Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP

Loading…

Removed most <noscript> tags and made JS mandatory to login #17

Merged
merged 2 commits into from

2 participants

@roccivic

JS is a requirement for version 4.0, so there is no need for most of the noscript tags.
Also, JS should be mandatory for the cookie login.

@ruleant

looks good, but there are some unescaped variables in libraries\common.lib.php PMA_toggleButton()
I'll merge your request and fix the unescaped variables

@ruleant ruleant merged commit 7b8bbc6 into from
@roccivic

$GLOBALS['text_dir'] can only be "rtl" or "ltr", so no nasty surprises there. The inputs to the function are assumed to be escaped already. So I guess that I don't see any unsafe variables...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
This page is out of date. Refresh to see the latest.
View
8 db_structure.php
@@ -612,14 +612,6 @@ class="center">
}
?>
</select>
-<script type="text/javascript">
-<!--
-// Fake js to allow the use of the <noscript> tag
-//-->
-</script>
-<noscript>
- <input type="submit" value="<?php echo __('Go'); ?>" />
-</noscript>
<?php echo implode("\n", $hidden_fields) . "\n"; ?>
</div>
</form>
View
3  libraries/Config.class.php
@@ -1322,9 +1322,6 @@ static public function getFontsizeForm()
. ' method="post" action="index.php" target="_parent">' . "\n"
. PMA_generate_common_hidden_inputs() . "\n"
. PMA_Config::_getFontsizeSelection() . "\n"
- . '<noscript>' . "\n"
- . '<input type="submit" value="' . __('Go') . '" />' . "\n"
- . '</noscript>' . "\n"
. '</form>';
}
View
1  libraries/Theme_Manager.class.php
@@ -306,7 +306,6 @@ function getHtmlSelectBox($form = true)
$select_box .= '</select>';
if ($form) {
- $select_box .= '<noscript><input type="submit" value="' . __('Go') . '" /></noscript>';
$select_box .= '</form>';
}
View
13 libraries/auth/cookie.auth.lib.php
@@ -154,6 +154,11 @@ function PMA_auth()
if (top != self) {
window.top.location.href=location;
}
+// reveal the login form to users with JS enabled
+$(document).ready(function () {
+ $('form.login').show();
+ $('div.language').show();
+});
//]]>
</script>
</head>
@@ -191,17 +196,23 @@ function PMA_auth()
PMA_Message::rawError($conn_error)->display();
}
+ echo "<noscript>\n";
+ PMA_message::error(__("Javascript must be enabled past this point"))->display();
+ echo "</noscript>\n";
+
+ echo "<div class='language hide'>";
// Displays the languages form
if (empty($GLOBALS['cfg']['Lang'])) {
include_once './libraries/display_select_lang.lib.php';
// use fieldset, don't show doc link
PMA_select_language(true, false);
}
+ echo "</div>";
?>
<br />
<!-- Login form -->
-<form method="post" action="index.php" name="login_form"<?php echo $autocomplete; ?> target="_top" class="login">
+<form method="post" action="index.php" name="login_form"<?php echo $autocomplete; ?> target="_top" class="login hide">
<fieldset>
<legend>
<?php
View
84 libraries/common.lib.php
@@ -1404,7 +1404,6 @@ function PMA_profilingCheckbox($sql_query)
echo '<input type="hidden" name="sql_query" value="' . htmlspecialchars($sql_query) . '" />' . "\n";
echo '<input type="hidden" name="profiling_form" value="1" />' . "\n";
PMA_display_html_checkbox('profiling', __('Profiling'), isset($_SESSION['profiling']), true);
- echo '<noscript><input type="submit" value="' . __('Go') . '" /></noscript>' . "\n";
echo '</form>' . "\n";
}
}
@@ -2454,8 +2453,7 @@ function PMA_pageselector($rows, $pageNow = 1, $nbTotalPage = 1,
. ' value="' . (($i - 1) * $rows) . '">' . $i . '</option>' . "\n";
}
- $gotopage .= ' </select><noscript><input type="submit" value="'
- . __('Go') . '" /></noscript>';
+ $gotopage .= ' </select>';
return $gotopage;
} // end function
@@ -2758,62 +2756,36 @@ function PMA_toggleButton($action, $select_name, $options, $callback)
} else {
$state = 'on';
}
- $selected1 = '';
