|
||||
echo "<p class='error'>" . lang('Error in query') . ": " . htmlspecialchars($dbh->error) . "\n";
|
||||
echo "<p class='error'>" . lang('Error in query') . ": " . h($dbh->error) . "\n";
|
||||
if ($_POST["error_stops"]) {
|
||||
break;
|
||||
}
|
||||
|
@ -76,7 +76,7 @@ if (!$error && $_POST) {
|
|||
?>
|
||||
|
||||
<form action="" method="post" enctype="multipart/form-data">
|
||||
<p><textarea name="query" rows="20" cols="80" style="width: 98%;"><?php echo htmlspecialchars($_POST ? $_POST["query"] : (strlen($_GET["history"]) ? $_SESSION["history"][$_GET["server"]][$_GET["db"]][$_GET["history"]] : $_GET["sql"])); ?></textarea>
|
||||
<p><textarea name="query" rows="20" cols="80" style="width: 98%;"><?php echo h($_POST ? $_POST["query"] : (strlen($_GET["history"]) ? $_SESSION["history"][$_GET["server"]][$_GET["db"]][$_GET["history"]] : $_GET["sql"])); ?></textarea>
|
||||
<p>
|
||||
<input type="hidden" name="token" value="<?php echo $token; ?>">
|
||||
<input type="submit" value="<?php echo lang('Execute'); ?>">
|
||||
|
@ -96,7 +96,7 @@ if ($history) {
|
|||
echo "<fieldset><legend>" . lang('History') . "</legend>\n";
|
||||
foreach ($history as $key => $val) {
|
||||
//! save and display timestamp
|
||||
echo '<a href="' . htmlspecialchars($SELF . "sql=&history=$key") . '">' . lang('Edit') . '</a> <code class="jush-sql">' . shorten_utf8(ltrim(str_replace("\n", " ", preg_replace('~^(#|-- ).*~m', '', $val))), 80, "</code>") . "<br>\n";
|
||||
echo '<a href="' . h($SELF . "sql=&history=$key") . '">' . lang('Edit') . '</a> <code class="jush-sql">' . shorten_utf8(ltrim(str_replace("\n", " ", preg_replace('~^(#|-- ).*~m', '', $val))), 80, "</code>") . "<br>\n";
|
||||
}
|
||||
echo "<input type='submit' name='clear' value='" . lang('Clear') . "'>\n";
|
||||
echo "</fieldset>\n";
|
||||
|
|
|
@ -1,12 +1,12 @@
|
|||
<?php
|
||||
$result = $dbh->query("SHOW COLUMNS FROM " . idf_escape($_GET["table"]));
|
||||
if (!$result) {
|
||||
$error = htmlspecialchars($dbh->error);
|
||||
$error = h($dbh->error);
|
||||
}
|
||||
$table_status = ($result ? table_status($_GET["table"]) : array());
|
||||
$is_view = !isset($table_status["Rows"]);
|
||||
|
||||
page_header(($result && $is_view ? lang('View') : lang('Table')) . ": " . htmlspecialchars($_GET["table"]), $error);
|
||||
page_header(($result && $is_view ? lang('View') : lang('Table')) . ": " . h($_GET["table"]), $error);
|
||||
|
||||
if ($result) {
|
||||
$auto_increment_only = true;
|
||||
|
@ -15,20 +15,20 @@ if ($result) {
|
|||
if (!$row["auto_increment"]) {
|
||||
$auto_increment_only = false;
|
||||
}
|
||||
echo "<tr><th>" . htmlspecialchars($row["Field"]) . "<td>" . htmlspecialchars($row["Type"]) . ($row["Null"] == "YES" ? " <i>NULL</i>" : "") . "\n";
|
||||
echo "<tr><th>" . h($row["Field"]) . "<td>" . h($row["Type"]) . ($row["Null"] == "YES" ? " <i>NULL</i>" : "") . "\n";
|
||||
}
|
||||
echo "</table>\n";
|
||||
$result->free();
|
||||
|
||||
echo "<p>";
|
||||
if ($is_view) {
|
||||
echo '<a href="' . htmlspecialchars($SELF) . 'view=' . urlencode($_GET["table"]) . '">' . lang('Alter view') . '</a>';
|
||||
