Permalink
Browse files

Function htmlspecialchars now uses ENT_QUOTES

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@950 7c3ca157-0c34-0410-bff1-cbf682f78f5c
  • Loading branch information...
1 parent 051b4e9 commit 12c042ce3eeb1ac8b9ddc9f218f5c2970f96892d jakubvrana committed Jul 30, 2009
@@ -119,7 +119,7 @@ function selectVal($val, $link, $field) {
if (ereg('blob|binary', $field["type"]) && !is_utf8($val)) {
$return = lang('%d byte(s)', strlen($val));
}
- return ($link ? "<a href=\"$link\">$return</a>" : $return);
+ return ($link ? "<a href='$link'>$return</a>" : $return);
}
/** Value conversion used in select and edit
@@ -11,7 +11,7 @@ function connect_error() {
'processlist' => lang('Process list'),
'variables' => lang('Variables'),
) as $key => $val) {
- echo '<p><a href="' . h(ME) . "$key=\">$val</a>\n";
+ echo "<p><a href='" . h(ME) . "$key='>$val</a>\n";
}
echo "<p>" . lang('MySQL version: %s through PHP extension %s', "<b" . ($dbh->server_info < 4.1 ? " class='binary'" : "") . ">$dbh->server_info</b>", "<b>$dbh->extension</b>") . "\n";
echo "<p>" . lang('Logged as: %s', "<b>" . h($dbh->result($dbh->query("SELECT USER()"))) . "</b>") . "\n";
@@ -23,8 +23,8 @@ function edit_type($key, $field, $collations, $foreign_keys = array()) {
<td><select name="<?php echo $key; ?>[type]" onchange="editing_type_change(this);"><?php echo optionlist($structured_types + ($foreign_keys ? array(lang('Foreign keys') => $foreign_keys) : array()), $field["type"]); ?></select>
<td><input name="<?php echo $key; ?>[length]" value="<?php echo h($field["length"]); ?>" size="3">
<td><?php
-echo "<select name=\"$key" . '[collation]"' . (ereg('(char|text|enum|set)$', $field["type"]) ? "" : " class='hidden'") . '><option value="">(' . lang('collation') . ')' . optionlist($collations, $field["collation"]) . '</select>';
-echo ($unsigned ? " <select name=\"$key" . '[unsigned]"' . (!$field["type"] || ereg('(int|float|double|decimal)$', $field["type"]) ? "" : " class='hidden'") . '><option>' . optionlist($unsigned, $field["unsigned"]) . '</select>' : '');
+echo "<select name='$key" . "[collation]'" . (ereg('(char|text|enum|set)$', $field["type"]) ? "" : " class='hidden'") . '><option value="">(' . lang('collation') . ')' . optionlist($collations, $field["collation"]) . '</select>';
+echo ($unsigned ? " <select name='$key" . "[unsigned]'" . (!$field["type"] || ereg('(int|float|double|decimal)$', $field["type"]) ? "" : " class='hidden'") . '><option>' . optionlist($unsigned, $field["unsigned"]) . '</select>' : '');
?>
<?php
}
@@ -198,7 +198,7 @@ function apply_sql_function($function, $column) {
echo ($table_names ? "<th>" . lang('Relations') : "") . "</thead>\n";
foreach ($descriptions as $n => $row) {
$unique_idf = implode('&amp;', unique_idf($rows[$n], $indexes));
- echo "<tr" . odd() . "><td><input type='checkbox' name='check[]' value='$unique_idf' onclick=\"this.form['all'].checked = false; form_uncheck('all-page');\">" . (count($select) != count($group) || information_schema($_GET["db"]) ? '' : " <a href='" . h(ME) . "edit=" . urlencode($_GET['select']) . "&amp;$unique_idf" . "'>" . lang('edit') . "</a>");
+ echo "<tr" . odd() . "><td><input type='checkbox' name='check[]' value='$unique_idf' onclick=\"this.form['all'].checked = false; form_uncheck('all-page');\">" . (count($select) != count($group) || information_schema($_GET["db"]) ? '' : " <a href='" . h(ME) . "edit=" . urlencode($_GET['select']) . "&amp;$unique_idf'>" . lang('edit') . "</a>");
