Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Escape JavaScript strings (bug #3093243)

  • Loading branch information...
commit 28f21aaa6cb23b5486ffa0b2361ff456d793d206 1 parent 7d601c0
Jakub Vrána authored October 22, 2010
2  adminer/include/adminer.inc.php
@@ -560,7 +560,7 @@ function navigation($missing) {
560 560
 							$links[] = preg_quote($table, '/');
561 561
 						}
562 562
 						echo "<script type='text/javascript'>\n";
563  
-						echo "var jushLinks = { $jush: [ '" . addcslashes(h(ME), "\\'/") . "table=\$&', /\\b(" . implode("|", $links) . ")\\b/g ] };\n";
  563
+						echo "var jushLinks = { $jush: [ '" . js_escape(ME) . "table=\$&', /\\b(" . implode("|", $links) . ")\\b/g ] };\n";
564 564
 						foreach (array("bac", "bra", "sqlite_quo", "mssql_bra") as $val) {
565 565
 							echo "jushLinks.$val = jushLinks.$jush;\n";
566 566
 						}
10  adminer/include/functions.inc.php
@@ -143,6 +143,14 @@ function confirm($count = "") {
143 143
 	return " onclick=\"return confirm('" . lang('Are you sure?') . ($count ? " (' + $count + ')" : "") . "');\"";
144 144
 }
145 145
 
  146
+/** Escape string for JavaScript apostrophes
  147
+* @param string
  148
+* @return string
  149
+*/
  150
+function js_escape($string) {
  151
+	return addcslashes($string, "\r\n'\\/"); // slash for <script>
  152
+}
  153
+
146 154
 /** Get INI boolean value
147 155
 * @param string
148 156
 * @return bool
@@ -591,7 +599,7 @@ function input($field, $value, $function) {
591 599
 			}
592 600
 			$first++;
593 601
 		}
594  
-		$onchange = ($first ? " onchange=\"var f = this.form['function[" . addcslashes($name, "\r\n'\\") . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
  602
+		$onchange = ($first ? " onchange=\"var f = this.form['function[" . js_escape($name) . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
595 603
 		$attrs .= $onchange;
596 604
 		echo (count($functions) > 1 ? html_select("function[$name]", $functions, !isset($function) || in_array($function, $functions) || isset($functions[$function]) ? $function : "") : nbsp(reset($functions))) . '<td>';
597 605
 		$input = $adminer->editInput($_GET["edit"], $field, $attrs, $value); // usage in call is without a table
2  adminer/schema.inc.php
@@ -7,7 +7,7 @@
7 7
 preg_match_all('~([^:]+):([-0-9.]+)x([-0-9.]+)(_|$)~', $_COOKIE["adminer_schema"], $matches, PREG_SET_ORDER); //! ':' in table name
8 8
 foreach ($matches as $i => $match) {
9 9
 	$table_pos[$match[1]] = array($match[2], $match[3]);
10  
-	$table_pos_js[] = "\n\t'" . addcslashes($match[1], "\r\n'\\/") . "': [ $match[2], $match[3] ]";
  10
+	$table_pos_js[] = "\n\t'" . js_escape($match[1]) . "': [ $match[2], $match[3] ]";
11 11
 }
12 12
 
13 13
 $top = 0;
8  adminer/script.inc.php
@@ -7,11 +7,11 @@
7 7
 if ($_GET["script"] == "db") {
8 8
 	$sums = array("Data_length" => 0, "Index_length" => 0, "Data_free" => 0);
9 9
 	foreach (table_status() as $row) {
10  
-		$id = addcslashes($row["Name"], "\\'/");
11  
-		echo "setHtml('Comment-$id', '" . addcslashes(nbsp($row["Comment"]), "'\\") . "');\n";
  10
+		$id = js_escape($row["Name"]);
  11
+		echo "setHtml('Comment-$id', '" . js_escape(nbsp($row["Comment"])) . "');\n";
12 12
 		if (!is_view($row)) {
13 13
 			foreach (array("Engine", "Collation") as $key) {
14  
-				echo "setHtml('$key-$id', '" . addcslashes(nbsp($row[$key]), "'\\") . "');\n";
  14
+				echo "setHtml('$key-$id', '" . js_escape(nbsp($row[$key])) . "');\n";
15 15
 			}
16 16
 			foreach ($sums + array("Auto_increment" => 0, "Rows" => 0) as $key => $val) {
17 17
 				if ($row[$key] != "") {
@@ -31,7 +31,7 @@
31 31
 	}
32 32
 } else { // connect
33 33
 	foreach (count_tables(get_databases()) as $db => $val) {
34  
-		echo "setHtml('tables-" . addcslashes($db, "\\'/") . "', '$val');\n";
  34
+		echo "setHtml('tables-" . js_escape($db) . "', '$val');\n";
35 35
 	}
36 36
 }
37 37
 
2  adminer/trigger.inc.php
@@ -30,7 +30,7 @@
30 30
 
31 31
 <form action="" method="post" id="form">
32 32
 <table cellspacing="0">
33  
-<tr><th><?php echo lang('Time'); ?><td><?php echo html_select("Timing", $trigger_options["Timing"], $row["Timing"], "if (/^" . h(preg_quote($TABLE, "/")) . "_[ba][iud]$/.test(this.form['Trigger'].value)) this.form['Trigger'].value = '" . h(addcslashes($TABLE, "\r\n'\\")) . "_' + selectValue(this).charAt(0).toLowerCase() + selectValue(this.form['Event']).charAt(0).toLowerCase();"); ?>
  33
+<tr><th><?php echo lang('Time'); ?><td><?php echo html_select("Timing", $trigger_options["Timing"], $row["Timing"], "if (/^" . h(preg_quote($TABLE, "/")) . "_[ba][iud]$/.test(this.form['Trigger'].value)) this.form['Trigger'].value = '" . h(js_escape($TABLE)) . "_' + selectValue(this).charAt(0).toLowerCase() + selectValue(this.form['Event']).charAt(0).toLowerCase();"); ?>
34 34
 <tr><th><?php echo lang('Event'); ?><td><?php echo html_select("Event", $trigger_event, $row["Event"], "this.form['Timing'].onchange();"); ?>
35 35
 <tr><th><?php echo lang('Type'); ?><td><?php echo html_select("Type", $trigger_options["Type"], $row["Type"]); ?>
36 36
 </table>

0 notes on commit 28f21aa

Please sign in to comment.
Something went wrong with that request. Please try again.