echo '<a href="' . h($SELF) . 'view=' . urlencode($_GET["table"]) . '">' . lang('Alter view') . '</a>';
|
||||
} else {
|
||||
echo '<a href="' . htmlspecialchars($SELF) . 'create=' . urlencode($_GET["table"]) . '">' . lang('Alter table') . '</a>';
|
||||
echo ($auto_increment_only ? '' : ' <a href="' . htmlspecialchars($SELF) . 'default=' . urlencode($_GET["table"]) . '">' . lang('Default values') . '</a>');
|
||||
echo '<a href="' . h($SELF) . 'create=' . urlencode($_GET["table"]) . '">' . lang('Alter table') . '</a>';
|
||||
echo ($auto_increment_only ? '' : ' <a href="' . h($SELF) . 'default=' . urlencode($_GET["table"]) . '">' . lang('Default values') . '</a>');
|
||||
}
|
||||
echo ' <a href="' . htmlspecialchars($SELF) . 'select=' . urlencode($_GET["table"]) . '">' . lang('Select table') . '</a>';
|
||||
echo ' <a href="' . htmlspecialchars($SELF) . 'edit=' . urlencode($_GET["table"]) . '">' . lang('New item') . '</a>';
|
||||
echo ' <a href="' . h($SELF) . 'select=' . urlencode($_GET["table"]) . '">' . lang('Select table') . '</a>';
|
||||
echo ' <a href="' . h($SELF) . 'edit=' . urlencode($_GET["table"]) . '">' . lang('New item') . '</a>';
|
||||
|
||||
if (!$is_view) {
|
||||
echo "<h3>" . lang('Indexes') . "</h3>\n";
|
||||
|
@ -39,13 +39,13 @@ if ($result) {
|
|||
ksort($index["columns"]); // enforce correct columns order
|
||||
$print = array();
|
||||
foreach ($index["columns"] as $key => $val) {
|
||||
$print[] = "<i>" . htmlspecialchars($val) . "</i>" . ($index["lengths"][$key] ? "(" . $index["lengths"][$key] . ")" : "");
|
||||
$print[] = "<i>" . h($val) . "</i>" . ($index["lengths"][$key] ? "(" . $index["lengths"][$key] . ")" : "");
|
||||
}
|
||||
echo "<tr><th>$index[type]<td>" . implode(", ", $print) . "\n";
|
||||
}
|
||||
echo "</table>\n";
|
||||
}
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'indexes=' . urlencode($_GET["table"]) . '">' . lang('Alter indexes') . "</a>\n";
|
||||
echo '<p><a href="' . h($SELF) . 'indexes=' . urlencode($_GET["table"]) . '">' . lang('Alter indexes') . "</a>\n";
|
||||
|
||||
if ($table_status["Engine"] == "InnoDB") {
|
||||
echo "<h3>" . lang('Foreign keys') . "</h3>\n";
|
||||
|
@ -53,16 +53,16 @@ if ($result) {
|
|||
if ($foreign_keys) {
|
||||
echo "<table cellspacing='0'>\n";
|
||||
foreach ($foreign_keys as $name => $foreign_key) {
|
||||
$link = (strlen($foreign_key["db"]) ? "<strong>" . htmlspecialchars($foreign_key["db"]) . "</strong>." : "") . htmlspecialchars($foreign_key["table"]);
|
||||
$link = (strlen($foreign_key["db"]) ? "<strong>" . h($foreign_key["db"]) . "</strong>." : "") . h($foreign_key["table"]);
|
||||
echo "<tr>";
|
||||
echo "<th><i>" . implode("</i>, <i>", array_map('htmlspecialchars', $foreign_key["source"])) . "</i>";
|
||||
echo '<td><a href="' . htmlspecialchars(strlen($foreign_key["db"]) ? preg_replace('~db=[^&]*~', "db=" . urlencode($foreign_key["db"]), $SELF) : $SELF) . "table=" . urlencode($foreign_key["table"]) . "\">$link</a>";
|
||||
echo "(<em>" . implode("</em>, <em>", array_map('htmlspecialchars', $foreign_key["target"])) . "</em>)";
|
||||