- $selected0 = '';
- if ($options[1]['selected'] == true) {
- $selected1 = " selected='selected'";
- } else if ($options[0]['selected'] == true) {
- $selected0 = " selected='selected'";
- }
// Generate output
$retval = "<!-- TOGGLE START -->\n";
- if ($GLOBALS['cfg']['AjaxEnable'] && is_readable($_SESSION['PMA_Theme']->getImgPath() . 'toggle-ltr.png')) {
- $retval .= "<noscript>\n";
- }
- $retval .= "<div class='wrapper'>\n";
- $retval .= " <form action='$action' method='post'>\n";
- $retval .= " <select name='$select_name'>\n";
- $retval .= " <option value='{$options[1]['value']}'$selected1>";
- $retval .= " {$options[1]['label']}\n";
- $retval .= " </option>\n";
- $retval .= " <option value='{$options[0]['value']}'$selected0>";
- $retval .= " {$options[0]['label']}\n";
- $retval .= " </option>\n";
- $retval .= " </select>\n";
- $retval .= " <input type='submit' value='" . __('Change') . "'/>\n";
- $retval .= " </form>\n";
+ $retval .= "<div class='wrapper toggleAjax hide'>\n";
+ $retval .= " <div class='toggleButton'>\n";
+ $retval .= " <div title='" . __('Click to toggle') . "' class='container $state'>\n";
+ $retval .= " <img src='{$GLOBALS['pmaThemeImage']}toggle-{$GLOBALS['text_dir']}.png'\n";
+ $retval .= " alt='' />\n";
+ $retval .= " <table class='nospacing nopadding'>\n";
+ $retval .= " <tbody>\n";
+ $retval .= " <tr>\n";
+ $retval .= " <td class='toggleOn'>\n";
+ $retval .= " <span class='hide'>$link_on</span>\n";
+ $retval .= " <div>";
+ $retval .= str_replace(' ', '&nbsp;', $options[1]['label']) . "\n";
+ $retval .= " </div>\n";
+ $retval .= " </td>\n";
+ $retval .= " <td><div>&nbsp;</div></td>\n";
+ $retval .= " <td class='toggleOff'>\n";
+ $retval .= " <span class='hide'>$link_off</span>\n";
+ $retval .= " <div>";
+ $retval .= str_replace(' ', '&nbsp;', $options[0]['label']) . "\n";
+ $retval .= " </div>\n";
+ $retval .= " </tr>\n";
+ $retval .= " </tbody>\n";
+ $retval .= " </table>\n";
+ $retval .= " <span class='hide callback'>$callback</span>\n";
+ $retval .= " <span class='hide text_direction'>{$GLOBALS['text_dir']}</span>\n";
+ $retval .= " </div>\n";
+ $retval .= " </div>\n";
$retval .= "</div>\n";
- if ($GLOBALS['cfg']['AjaxEnable'] && is_readable($_SESSION['PMA_Theme']->getImgPath() . 'toggle-ltr.png')) {
- $retval .= "</noscript>\n";
- $retval .= "<div class='wrapper toggleAjax hide'>\n";
- $retval .= " <div class='toggleButton'>\n";
- $retval .= " <div title='" . __('Click to toggle') . "' class='container $state'>\n";
- $retval .= " <img src='{$GLOBALS['pmaThemeImage']}toggle-{$GLOBALS['text_dir']}.png'\n";
- $retval .= " alt='' />\n";
- $retval .= " <table class='nospacing nopadding'>\n";
- $retval .= " <tbody>\n";
- $retval .= " <tr>\n";
- $retval .= " <td class='toggleOn'>\n";
- $retval .= " <span class='hide'>$link_on</span>\n";
- $retval .= " <div>";
- $retval .= str_replace(' ', '&nbsp;', $options[1]['label']) . "\n";
- $retval .= " </div>\n";
- $retval .= " </td>\n";
- $retval .= " <td><div>&nbsp;</div></td>\n";
- $retval .= " <td class='toggleOff'>\n";
- $retval .= " <span class='hide'>$link_off</span>\n";
- $retval .= " <div>";
- $retval .= str_replace(' ', '&nbsp;', $options[0]['label']) . "\n";
- $retval .= " </div>\n";
- $retval .= " </tr>\n";
- $retval .= " </tbody>\n";
- $retval .= " </table>\n";
- $retval .= " <span class='hide callback'>$callback</span>\n";
- $retval .= " <span class='hide text_direction'>{$GLOBALS['text_dir']}</span>\n";
- $retval .= " </div>\n";
- $retval .= " </div>\n";
- $retval .= "</div>\n";
- }
$retval .= "<!-- TOGGLE END -->";
return $retval;
View
16 libraries/display_select_lang.lib.php
@@ -82,22 +82,6 @@ function PMA_select_language($use_fieldset = false, $show_doc = true)
echo '</fieldset>';
}
?>
-
- <noscript>
- <?php
- if ($use_fieldset) {
- echo '<fieldset class="tblFooters">';
- }
