Skip to content
Permalink
Browse files Browse the repository at this point in the history
triggers, routines, events : escape drop sql
  • Loading branch information
madhuracj committed Oct 4, 2012
1 parent cfd688d commit 6ea8fad
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion js/rte/common.js
Expand Up @@ -318,7 +318,7 @@ $(document).ready(function () {
/**
* @var question String containing the question to be asked for confirmation
*/
var question = $('<div/>').text($curr_row.children('td').children('.drop_sql').html());
var question = $('<div/>').text($curr_row.children('td').children('.drop_sql').text());
// We ask for confirmation first here, before submitting the ajax request
$(this).PMA_confirm(question, $(this).attr('href'), function (url) {
/**
Expand Down
6 changes: 3 additions & 3 deletions libraries/rte/rte_list.lib.php
Expand Up @@ -121,7 +121,7 @@ function PMA_RTN_getRowForList($routine, $rowclass = '')

$retval = " <tr class='noclick $rowclass'>\n";
$retval .= " <td>\n";
$retval .= " <span class='drop_sql hide'>$sql_drop</span>\n";
$retval .= " <span class='drop_sql hide'>" . htmlspecialchars($sql_drop) . "</span>\n";
$retval .= " <strong>\n";
$retval .= " " . htmlspecialchars($routine['SPECIFIC_NAME']) . "\n";
$retval .= " </strong>\n";
Expand Down Expand Up @@ -223,7 +223,7 @@ function PMA_TRI_getRowForList($trigger, $rowclass = '')

$retval = " <tr class='noclick $rowclass'>\n";
$retval .= " <td>\n";
$retval .= " <span class='drop_sql hide'>{$trigger['drop']}</span>\n";
$retval .= " <span class='drop_sql hide'>" . htmlspecialchars($trigger['drop']) . "</span>\n";
$retval .= " <strong>\n";
$retval .= " " . htmlspecialchars($trigger['name']) . "\n";
$retval .= " </strong>\n";
Expand Down Expand Up @@ -297,7 +297,7 @@ function PMA_EVN_getRowForList($event, $rowclass = '')

$retval = " <tr class='noclick $rowclass'>\n";
$retval .= " <td>\n";
$retval .= " <span class='drop_sql hide'>$sql_drop</span>\n";
$retval .= " <span class='drop_sql hide'>" . htmlspecialchars($sql_drop) . "</span>\n";
$retval .= " <strong>\n";
$retval .= " " . htmlspecialchars($event['EVENT_NAME']) . "\n";
$retval .= " </strong>\n";
Expand Down

0 comments on commit 6ea8fad

Please sign in to comment.