echo "<td>" . (!strlen($foreign_key["db"]) ? '<a href="' . htmlspecialchars($SELF) . 'foreign=' . urlencode($_GET["table"]) . '&name=' . urlencode($name) . '">' . lang('Alter') . '</a>' : ' ');
|
||||
echo "<th><i>" . implode("</i>, <i>", array_map('h', $foreign_key["source"])) . "</i>";
|
||||
echo "<td><a href='" . h(strlen($foreign_key["db"]) ? preg_replace('~db=[^&]*~', "db=" . urlencode($foreign_key["db"]), $SELF) : $SELF) . "table=" . urlencode($foreign_key["table"]) . "'>$link</a>";
|
||||
echo "(<em>" . implode("</em>, <em>", array_map('h', $foreign_key["target"])) . "</em>)";
|
||||
echo "<td>" . (!strlen($foreign_key["db"]) ? '<a href="' . h($SELF) . 'foreign=' . urlencode($_GET["table"]) . '&name=' . urlencode($name) . '">' . lang('Alter') . '</a>' : ' ');
|
||||
}
|
||||
echo "</table>\n";
|
||||
}
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'foreign=' . urlencode($_GET["table"]) . '">' . lang('Add foreign key') . "</a>\n";
|
||||
echo '<p><a href="' . h($SELF) . 'foreign=' . urlencode($_GET["table"]) . '">' . lang('Add foreign key') . "</a>\n";
|
||||
}
|
||||
|
||||
if ($dbh->server_info >= 5) {
|
||||
|
@ -71,12 +71,12 @@ if ($result) {
|
|||
if ($result->num_rows) {
|
||||
echo "<table cellspacing='0'>\n";
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
echo "<tr valign='top'><td>$row[Timing]<td>$row[Event]<th>" . htmlspecialchars($row["Trigger"]) . "<td><a href=\"" . htmlspecialchars($SELF) . 'trigger=' . urlencode($_GET["table"]) . '&name=' . urlencode($row["Trigger"]) . '">' . lang('Alter') . "</a>\n";
|
||||
echo "<tr valign='top'><td>$row[Timing]<td>$row[Event]<th>" . h($row["Trigger"]) . "<td><a href=\"" . h($SELF) . 'trigger=' . urlencode($_GET["table"]) . '&name=' . urlencode($row["Trigger"]) . '">' . lang('Alter') . "</a>\n";
|
||||
}
|
||||
echo "</table>\n";
|
||||
}
|
||||
$result->free();
|
||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'trigger=' . urlencode($_GET["table"]) . '">' . lang('Add trigger') . "</a>\n";
|
||||
echo '<p><a href="' . h($SELF) . 'trigger=' . urlencode($_GET["table"]) . '">' . lang('Add trigger') . "</a>\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -14,7 +14,7 @@ if ($_POST && !$error) {
|
|||
}
|
||||
}
|
||||
|
||||
page_header((strlen($_GET["name"]) ? lang('Alter trigger') . ": " . htmlspecialchars($_GET["name"]) : lang('Create trigger')), $error, array("table" => $_GET["trigger"]));
|
||||
page_header((strlen($_GET["name"]) ? lang('Alter trigger') . ": " . h($_GET["name"]) : lang('Create trigger')), $error, array("table" => $_GET["trigger"]));
|
||||
|
||||
$row = array("Trigger" => "$_GET[trigger]_bi");
|
||||
if ($_POST) {
|
||||
|
@ -28,11 +28,11 @@ if ($_POST) {
|
|||
|
||||
<form action="" method="post" id="form">
|
||||
<table cellspacing="0">
|
||||
<tr><th><?php echo lang('Time'); ?><td><select name="Timing" onchange="if (/^<?php echo htmlspecialchars(preg_quote($_GET["trigger"], "/")); ?>_[ba][iud]$/.test(this.form['Trigger'].value)) this.form['Trigger'].value = '<?php echo htmlspecialchars(addcslashes($_GET["trigger"], "\r\n'\\")); ?>_' + this.value.charAt(0).toLowerCase() + this.form['Event'].value.charAt(0).toLowerCase();"><?php echo optionlist($trigger_time, $row["Timing"]); ?></select>
