diff --git a/htdocs/sql/libraries/js_escape.lib.php b/htdocs/sql/libraries/js_escape.lib.php new file mode 100755 --- /dev/null +++ b/htdocs/sql/libraries/js_escape.lib.php @@ -0,0 +1,68 @@ + + * @package phpMyAdmin + * + * @version $Id: js_escape.lib.php 11604 2008-09-22 14:09:44Z lem9 $ + */ + +/** + * Format a string so it can be a string inside JavaScript code inside an + * eventhandler (onclick, onchange, on..., ). + * This function is used to displays a javascript confirmation box for + * "DROP/DELETE/ALTER" queries. + * + * @uses PMA_escapeJsString() + * @uses PMA_backquote() + * @uses is_string() + * @uses htmlspecialchars() + * @uses str_replace() + * @param string $a_string the string to format + * @param boolean $add_backquotes whether to add backquotes to the string or not + * + * @return string the formatted string + * + * @access public + */ +function PMA_jsFormat($a_string = '', $add_backquotes = true) +{ + if (is_string($a_string)) { + $a_string = htmlspecialchars($a_string); + $a_string = PMA_escapeJsString($a_string); + /** + * @todo what is this good for? + */ + $a_string = str_replace('#', '\\#', $a_string); + } + + return (($add_backquotes) ? PMA_backquote($a_string) : $a_string); +} // end of the 'PMA_jsFormat()' function + +/** + * escapes a string to be inserted as string a JavaScript block + * enclosed by + * this requires only to escape ' with \' and end of script block + * + * We also remove NUL byte as some browsers (namely MSIE) ignore it and + * inserting it anywhere inside '', + '\\' => '\\\\', + '\'' => '\\\'', + "\n" => '\n', + "\r" => '\r'))); +} + +?>