foreach ($row as $key => $val) {
if (isset($names[$key])) {
if (strlen($val) && (!isset($email_fields[$key]) || strlen($email_fields[$key]))) {
@@ -58,7 +58,7 @@
echo "<th><i>" . implode("</i>, <i>", array_map('h', $foreign_key["source"])) . "</i>";
echo "<td><a href='" . h(strlen($foreign_key["db"]) ? preg_replace('~db=[^&]*~', "db=" . urlencode($foreign_key["db"]), ME) : ME) . "table=" . urlencode($foreign_key["table"]) . "'>$link</a>";
echo "(<em>" . implode("</em>, <em>", array_map('h', $foreign_key["target"])) . "</em>)";
- echo "<td>" . (!strlen($foreign_key["db"]) ? '<a href="' . h(ME) . 'foreign=' . urlencode($_GET["table"]) . '&amp;name=' . urlencode($name) . '">' . lang('Alter') . '</a>' : '&nbsp;');
+ echo "<td>" . (!strlen($foreign_key["db"]) ? '<a href="' . h(ME . 'foreign=' . urlencode($_GET["table"]) . '&name=' . urlencode($name)) . '">' . lang('Alter') . '</a>' : '&nbsp;');
}
echo "</table>\n";
}
@@ -71,7 +71,7 @@
if ($result->num_rows) {
echo "<table cellspacing='0'>\n";
while ($row = $result->fetch_assoc()) {
- echo "<tr valign='top'><td>$row[Timing]<td>$row[Event]<th>" . h($row["Trigger"]) . "<td><a href=\"" . h(ME) . 'trigger=' . urlencode($_GET["table"]) . '&amp;name=' . urlencode($row["Trigger"]) . '">' . lang('Alter') . "</a>\n";
+ echo "<tr valign='top'><td>$row[Timing]<td>$row[Event]<th>" . h($row["Trigger"]) . "<td><a href='" . h(ME . 'trigger=' . urlencode($_GET["table"]) . '&name=' . urlencode($row["Trigger"])) . "'>" . lang('Alter') . "</a>\n";
}
echo "</table>\n";
}
@@ -116,13 +116,13 @@ function selectVal($val, $link, $field) {
if (ereg('blob|binary', $field["type"]) && !is_utf8($val)) {
$return = lang('%d byte(s)', strlen($val));
if (ereg("^(GIF|\xFF\xD8\xFF|\x89\x50\x4E\x47\x0D\x0A\x1A\x0A)", $val)) { // GIF|JPG|PNG, getimagetype() works with filename
- $return = "<img src=\"$link\" alt='$return'>";
+ $return = "<img src='$link' alt='$return'>";
}
}
if ($field["full_type"] == "tinyint(1)" && $return != "&nbsp;") { // bool
$return = '<img src="' . ($val ? "../adminer/plus.gif" : "../adminer/cross.gif") . '" alt="' . h($val) . '">';
}
- return ($link ? "<a href=\"$link\">$return</a>" : $return);
+ return ($link ? "<a href='$link'>$return</a>" : $return);
}
function editVal($val, $field) {
View
@@ -16,7 +16,7 @@ Table status cache - SHOW TABLE STATUS is slow with big InnoDB tables
? Ability to select external style - list downloaded by JavaScript
? Column and table names auto-completition in SQL textarea
? Save uploaded files after error to session variable instead of hidden field
-? Aliasing of built-in functions can save 7 KB, function minification can save 7 KB, substitution of $_GET and friends can save 2 KB, remove of base64_decode() + using chars 127-255 in minification can save 1 KB, JS packer can save 1 KB
+? Aliasing of built-in functions can save 7 KB, function minification can save 7 KB, substitution of $_GET and friends can save 2 KB, remove of base64_decode() + using chars 127-255 in minification can save 1 KB, JS packer can save 1 KB, not enclosing attribute values can save 1.2 KB
? AJAX editing - select page has all data to display edit form
Editor:

0 comments on commit 12c042c

Please sign in to comment.