|
||||
<tr><th><?php echo lang('Time'); ?><td><select name="Timing" onchange="if (/^<?php echo h(preg_quote($_GET["trigger"], "/")); ?>_[ba][iud]$/.test(this.form['Trigger'].value)) this.form['Trigger'].value = '<?php echo h(addcslashes($_GET["trigger"], "\r\n'\\")); ?>_' + this.value.charAt(0).toLowerCase() + this.form['Event'].value.charAt(0).toLowerCase();"><?php echo optionlist($trigger_time, $row["Timing"]); ?></select>
|
||||
<tr><th><?php echo lang('Event'); ?><td><select name="Event" onchange="this.form['Timing'].onchange();"><?php echo optionlist($trigger_event, $row["Event"]); ?></select>
|
||||
<tr><th><?php echo lang('Name'); ?><td><input name="Trigger" value="<?php echo htmlspecialchars($row["Trigger"]); ?>" maxlength="64">
|
||||
<tr><th><?php echo lang('Name'); ?><td><input name="Trigger" value="<?php echo h($row["Trigger"]); ?>" maxlength="64">
|
||||
</table>
|
||||
<p><textarea name="Statement" rows="10" cols="80" style="width: 98%;"><?php echo htmlspecialchars($row["Statement"]); ?></textarea>
|
||||
<p><textarea name="Statement" rows="10" cols="80" style="width: 98%;"><?php echo h($row["Statement"]); ?></textarea>
|
||||
<p>
|
||||
<input type="hidden" name="token" value="<?php echo $token; ?>">
|
||||
<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
|
||||
|
|
|
@ -114,7 +114,7 @@ if ($_POST && !$error) {
|
|||
}
|
||||
}
|
||||
|
||||
page_header((isset($_GET["host"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[user]@$_GET[host]") : lang('Create user')), $error, array("privileges" => array('', lang('Privileges'))));
|
||||
page_header((isset($_GET["host"]) ? lang('Username') . ": " . h("$_GET[user]@$_GET[host]") : lang('Create user')), $error, array("privileges" => array('', lang('Privileges'))));
|
||||
|
||||
if ($_POST) {
|
||||
$row = $_POST;
|
||||
|
@ -131,9 +131,9 @@ if ($_POST) {
|
|||
?>
|
||||
<form action="" method="post">
|
||||
<table cellspacing="0">
|
||||
<tr><th><?php echo lang('Username'); ?><td><input name="user" maxlength="16" value="<?php echo htmlspecialchars($row["user"]); ?>">
|
||||
<tr><th><?php echo lang('Server'); ?><td><input name="host" maxlength="60" value="<?php echo htmlspecialchars($row["host"]); ?>">
|
||||
<tr><th><?php echo lang('Password'); ?><td><input id="pass" name="pass" value="<?php echo htmlspecialchars($row["pass"]); ?>"><?php if (!$row["hashed"]) { ?><script type="text/javascript">document.getElementById('pass').type = 'password';</script><?php } ?> <label><input type="checkbox" name="hashed" value="1"<?php if ($row["hashed"]) { ?> checked="checked"<?php } ?> onclick="this.form['pass'].type = (this.checked ? 'text' : 'password');"><?php echo lang('Hashed'); ?></label>
|
||||
<tr><th><?php echo lang('Username'); ?><td><input name="user" maxlength="16" value="<?php echo h($row["user"]); ?>">
|
||||
<tr><th><?php echo lang('Server'); ?><td><input name="host" maxlength="60" value="<?php echo h($row["host"]); ?>">
|
||||
