diff options
| author | ioguix | 2010-09-06 13:12:47 +0000 |
|---|---|---|
| committer | ioguix | 2010-09-06 13:12:47 +0000 |
| commit | 81e476f61111dffd5183e5105157f0c5414f5cdf (patch) | |
| tree | b6b618d01b9bf0f4145db407d3ff1cf0889f8e6d | |
| parent | decfb0d26f0418be217d34c14f115edbc4277df0 (diff) | |
Fix bad escaped vars for javascript code in the Create Function form
| -rw-r--r-- | functions.php | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/functions.php b/functions.php index 7a64c1fa..0237f21e 100644 --- a/functions.php +++ b/functions.php @@ -457,8 +457,9 @@ if($types->fields['typname'] == $_POST['formReturns']) { $szSelected = " selected=\"selected\""; } - $szTypes .= "<option value=\"". htmlspecialchars($types->fields['typname']) ."\"{$szSelected}>"; - $szTypes .= $misc->printVal($types->fields['typname']) ."</option>"; + /* this variable is include in the JS code bellow, so we need to ENT_QUOTES */ + $szTypes .= "<option value=\"". htmlspecialchars($types->fields['typname'], ENT_QUOTES) ."\"{$szSelected}>"; + $szTypes .= htmlspecialchars($types->fields['typname'], ENT_QUOTES) ."</option>"; $types->moveNext(); } @@ -543,21 +544,20 @@ } $szJSAddTR = "<tr id=\"parent_add_tr\" onclick=\"addArg();\" onmouseover=\"this.style.cursor='pointer'\">\n<td style=\"text-align: right\" colspan=\"6\" class=\"data3\"><table><tr><td class=\"data3\"><img src=\"{$szImgPath}/AddArguments.png\" alt=\"Add Argument\" /></td><td class=\"data3\"><span style=\"font-size: 8pt\">{$lang['strargadd']}</span></td></tr></table></td>\n</tr>\n"; - echo "<script src=\"functions.js\" type=\"text/javascript\"></script> <script type=\"text/javascript\"> //<![CDATA[ var g_types_select = '<select name=\"formArgType[]\">{$szTypes}</select>{$szArgReturns}'; var g_modes_select = '{$szModes}'; var g_name = ''; - var g_lang_strargremove = \"", addslashes($lang["strargremove"]) ,"\"; - var g_lang_strargnoargs = \"", addslashes($lang["strargnoargs"]) ,"\"; - var g_lang_strargenableargs = \"", addslashes($lang["strargenableargs"]) ,"\"; - var g_lang_strargnorowabove = \"", addslashes($lang["strargnorowabove"]) ,"\"; - var g_lang_strargnorowbelow = \"", addslashes($lang["strargnorowbelow"]) ,"\"; - var g_lang_strargremoveconfirm = \"", addslashes($lang["strargremoveconfirm"]) ,"\"; - var g_lang_strargraise = \"", addslashes($lang["strargraise"]) ,"\"; - var g_lang_strarglower = \"", addslashes($lang["strarglower"]) ,"\"; + var g_lang_strargremove = '", htmlspecialchars($lang["strargremove"], ENT_QUOTES) ,"'; + var g_lang_strargnoargs = '", htmlspecialchars($lang["strargnoargs"], ENT_QUOTES) ,"'; + var g_lang_strargenableargs = '", htmlspecialchars($lang["strargenableargs"], ENT_QUOTES) ,"'; + var g_lang_strargnorowabove = '", htmlspecialchars($lang["strargnorowabove"], ENT_QUOTES) ,"'; + var g_lang_strargnorowbelow = '", htmlspecialchars($lang["strargnorowbelow"], ENT_QUOTES) ,"'; + var g_lang_strargremoveconfirm = '", htmlspecialchars($lang["strargremoveconfirm"], ENT_QUOTES) ,"'; + var g_lang_strargraise = '", htmlspecialchars($lang["strargraise"], ENT_QUOTES) ,"'; + var g_lang_strarglower = '", htmlspecialchars($lang["strarglower"], ENT_QUOTES) ,"'; //]]> </script> "; |