| Apache/2.4.7 (Ubuntu) Linux sman1baleendah 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 uid=33(www-data) gid=33(www-data) groups=33(www-data) safemode : OFF MySQL: ON | Perl: ON | cURL: OFF | WGet: ON > / usr / share / phpmyadmin / libraries / | server ip : 172.67.156.115 your ip : 172.69.59.185 H O M E |
| Filename | /usr/share/phpmyadmin/libraries/js_escape.lib.php |
| Size | 3.4 kb |
| Permission | rw-r--r-- |
| Owner | root : root |
| Create time | 27-Apr-2025 10:12 |
| Last modified | 05-Dec-2013 01:44 |
| Last accessed | 05-Jul-2025 20:24 |
| Actions | edit | rename | delete | download (gzip) |
| View | text | code | image |
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Javascript escaping functions.
*
* @package PhpMyAdmin
*
*/
if (! defined('PHPMYADMIN')) {
exit;
}
/**
* Format a string so it can be a string inside JavaScript code inside an
* eventhandler (onclick, onchange, on..., ).
* This function is used to displays a javascript confirmation box for
* "DROP/DELETE/ALTER" queries.
*
* @param string $a_string the string to format
* @param boolean $add_backquotes whether to add backquotes to the string or not
*
* @return string the formatted string
*
* @access public
*/
function PMA_jsFormat($a_string = '', $add_backquotes = true)
{
if (is_string($a_string)) {
$a_string = htmlspecialchars($a_string);
$a_string = PMA_escapeJsString($a_string);
// Needed for inline javascript to prevent some browsers
// treating it as a anchor
$a_string = str_replace('#', '\\#', $a_string);
}
return (($add_backquotes) ? PMA_Util::backquote($a_string) : $a_string);
} // end of the 'PMA_jsFormat()' function
/**
* escapes a string to be inserted as string a JavaScript block
* enclosed by <![CDATA[ ... ]]>
* this requires only to escape ' with \' and end of script block
*
* We also remove NUL byte as some browsers (namely MSIE) ignore it and
* inserting it anywhere inside </script would allow to bypass this check.
*
* @param string $string the string to be escaped
*
* @return string the escaped string
*/
function PMA_escapeJsString($string)
{
return preg_replace(
'@</script@i', '</\' + \'script',
strtr(
$string,
array(
"\000" => '',
'\\' => '\\\\',
'\'' => '\\\'',
'"' => '\"',
"\n" => '\n',
"\r" => '\r'
)
)
);
}
/**
* Formats a value for javascript code.
*
* @param string $value String to be formatted.
*
* @return string formatted value.
*/
function PMA_formatJsVal($value)
{
if (is_bool($value)) {
if ($value) {
return 'true';
} else {
return 'false';
}
} elseif (is_int($value)) {
return (int)$value;
} else {
return '"' . PMA_escapeJsString($value) . '"';
}
}
/**
* Formats an javascript assignment with proper escaping of a value
* and support for assigning array of strings.
*
* @param string $key Name of value to set
* @param mixed $value Value to set, can be either string or array of strings
* @param bool $escape Whether to escape value or keep it as it is
* (for inclusion of js code)
*
* @return string Javascript code.
*/
function PMA_getJsValue($key, $value, $escape = true)
{
$result = $key . ' = ';
if (!$escape) {
$result .= $value;
} elseif (is_array($value)) {
$result .= '[';
foreach ($value as $val) {
$result .= PMA_formatJsVal($val) . ",";
}
$result .= "];\n";
} else {
$result .= PMA_formatJsVal($value) . ";\n";
}
return $result;
}
/**
* Prints an javascript assignment with proper escaping of a value
* and support for assigning array of strings.
*
* @param string $key Name of value to set
* @param mixed $value Value to set, can be either string or array of strings
*
* @return void
*/
function PMA_printJsValue($key, $value)
{
echo PMA_getJsValue($key, $value);
}
?>
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Javascript escaping functions.
*
* @package PhpMyAdmin
*
*/
if (! defined('PHPMYADMIN')) {
exit;
}
/**
* Format a string so it can be a string inside JavaScript code inside an
* eventhandler (onclick, onchange, on..., ).
* This function is used to displays a javascript confirmation box for
* "DROP/DELETE/ALTER" queries.
*
* @param string $a_string the string to format
* @param boolean $add_backquotes whether to add backquotes to the string or not
*
* @return string the formatted string
*
* @access public
*/
function PMA_jsFormat($a_string = '', $add_backquotes = true)
{
if (is_string($a_string)) {
$a_string = htmlspecialchars($a_string);
$a_string = PMA_escapeJsString($a_string);
// Needed for inline javascript to prevent some browsers
// treating it as a anchor
$a_string = str_replace('#', '\\#', $a_string);
}
return (($add_backquotes) ? PMA_Util::backquote($a_string) : $a_string);
} // end of the 'PMA_jsFormat()' function
/**
* escapes a string to be inserted as string a JavaScript block
* enclosed by <![CDATA[ ... ]]>
* this requires only to escape ' with \' and end of script block
*
* We also remove NUL byte as some browsers (namely MSIE) ignore it and
* inserting it anywhere inside </script would allow to bypass this check.
*
* @param string $string the string to be escaped
*
* @return string the escaped string
*/
function PMA_escapeJsString($string)
{
return preg_replace(
'@</script@i', '</\' + \'script',
strtr(
$string,
array(
"\000" => '',
'\\' => '\\\\',
'\'' => '\\\'',
'"' => '\"',
"\n" => '\n',
"\r" => '\r'
)
)
);
}
/**
* Formats a value for javascript code.
*
* @param string $value String to be formatted.
*
* @return string formatted value.
*/
function PMA_formatJsVal($value)
{
if (is_bool($value)) {
if ($value) {
return 'true';
} else {
return 'false';
}
} elseif (is_int($value)) {
return (int)$value;
} else {
return '"' . PMA_escapeJsString($value) . '"';
}
}
/**
* Formats an javascript assignment with proper escaping of a value
* and support for assigning array of strings.
*
* @param string $key Name of value to set
* @param mixed $value Value to set, can be either string or array of strings
* @param bool $escape Whether to escape value or keep it as it is
* (for inclusion of js code)
*
* @return string Javascript code.
*/
function PMA_getJsValue($key, $value, $escape = true)
{
$result = $key . ' = ';
if (!$escape) {
$result .= $value;
} elseif (is_array($value)) {
$result .= '[';
foreach ($value as $val) {
$result .= PMA_formatJsVal($val) . ",";
}
$result .= "];\n";
} else {
$result .= PMA_formatJsVal($value) . ";\n";
}
return $result;
}
/**
* Prints an javascript assignment with proper escaping of a value
* and support for assigning array of strings.
*
* @param string $key Name of value to set
* @param mixed $value Value to set, can be either string or array of strings
*
* @return void
*/
function PMA_printJsValue($key, $value)
{
echo PMA_getJsValue($key, $value);
}
?>