<tr><th><?php echo lang('Password'); ?><td><input id="pass" name="pass" value="<?php echo h($row["pass"]); ?>"><?php if (!$row["hashed"]) { ?><script type="text/javascript">document.getElementById('pass').type = 'password';</script><?php } ?> <label><input type="checkbox" name="hashed" value="1"<?php if ($row["hashed"]) { ?> checked="checked"<?php } ?> onclick="this.form['pass'].type = (this.checked ? 'text' : 'password');"><?php echo lang('Hashed'); ?></label>
|
||||
</table>
|
||||
|
||||
<?php
|
||||
|
@ -142,7 +142,7 @@ echo "<table cellspacing='0'>\n";
|
|||
echo "<thead><tr><th colspan='2'>" . lang('Privileges');
|
||||
$i = 0;
|
||||
foreach ($grants as $object => $grant) {
|
||||
echo '<th>' . ($object != "*.*" ? '<input name="objects[' . $i . ']" value="' . htmlspecialchars($object) . '" size="10">' : '<input type="hidden" name="objects[' . $i . ']" value="*.*" size="10">*.*'); //! separate db, table, columns, PROCEDURE|FUNCTION, routine
|
||||
echo '<th>' . ($object != "*.*" ? "<input name='objects[$i]' value='" . h($object) . "' size='10'>" : "<input type='hidden' name='objects[$i]' value='*.*' size='10'>*.*"); //! separate db, table, columns, PROCEDURE|FUNCTION, routine
|
||||
$i++;
|
||||
}
|
||||
echo "</thead>\n";
|
||||
|
@ -155,10 +155,10 @@ foreach (array(
|
|||
"Procedures" => lang('Routine'),
|
||||
) as $context => $desc) {
|
||||
foreach ((array) $privileges[$context] as $privilege => $comment) {
|
||||
echo "<tr" . odd() . "><td" . ($desc ? ">$desc<td" : " colspan='2'") . ' lang="en" title="' . htmlspecialchars($comment) . '">' . htmlspecialchars($privilege);
|
||||
echo "<tr" . odd() . "><td" . ($desc ? ">$desc<td" : " colspan='2'") . ' lang="en" title="' . h($comment) . '">' . h($privilege);
|
||||
$i = 0;
|
||||
foreach ($grants as $object => $grant) {
|
||||
$name = '"grants[' . $i . '][' . htmlspecialchars(strtoupper($privilege)) . ']"';
|
||||
$name = "'grants[$i][" . h(strtoupper($privilege)) . "]'";
|
||||
$value = $grant[strtoupper($privilege)];
|
||||
if ($context == "Server Admin" && $object != (isset($grants["*.*"]) ? "*.*" : "")) {
|
||||
echo "<td> ";
|
||||
|
|
|
@ -5,8 +5,8 @@ echo "<table cellspacing='0'>\n";
|
|||
$result = $dbh->query("SHOW VARIABLES");
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
echo "<tr>";
|
||||
echo "<th><code class='jush-sqlset'>" . htmlspecialchars($row["Variable_name"]) . "</code>";
|
||||
echo "<td>" . (strlen(trim($row["Value"])) ? htmlspecialchars($row["Value"]) : " ");
|
||||
echo "<th><code class='jush-sqlset'>" . h($row["Variable_name"]) . "</code>";
|
||||
echo "<td>" . (strlen(trim($row["Value"])) ? h($row["Value"]) : " ");
|
||||
}
|
||||
$result->free();
|
||||
echo "</table>\n";
|
||||
|
|
|
@ -19,10 +19,10 @@ if ($_POST) {
|
|||
?>
|
||||
|
||||
<form action="" method="post">
|
||||
<p><textarea name="select" rows="10" cols="80" style="width: 98%;"><?php echo htmlspecialchars($row["select"]); ?></textarea>
|
||||
<p><textarea name="select" rows="10" cols="80" style="width: 98%;"><?php echo h($row["select"]); ?></textarea>
|
||||
<p>
|
||||
<input type="hidden" name="token" value="<?php echo $token; ?>">
|
||||
<?php if ($dropped) { // old view was dropped but new wasn't created ?><input type="hidden" name="dropped" value="1"><?php } ?>
|
||||