- ?>
-
- <input type="submit" value="Go" />
- <?php
- if ($use_fieldset) {
- echo '</fieldset>';
- }
- ?>
-
- </noscript>
</form>
<?php
} // End of function PMA_select_language
View
1  libraries/display_tbl.lib.php
@@ -572,7 +572,6 @@ function PMA_displayTableHeaders(&$is_display, &$fields_meta, $fields_cnt = 0, $
}
echo '<option value="' . htmlspecialchars($unsorted_sql_query) . '"' . ($used_index ? '' : ' selected="selected"') . '>' . __('None') . '</option>';
echo '</select>' . "\n";
- echo '<noscript><input type="submit" value="' . __('Go') . '" /></noscript>';
echo '</form>' . "\n";
}
}
View
4 libraries/header.inc.php
@@ -86,6 +86,10 @@ function PMA_addRecentTable($db, $table)
PMA_Message::notice(__('Cookies must be enabled past this point.'))->display();
}
+ echo "<noscript>\n";
+ PMA_message::error(__("Javascript must be enabled past this point"))->display();
+ echo "</noscript>\n";
+
// offer to load user preferences from localStorage
if ($userprefs_offer_import) {
include_once './libraries/user_preferences.lib.php';
View
5 libraries/select_server.lib.php
@@ -88,11 +88,6 @@ function PMA_select_server($not_only_options, $ommit_fieldset)
if ($not_only_options) {
echo '</select>';
- // Show submit button if we have just one server
- // (this happens with no default)
- echo '<noscript>';
- echo '<input type="submit" value="' . __('Go') . '" />';
- echo '</noscript>';
if (! $ommit_fieldset) {
echo '</fieldset>';
}
View
10 main.php
@@ -112,7 +112,6 @@
. ' </label>' . "\n"
. PMA_generateCharsetDropdownBox(PMA_CSDROPDOWN_COLLATION, 'collation_connection', 'select_collation_connection', $collation_connection, true, 4, true)
- . ' <noscript><input type="submit" value="' . __('Go') . '" /></noscript>' . "\n"
. ' </form>' . "\n"
. ' </li>' . "\n";
} // end of if ($server > 0 && !PMA_DRIZZLE)
@@ -331,15 +330,6 @@
}
/**
- * Show notice when javascript support is missing.
- */
-echo '<noscript>';
-$message = PMA_Message::notice(__('Javascript support is missing or disabled in your browser, some phpMyAdmin functionality will be missing. For example navigation frame will not refresh automatically.'));
-$message->isError(true);
-$message->display();
-echo '</noscript>';
-
-/**
* Warning about different MySQL library and server version
* (a difference on the third digit does not count).
* If someday there is a constant that we can check about mysqlnd, we can use it instead
View
8 navigation.php
@@ -163,9 +163,6 @@ function PMA_exitNavigationFrame()
.'<form method="post" action="index.php" target="_parent">' . "\n"
.PMA_generate_common_hidden_inputs() . "\n"
.PMA_RecentTable::getInstance()->getHtmlSelect()
- .'<noscript>' . "\n"
- .'<input type="submit" name="Go" value="' . __('Go') . '" />' . "\n"
- .'</noscript>' . "\n"
.'</form>' . "\n"
.'</div>' . "\n";
}
@@ -200,10 +197,7 @@ function PMA_exitNavigationFrame()
<form method="post" action="index.php" target="_parent" id="left">
<?php
echo PMA_generate_common_hidden_inputs() . "\n";
- echo $GLOBALS['pma']->databases->getHtmlSelectGrouped(true, $_SESSION['tmp_user_values']['navi_limit_offset'], $GLOBALS['cfg']['MaxDbList']) . "\n";
- echo '<noscript>' . "\n"
- .'<input type="submit" name="Go" value="' . __('Go') . '" />' . "\n"
- .'</noscript>' . "\n"
+ echo $GLOBALS['pma']->databases->getHtmlSelectGrouped(true, $_SESSION['tmp_user_values']['navi_limit_offset'], $GLOBALS['cfg']['MaxDbList']) . "\n"
.'</form>' . "\n"
. '</div>' . "\n";
} else {
View
1  tbl_change.php
@@ -1149,7 +1149,6 @@ class="<?php echo $the_class; ?>" <?php echo $unnullify_trigger; ?>
$tmp .= '</select>' . "\n";
echo "\n" . sprintf(__('Continue insertion with %s rows'), $tmp);
unset($tmp);
- echo '<noscript><input type="submit" value="' . __('Go') . '" /></noscript>' . "\n";
echo '</form>' . "\n";
}
Something went wrong with that request. Please try again.