403Webshell
Server IP : 61.19.30.66  /  Your IP : 216.73.216.59
Web Server : Apache/2.2.22 (Ubuntu)
System : Linux klw 3.11.0-15-generic #25~precise1-Ubuntu SMP Thu Jan 30 17:39:31 UTC 2014 x86_64
User : www-data ( 33)
PHP Version : 5.3.10-1ubuntu3.48
Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,
MySQL : ON  |  cURL : OFF  |  WGET : ON  |  Perl : ON  |  Python : ON  |  Sudo : ON  |  Pkexec : OFF
Directory :  /var/www/phpmyadminxx/libraries/

Upload File :
current_dir [ Writeable ] document_root [ Writeable ]

 

Command :

[ Back ]     

Current File : /var/www/phpmyadminxx/libraries/js_escape.lib.php
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
 * Javascript escaping functions.
 *
 * @package phpMyAdmin
 *
 */

/**
 * Format a string so it can be a string inside JavaScript code inside an
 * eventhandler (onclick, onchange, on..., ).
 * This function is used to displays a javascript confirmation box for
 * "DROP/DELETE/ALTER" queries.
 *
 * @uses    PMA_escapeJsString()
 * @uses    PMA_backquote()
 * @uses    is_string()
 * @uses    htmlspecialchars()
 * @uses    str_replace()
 * @param   string   $a_string          the string to format
 * @param   boolean  $add_backquotes    whether to add backquotes to the string or not
 *
 * @return  string   the formatted string
 *
 * @access  public
 */
function PMA_jsFormat($a_string = '', $add_backquotes = true)
{
    if (is_string($a_string)) {
        $a_string = htmlspecialchars($a_string);
        $a_string = PMA_escapeJsString($a_string);
        /**
         * @todo what is this good for?
         */
        $a_string = str_replace('#', '\\#', $a_string);
    }

    return (($add_backquotes) ? PMA_backquote($a_string) : $a_string);
} // end of the 'PMA_jsFormat()' function

/**
 * escapes a string to be inserted as string a JavaScript block
 * enclosed by <![CDATA[ ... ]]>
 * this requires only to escape ' with \' and end of script block
 *
 * We also remove NUL byte as some browsers (namely MSIE) ignore it and
 * inserting it anywhere inside </script would allow to bypass this check.
 *
 * @uses    strtr()
 * @uses    preg_replace()
 * @param   string  $string the string to be escaped
 * @return  string  the escaped string
 */
function PMA_escapeJsString($string)
{
    return preg_replace('@</script@i', '</\' + \'script',
                        strtr($string, array(
                                "\000" => '',
                                '\\' => '\\\\',
                                '\'' => '\\\'',
                                '"' => '\"',
                                "\n" => '\n',
                                "\r" => '\r')));
}

/**
 * Prints an javascript assignment with proper escaping of a value
 * and support for assigning array of strings.
 *
 * @param string $key Name of value to set
 * @param mixed $value Value to set, can be either string or array of strings
 */
function PMA_printJsValue($key, $value) {
    echo $key . ' = ';
    if (is_array($value)) {
        echo '[';
        foreach ($value as $id => $val) {
            echo "'" . PMA_escapeJsString($val) . "',";
        }
        echo "];\n";
    } else {
        echo "'" . PMA_escapeJsString($value) . "';\n";
    }
}

?>

Youez - 2016 - github.com/yon3zu
LinuXploit