diff options
author | Sebastian Mendel <cybot_tm@users.sourceforge.net> | 2007-03-22 20:30:09 +0300 |
---|---|---|
committer | Sebastian Mendel <cybot_tm@users.sourceforge.net> | 2007-03-22 20:30:09 +0300 |
commit | 239114294147953cf4e1ef8d5aed7c4e89e34d82 (patch) | |
tree | 2f9eec17f02043ee708d44a8a23ed510e0e3463c /querywindow.php | |
parent | aaac3066d68ba36a20051157c23cce6589816406 (diff) |
fixed escaping for JavaScript
Diffstat (limited to 'querywindow.php')
-rw-r--r-- | querywindow.php | 75 |
1 files changed, 33 insertions, 42 deletions
diff --git a/querywindow.php b/querywindow.php index 7402fbe563..9514c8f314 100644 --- a/querywindow.php +++ b/querywindow.php @@ -259,49 +259,40 @@ if (! empty($_sql_history) foreach ($_sql_history as $query) { echo '<li>' . "\n"; // edit link - echo '<a href="#" onclick="' - .' document.getElementById(\'hiddenqueryform\').' - .'querydisplay_tab.value = \'' . $tab . '\';' - .' document.getElementById(\'hiddenqueryform\').' - .'query_history_latest.value = \'' - . preg_replace('/(\r|\n)+/i', '\\n', - PMA_jsFormat($query['sqlquery'], false)) . '\';' - .' document.getElementById(\'hiddenqueryform\').' - .'auto_commit.value = \'false\';' - .' document.getElementById(\'hiddenqueryform\').' - .'db.value = \'' . htmlspecialchars($query['db']) . '\';' - .' document.getElementById(\'hiddenqueryform\').' - .'query_history_latest_db.value = \'' - . htmlspecialchars($query['db']) . '\';' - .' document.getElementById(\'hiddenqueryform\').' - .'table.value = \'' . htmlspecialchars($query['table']) . '\';' - .' document.getElementById(\'hiddenqueryform\').' - .'query_history_latest_table.value = \'' - . htmlspecialchars($query['table']) . '\';' - .' document.getElementById(\'hiddenqueryform\').submit();' - .' return false;">' . $titles['Change'] . '</a>'; + echo '<a href="#" onclick="'; +?> +// <![CDATA[ +var form = document.getElementById('hiddenqueryform'); +form.querydisplay_tab.value = '<?php echo $tab ?>'; +form.query_history_latest.value = '<?php + echo preg_replace('/(\r|\n)+/i', '\\n', PMA_jsFormat($query['sqlquery'], false)) ?>'; +form.auto_commit.value = 'false'; +form.db.value = '<?php echo PMA_jsFormat($query['db'], false) ?>'; +form.query_history_latest_db.value = '<?php echo PMA_jsFormat($query['db'], false) ?>'; +form.table.value = '<?php echo PMA_jsFormat($query['table'], false) ?>'; +form.query_history_latest_table.value = '<?php echo PMA_jsFormat($query['table'], false) ?>'; +form.submit(); +return false; +// ]] +<?php + echo '">' . $titles['Change'] . '</a>'; // execute link - echo '<a href="#" onclick="' - .' document.getElementById(\'hiddenqueryform\').' - .'querydisplay_tab.value = \'' . $tab . '\';' - .' document.getElementById(\'hiddenqueryform\').' - .'query_history_latest.value = \'' - . preg_replace('/(\r|\n)+/i', '\\r\\n', - PMA_jsFormat($query['sqlquery'], false)) . '\';' - .' document.getElementById(\'hiddenqueryform\').' - .'auto_commit.value = \'true\';' - .' document.getElementById(\'hiddenqueryform\').' - .'db.value = \'' . htmlspecialchars($query['db']) . '\';' - .' document.getElementById(\'hiddenqueryform\').' - .'query_history_latest_db.value = \'' - . htmlspecialchars($query['db']) . '\';' - .' document.getElementById(\'hiddenqueryform\').' - .'table.value = \'' . htmlspecialchars($query['table']) . '\';' - .' document.getElementById(\'hiddenqueryform\').' - .'query_history_latest_table.value = \'' - . htmlspecialchars($query['table']) . '\';' - .' document.getElementById(\'hiddenqueryform\').submit();' - .' return false;">'; + echo '<a href="#" onclick="'; + ?> +// <![CDATA[ +var form = document.getElementById('hiddenqueryform'); +form.querydisplay_tab.value = '<?php echo $tab ?>'; +form.query_history_latest.value = '<?php + echo preg_replace('/(\r|\n)+/i', '\\r\\n', PMA_jsFormat($query['sqlquery'], false)) ?>'; +form.auto_commit.value = 'true'; +form.db.value = '<?php echo PMA_jsFormat($query['db'], false) ?>'; +form.query_history_latest_db.value = '<?php echo PMA_jsFormat($query['db'], false) ?>'; +form.table.value = '<?php echo PMA_jsFormat($query['table'], false) ?>'; +form.query_history_latest_table.value = '<?php echo PMA_jsFormat($query['table'], false) ?>'; +form.submit(); +return false; +// ]]"> +<?php if (! empty($query['db'])) { echo '['; echo htmlspecialchars(PMA_backquote($query['db'])); |