<?php echo lang('Name'); ?>: <input name="name" value="<?php echo htmlspecialchars($row["name"]); ?>" maxlength="64">
|
||||
<?php echo lang('Name'); ?>: <input name="name" value="<?php echo h($row["name"]); ?>" maxlength="64">
|
||||
<input type="submit" value="<?php echo lang('Save'); ?>">
|
||||
</form>
|
||||
|
|
|
@ -177,7 +177,7 @@ if ($_COOKIE["adminer_lang"]) {
|
|||
}
|
||||
$file = str_replace('<script type="text/javascript" src="editing.js"></script>' . "\n", "", $file);
|
||||
$file = preg_replace_callback("~compile_file\\('([^']+)', '([^']+)'\\);~", 'compile_file', $file); // integrate static files
|
||||
$replace = 'htmlspecialchars(preg_replace("~\\\\\\\\?.*~", "", $_SERVER["REQUEST_URI"]), ENT_QUOTES) . "?file=\\1&version=' . $VERSION;
|
||||
$replace = 'h(preg_replace("~\\\\\\\\?.*~", "", $_SERVER["REQUEST_URI"])) . "?file=\\1&version=' . $VERSION;
|
||||
$file = preg_replace('~\\.\\./adminer/(default\\.css|functions\\.js|favicon\\.ico)~', '<?php echo ' . $replace . '"; ?>', $file);
|
||||
$file = preg_replace('~\\.\\./adminer/((plus|cross|up|down|arrow)\\.gif)~', '" . ' . $replace, $file);
|
||||
$file = str_replace("../externals/jush/", "http://jush.sourceforge.net/", $file);
|
||||
|
|
|
@ -47,7 +47,7 @@ if (!extension_loaded("xdebug")) {
|
|||
$prev_color = $color;
|
||||
}
|
||||
if ($prev_color != $color || !isset($line)) {
|
||||
echo "<div" . ($prev_color ? " style='background-color: $prev_color;'" : "") . ">" . $s;
|
||||
echo "<div" . ($prev_color ? " style='background-color: $prev_color;'" : "") . ">$s";
|
||||
$open_tags = xhtml_open_tags($s);
|
||||
foreach (array_reverse($open_tags) as $tag) {
|
||||
echo "</" . preg_replace('~ .*~', '', $tag) . ">";
|
||||
|
|
|
@ -25,12 +25,12 @@ function adminer_object() {
|
|||
|
||||
function tableName($tableStatus) {
|
||||
// tables without comments would return empty string and will be ignored by Adminer
|
||||
return htmlspecialchars($tableStatus["Comment"]);
|
||||
return h($tableStatus["Comment"]);
|
||||
}
|
||||
|
||||
function fieldName($field, $order = 0) {
|
||||
// only first five columns with comments will be displayed
|
||||
return ($order < 5 ? htmlspecialchars($field["comment"]) : "");
|
||||
return ($order < 5 ? h($field["comment"]) : "");
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
@ -17,7 +17,7 @@ class Adminer {
|
|||
function loginForm($username) {
|
||||
?>
|
||||
<table cellspacing="0">
|
||||
<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="server" value="" /><input name="username" value="<?php echo htmlspecialchars($username); ?>">
|
||||
<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="server" value="" /><input name="username" value="<?php echo h($username); ?>">
|
||||
<tr><th><?php echo lang('Password'); ?><td><input type="password" name="password">
|
||||
</table>
|
||||
<?php
|
||||
|
@ -29,11 +29,11 @@ class Adminer {
|
|||
|
||||
function tableName($tableStatus) {
|
||||
table_comment($tableStatus);
|
||||
return htmlspecialchars(strlen($tableStatus["Comment"]) ? $tableStatus["Comment"] : $tableStatus["Name"]);
|
||||
return h(strlen($tableStatus["Comment"]) ? $tableStatus["Comment"] : $tableStatus["Name"]);
|
||||
}
|
||||
