Skip to content
Browse files

More thorough escaping

  • Loading branch information...
1 parent 037c547 commit be4f2ef76c3b85e3c901ae3fe5a7e678d9571b60 @vrana committed
Showing with 2 additions and 2 deletions.
  1. +2 −2 adminer/include/functions.inc.php
View
4 adminer/include/functions.inc.php
@@ -93,7 +93,7 @@ function nl_br($string) {
function checkbox($name, $value, $checked, $label = "", $onclick = "", $jsonly = false) {
static $id = 0;
$id++;
- $return = "<input type='checkbox' name='$name' value='" . h($value) . "'" . ($checked ? " checked" : "") . ($onclick ? " onclick=\"$onclick\"" : "") . ($jsonly ? " class='jsonly'" : "") . " id='checkbox-$id'>";
+ $return = "<input type='checkbox' name='$name' value='" . h($value) . "'" . ($checked ? " checked" : "") . ($onclick ? ' onclick="' . h($onclick) . '"' : '') . ($jsonly ? " class='jsonly'" : "") . " id='checkbox-$id'>";
return ($label != "" ? "<label for='checkbox-$id'>$return" . h($label) . "</label>" : $return);
}
@@ -864,7 +864,7 @@ function is_url($string) {
* @return null
*/
function print_fieldset($id, $legend, $visible = false, $onclick = "") {
- echo "<fieldset><legend><a href='#fieldset-$id' onclick=\"$onclick" . "return !toggle('fieldset-$id');\">$legend</a></legend><div id='fieldset-$id'" . ($visible ? "" : " class='hidden'") . ">\n";
+ echo "<fieldset><legend><a href='#fieldset-$id' onclick=\"" . h($onclick) . "return !toggle('fieldset-$id');\">$legend</a></legend><div id='fieldset-$id'" . ($visible ? "" : " class='hidden'") . ">\n";
}
/** Return class='active' if $bold is true

0 comments on commit be4f2ef

Please sign in to comment.
Something went wrong with that request. Please try again.