Utilize js_escape

author Jakub Vrana <jakub@vrana.cz>

Fri, 26 Nov 2010 09:59:16 +0000 (10:59 +0100)

committer Jakub Vrana <jakub@vrana.cz>

Fri, 26 Nov 2010 09:59:16 +0000 (10:59 +0100)
author Jakub Vrana <jakub@vrana.cz>
Fri, 26 Nov 2010 09:59:16 +0000 (10:59 +0100)
committer Jakub Vrana <jakub@vrana.cz>
Fri, 26 Nov 2010 09:59:16 +0000 (10:59 +0100)
diff --git a/adminer/db.inc.php b/adminer/db.inc.php

index a519ca35e35b5edad01f4b4fd5862c080eef3ff7..eaec1c04d747ff805be4292f342b59bd4a7f997f 100644 (file)
--- a/adminer/db.inc.php
+++ b/adminer/db.inc.php
@@ -155,6 +155,6 @@ if ($_GET["ns"] !== "") {
         }
         
         if ($tables_list) {
-               echo "<script type='text/javascript'>ajaxSetHtml('" . addcslashes(ME, "\\'/") . "script=db');</script>\n";
+               echo "<script type='text/javascript'>ajaxSetHtml('" . js_escape(ME) . "script=db');</script>\n";
         }
  }
diff --git a/adminer/include/connect.inc.php b/adminer/include/connect.inc.php

index c61b32aeaf535230e82be393df6f5a2f0f18b03a..54732b20fe0329d7757f8a83157f5275b6b036ad 100644 (file)
--- a/adminer/include/connect.inc.php
+++ b/adminer/include/connect.inc.php
@@ -49,7 +49,7 @@ function connect_error() {
         }
         page_footer("db");
         if ($databases) {
-               echo "<script type='text/javascript'>ajaxSetHtml('" . addcslashes(ME, "\\'/") . "script=connect');</script>\n";
+               echo "<script type='text/javascript'>ajaxSetHtml('" . js_escape(ME) . "script=connect');</script>\n";
         }
  }
author	Jakub Vrana <jakub@vrana.cz>
	Fri, 26 Nov 2010 09:59:16 +0000 (10:59 +0100)
committer	Jakub Vrana <jakub@vrana.cz>
	Fri, 26 Nov 2010 09:59:16 +0000 (10:59 +0100)
adminer/db.inc.php		patch \| blob \| history
adminer/include/connect.inc.php		patch \| blob \| history