|
||||
function fieldName($field, $order = 0) {
|
||||
return htmlspecialchars(strlen($field["comment"]) ? $field["comment"] : $field["field"]);
|
||||
return h(strlen($field["comment"]) ? $field["comment"] : $field["field"]);
|
||||
}
|
||||
|
||||
function selectLinks($tableStatus) {
|
||||
|
@ -116,7 +116,7 @@ ORDER BY ORDINAL_POSITION"); //! requires MySQL 5
|
|||
}
|
||||
}
|
||||
if ($field["full_type"] == "tinyint(1)" && $return != " ") { // bool
|
||||
$return = '<img src="' . ($val ? "../adminer/plus.gif" : "../adminer/cross.gif") . '" alt="' . htmlspecialchars($val) . '">';
|
||||
$return = '<img src="' . ($val ? "../adminer/plus.gif" : "../adminer/cross.gif") . '" alt="' . h($val) . '">';
|
||||
}
|
||||
return ($link ? "<a href=\"$link\">$return</a>" : $return);
|
||||
}
|
||||
|
@ -139,7 +139,7 @@ ORDER BY ORDINAL_POSITION"); //! requires MySQL 5
|
|||
foreach ((array) $_GET["where"] as $val) {
|
||||
if (strlen("$val[col]$val[val]")) {
|
||||
echo "<div><select name='where[$i][col]'><option value=''>" . lang('(anywhere)') . optionlist($columns, $val["col"], true) . "</select>";
|
||||
echo "<input name='where[$i][val]' value=\"" . htmlspecialchars($val["val"]) . "\"></div>\n";
|
||||
echo "<input name='where[$i][val]' value='" . h($val["val"]) . "'></div>\n";
|
||||
$i++;
|
||||
}
|
||||
}
|
||||
|
@ -189,7 +189,7 @@ ORDER BY ORDINAL_POSITION"); //! requires MySQL 5
|
|||
echo "<p>" . lang('From') . ": <input name='email_from'>\n";
|
||||
echo lang('Subject') . ": <input name='email_subject'>\n";
|
||||
echo "<p><textarea name='email_message' rows='15' cols='60'></textarea>\n";
|
||||
echo "<p>" . (count($emailFields) == 1 ? '<input type="hidden" name="email_field" value="' . htmlspecialchars(key($emailFields)) . '">' : '<select name="email_field">' . optionlist($emailFields) . '</select> ');
|
||||
echo "<p>" . (count($emailFields) == 1 ? '<input type="hidden" name="email_field" value="' . h(key($emailFields)) . '">' : '<select name="email_field">' . optionlist($emailFields) . '</select> ');
|
||||
echo "<input type='submit' name='email' value='" . lang('Send') . "'$confirm>\n";
|
||||
echo "</div></fieldset>\n";
|
||||
}
|
||||
|
@ -310,7 +310,7 @@ ORDER BY ORDINAL_POSITION"); //! requires MySQL 5
|
|||
}
|
||||
}
|
||||
if ($field["full_type"] == "tinyint(1)") { // bool
|
||||
return '<input type="checkbox" value="' . htmlspecialchars($value ? $value : 1) . '"' . ($value ? ' checked="checked"' : '') . "$attrs>";
|
||||
return '<input type="checkbox" value="' . h($value ? $value : 1) . '"' . ($value ? ' checked="checked"' : '') . "$attrs>";
|
||||
}
|
||||
return '';
|
||||
}
|
||||
|
@ -346,7 +346,7 @@ ORDER BY ORDINAL_POSITION"); //! requires MySQL 5
|
|||
foreach ($table_status as $row) {
|
||||
$name = $this->tableName($row);
|
||||
if (isset($row["Engine"]) && strlen($name)) { // ignore views and tables without name
|
||||
echo '<a href="' . htmlspecialchars($SELF) . 'select=' . urlencode($row["Name"]) . "\">$name</a><br>\n";
|
||||
echo "<a href='" . h($SELF) . 'select=' . urlencode($row["Name"]) . "'>$name</a><br>\n";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue