The branch, master has been updated via 1b3f0af486ab897b805faa02789e12db73aebb4f (commit) via f29559242f47675c7208f7a339c006aa259cab80 (commit) via adb94ccb4b2db4497f5acda84ea026c98d6b2356 (commit) via 0e3015ce1bcbdd48e04f5788acce904abec67b53 (commit) from 19c78d1780287c06eb666b46383ce7b004341b73 (commit)

- Log ----------------------------------------------------------------- commit 1b3f0af486ab897b805faa02789e12db73aebb4f Author: Michal Čihař mcihar@novell.com Date: Tue Sep 7 10:51:52 2010 +0200

No need for quotes and escaping anymore.

commit f29559242f47675c7208f7a339c006aa259cab80 Author: Michal Čihař mcihar@novell.com Date: Tue Sep 7 10:51:27 2010 +0200

Make non js ENUM editor automatically escape fields.

commit adb94ccb4b2db4497f5acda84ea026c98d6b2356 Author: Michal Čihař mcihar@novell.com Date: Tue Sep 7 10:44:10 2010 +0200

No need to escape manually.

commit 0e3015ce1bcbdd48e04f5788acce904abec67b53 Author: Michal Čihař mcihar@novell.com Date: Tue Sep 7 10:43:39 2010 +0200

Automatic escaping in js enum editor.

-----------------------------------------------------------------------

Summary of changes: enum_editor.php | 18 ++++++++---------- js/functions.js | 36 ++++++++++++++++++------------------ libraries/tbl_properties.inc.php | 2 +- 3 files changed, 27 insertions(+), 29 deletions(-)

diff --git a/enum_editor.php b/enum_editor.php index 74ed09a..9ae8595 100644 --- a/enum_editor.php +++ b/enum_editor.php @@ -19,25 +19,23 @@ require_once './libraries/header_meta_style.inc.php'; <form action="enum_editor.php" method="get"> <div id="enum_editor_no_js"> <h3><?php printf(__('Values for the column "%s"'), htmlspecialchars($_GET['field'])); ?></h3> - <p><?php echo __('Enter each value in a separate field, enclosed in single quotes. If you ever need to put a backslash ("\") or a single quote ("\'") amongst those values, precede it with a backslash (for example \'\\\\xyz\' or \'a\\\'b\').'); ?></p> + <p><?php echo __('Enter each value in a separate field.'); ?></p> <div id="values"> <?php - $values = ''; + $values = array(); if (isset($_GET['values'])) { // This page was displayed when the "add a new value" link or the link in tbl_alter.php was clicked - $values = urldecode($_GET['values']); + $values = split(',', urldecode($_GET['values'])); } elseif (isset($_GET['num_fields'])) { // This page was displayed from submitting this form for($field_num = 1; $field_num <= $_GET['num_fields']; $field_num++) { - $values .= $_GET['field' . $field_num] . ","; + $values[] = "'" . str_replace(array("'", '\'), array("''", '\\'), $_GET['field' . $field_num]) . "'"; } } // Display the values in text fields, excluding empty strings $field_counter = 0; - $stripped_values = array(); // The values to display in the output - foreach(split(",", $values) as $value) { + foreach($values as $value) { if(trim($value) != "") { $field_counter++; - echo sprintf('<input type="text" size="30" value="%s" name="field' . $field_counter . '" />', htmlspecialchars($value)); - $stripped_values[] = htmlspecialchars($value); + echo sprintf('<input type="text" size="30" value="%s" name="field' . $field_counter . '" />', htmlspecialchars(str_replace(array("''", '\\', "\'"), array("'", '\', "'"), substr($value, 1, -1)))); } }

@@ -55,7 +53,7 @@ require_once './libraries/header_meta_style.inc.php'; ?> </div> <p> - <a href="enum_editor.php?token=<?php echo urlencode($_GET['token']); ?>&field=<?php echo urlencode($_GET['field']); ?>&extra_fields=<?php echo $_GET['extra_fields'] + 1; ?>&values=<?php echo $values; ?>"> + <a href="enum_editor.php?token=<?php echo urlencode($_GET['token']); ?>&field=<?php echo urlencode($_GET['field']); ?>&extra_fields=<?php echo $_GET['extra_fields'] + 1; ?>&values=<?php echo urlencode(join(",", $values)); ?>"> + Restart insertion and add a new value </a> </p> @@ -68,7 +66,7 @@ require_once './libraries/header_meta_style.inc.php'; <div id="enum_editor_output"> <h3>Output</h3> <p>Copy and paste the joined values into the "Length/Values" field</p> - <textarea id="joined_values" cols="95" rows="5"><?php echo join(",", $stripped_values); ?></textarea> + <textarea id="joined_values" cols="95" rows="5"><?php echo join(",", $values); ?></textarea> </div> </div> </body> diff --git a/js/functions.js b/js/functions.js index e49d5d0..f19344e 100644 --- a/js/functions.js +++ b/js/functions.js @@ -935,7 +935,7 @@ $(document).ready(PMA_markRowsInit); * @param container DOM element */ function markAllRows( container_id ) { - + $("#"+container_id).find("input:checkbox:enabled").attr('checked', 'checked') .parents("tr").addClass("marked"); return true; @@ -948,7 +948,7 @@ function markAllRows( container_id ) { * @param container DOM element */ function unMarkAllRows( container_id ) { - + $("#"+container_id).find("input:checkbox:enabled").removeAttr('checked') .parents("tr").removeClass("marked"); return true; @@ -1417,7 +1417,7 @@ function refreshLayout() { var elm = $('#pdflayout') var orientation = $('#orientation_opt').val(); if($('#paper_opt').length==1){ - var paper = $('#paper_opt').val(); + var paper = $('#paper_opt').val(); }else{ var paper = 'A4'; } @@ -1737,7 +1737,7 @@ $(document).ready(function(){ $("#all_table_same_wide").attr("disabled","disabled"); $("#paper_opt").attr("disabled","disabled"); $("#show_color_opt").attr("disabled","disabled"); - + }else if($("#export_type").val()=='pdf'){ $("#show_grid_opt").removeAttr("disabled"); $("#orientation_opt").removeAttr("disabled"); @@ -1763,7 +1763,7 @@ $(document).ready(function(){

/** * Function to process the plain HTML response from an Ajax request. Inserts - * the various HTML divisions from the response at the proper locations. The + * the various HTML divisions from the response at the proper locations. The * array relates the divisions to be inserted to their placeholders. * * @param var divisions_map an associative array of id names @@ -1796,7 +1796,7 @@ function PMA_ajaxInsertResponse(divisions_map) { */

function PMA_ajaxShowMessage(message, timeout) { - + //Handle the case when a empty data.message is passed. We don't want the empty message if(message == '') { return true; @@ -1961,7 +1961,7 @@ jQuery.fn.PMA_sort_table = function(text_selector) { * jQuery coding for 'Create Table'. Used on db_operations.php, * db_structure.php and db_tracking.php (i.e., wherever * libraries/display_create_table.lib.php is used) - * + * * Attach Ajax Event handlers for Create Table */ $(document).ready(function() { @@ -1969,7 +1969,7 @@ $(document).ready(function() { /** * Attach event handler to the submit action of the create table minimal form * and retrieve the full table form and display it in a dialog - * + * * @uses PMA_ajaxShowMessage() */ $("#create_table_form_minimal").live('submit', function(event) { @@ -1996,12 +1996,12 @@ $(document).ready(function() { buttons : button_options }); // end dialog options }) // end $.get() - + });

/** * Attach event handler for submission of create table form - * + * * @uses PMA_ajaxShowMessage() * @uses $.PMA_sort_table() * @uses window.parent.refreshNavigation() @@ -2086,7 +2086,7 @@ $(document).ready(function() {

/** * Attach Ajax event handlers for Empty Table - * + * * @uses PMA_ajaxShowMessage() * @uses $.PMA_confirm() */ @@ -2119,7 +2119,7 @@ $(document).ready(function() {

/** * Attach Ajax event handler for Drop Table - * + * * @uses PMA_ajaxShowMessage() * @uses $.PMA_confirm() * @uses window.parent.refreshNavigation() @@ -2192,9 +2192,9 @@ $(document).ready(function() { }, 'top.frame_content'); //end $(document).ready() for Drop Trigger

/** - * Attach Ajax event handlers for Drop Database. Moved here from db_structure.js + * Attach Ajax event handlers for Drop Database. Moved here from db_structure.js * as it was also required on db_create.php - * + * * @uses $.PMA_confirm() * @uses PMA_ajaxShowMessage() * @uses window.parent.refreshNavigation() @@ -2287,7 +2287,7 @@ $(document).ready(function() {

/** * Attach Ajax event handler for Change Password form submission - * + * * @uses PMA_ajaxShowMessage() */ $("#change_password_form").find('input[name=change_pw]').live('click', function(event) { @@ -2312,7 +2312,7 @@ $(document).ready(function() { if(data.success == true) {

PMA_ajaxShowMessage(data.message); - + $("#topmenucontainer").after(data.sql_query);

$("#change_password_dialog").hide().remove(); @@ -2380,7 +2380,7 @@ $(document).ready(function() { val = val + "'"; } // escape the single quotes, except the mandatory ones enclosing the entire string - val = val.substr(1, val.length-2).replace(/'/g, "&#039;"); + val = val.substr(1, val.length-2).replace(/''/g, "'").replace(/\\/g, '\').replace(/\'/g, "'").replace(/'/g, "&#039;"); // escape the greater-than symbol val = val.replace(/>/g, "&gt;"); $("#enum_editor #values").append("<input type='text' value=" + val + " />"); @@ -2412,7 +2412,7 @@ $(document).ready(function() { $.each($("#enum_editor #values input"), function(index, input_element) { val = jQuery.trim(input_element.value); if(val != "") { - value_array.push("'" + val + "'"); + value_array.push("'" + val.replace(/\/g, '\\').replace(/'/g, "''") + "'"); } }); // get the Length/Values text field where this value belongs diff --git a/libraries/tbl_properties.inc.php b/libraries/tbl_properties.inc.php index 8a7b9ea..c093635 100644 --- a/libraries/tbl_properties.inc.php +++ b/libraries/tbl_properties.inc.php @@ -796,7 +796,7 @@ if ($action == 'tbl_create.php') { <div id="enum_editor"> <a class="close_enum_editor">Close</a> <h3><?php printf(__('Values for the column "%s"'), isset($row['Field']) ? htmlspecialchars($row['Field']) : ""); ?></h3> -<p><?php echo __('Enter each value in a separate field. If you ever need to put a backslash ("\") or a single quote ("\'") amongst those values, precede it with a backslash (for example \'\\\\xyz\' or \'a\\\'b\').'); ?></p> +<p><?php echo __('Enter each value in a separate field.'); ?></p> <div id="values"></div> <p><a class="add_value">+ Add a new value</a></p> <input type="submit" value="Go" /> <a class="cancel_enum_editor">Cancel</a>

hooks/post-receive