Add missing HTML escaping
[phpmyadmin.git] / browse_foreigners.php
blobc31d74ca8a44fd1987113f1971d6c579eca919db
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * display selection for relational field values
6 * @package phpMyAdmin
7 */
9 /**
10 * Gets a core script and starts output buffering work
12 require_once './libraries/common.inc.php';
14 PMA_checkParameters(array('db', 'table', 'field'));
16 require_once './libraries/ob.lib.php';
17 PMA_outBufferPre();
19 require_once './libraries/header_http.inc.php';
21 /**
22 * Displays the frame
24 require_once './libraries/transformations.lib.php'; // Transformations
25 $cfgRelation = PMA_getRelationsParam();
26 $foreigners = ($cfgRelation['relwork'] ? PMA_getForeigners($db, $table) : false);
28 $override_total = true;
30 if (! isset($pos)) {
31 $pos = 0;
34 $foreign_limit = 'LIMIT ' . $pos . ', ' . $GLOBALS['cfg']['MaxRows'] . ' ';
35 if (isset($foreign_navig) && $foreign_navig == __('Show all')) {
36 unset($foreign_limit);
39 $foreignData = PMA_getForeignData($foreigners, $field, $override_total, isset($foreign_filter) ? $foreign_filter : '', $foreign_limit);
41 if (isset($rownumber)) {
42 $rownumber_param = '&amp;rownumber=' . urlencode($rownumber);
43 } else {
44 $rownumber_param = '';
47 $gotopage = '';
48 $showall = '';
50 if (is_array($foreignData['disp_row'])) {
52 if ($cfg['ShowAll'] && ($foreignData['the_total'] > $GLOBALS['cfg']['MaxRows'])) {
53 $showall = '<input type="submit" name="foreign_navig" value="' . __('Show all') . '" />';
56 $session_max_rows = $GLOBALS['cfg']['MaxRows'];
57 $pageNow = @floor($pos / $session_max_rows) + 1;
58 $nbTotalPage = @ceil($foreignData['the_total'] / $session_max_rows);
60 if ($foreignData['the_total'] > $GLOBALS['cfg']['MaxRows']) {
61 $gotopage = PMA_pageselector(
62 $session_max_rows,
63 $pageNow,
64 $nbTotalPage,
65 200,
68 20,
69 10,
70 __('Page number:')
75 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
76 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
77 <html xmlns="http://www.w3.org/1999/xhtml"
78 xml:lang="<?php echo $available_languages[$lang][1]; ?>"
79 lang="<?php echo $available_languages[$lang][1]; ?>"
80 dir="<?php echo $text_dir; ?>">
82 <head>
83 <title>phpMyAdmin</title>
84 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
85 <link rel="stylesheet" type="text/css"
86 href="phpmyadmin.css.php?<?php echo PMA_generate_common_url('', ''); ?>&amp;js_frame=right&amp;nocache=<?php echo $GLOBALS['PMA_Config']->getThemeUniqueValue(); ?>" />
87 <?php
88 // includes everything asked for by libraries/common.inc.php
89 require_once './libraries/header_scripts.inc.php';
91 <script type="text/javascript">
92 //<![CDATA[
93 self.focus();
94 function formupdate(fieldmd5, key) {
95 var $inline = window.opener.jQuery('.browse_foreign_clicked');
96 if ($inline.length != 0) {
97 $inline.removeClass('browse_foreign_clicked')
98 // puts new value in the previous element which is
99 // a span with class curr_value
100 .prev().text(key);
101 self.close();
102 return false;
105 if (opener && opener.document && opener.document.insertForm) {
106 var field = 'fields';
108 <?php if (isset($rownumber)) { ?>
109 var element_name = field + '[multi_edit][<?php echo htmlspecialchars($rownumber); ?>][' + fieldmd5 + ']';
110 <?php } else { ?>
111 var element_name = field + '[]';
112 <?php } ?>
114 <?php if (isset($fieldkey) && is_numeric($fieldkey)) { ?>
115 var element_name_alt = field + '[<?php echo $fieldkey; ?>]';
116 <?php } else { ?>
117 var element_name_alt = field + '[0]';
118 <?php } ?>
120 if (opener.document.insertForm.elements[element_name]) {
121 // Edit/Insert form
122 opener.document.insertForm.elements[element_name].value = key;
123 self.close();
124 return false;
125 } else if (opener.document.insertForm.elements[element_name_alt]) {
126 // Search form
127 opener.document.insertForm.elements[element_name_alt].value = key;
128 self.close();
129 return false;
133 alert('<?php echo PMA_jsFormat(__('The target browser window could not be updated. Maybe you have closed the parent window, or your browser\'s security settings are configured to block cross-window updates.')); ?>');
135 //]]>
136 </script>
137 </head>
139 <body id="body_browse_foreigners">
141 <form action="browse_foreigners.php" method="post">
142 <fieldset>
143 <?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
144 <input type="hidden" name="field" value="<?php echo htmlspecialchars($field); ?>" />
145 <input type="hidden" name="fieldkey"
146 value="<?php echo isset($fieldkey) ? htmlspecialchars($fieldkey) : ''; ?>" />
147 <?php if (isset($rownumber)) { ?>
148 <input type="hidden" name="rownumber" value="<?php echo htmlspecialchars($rownumber); ?>" />
149 <?php } ?>
150 <span class="formelement">
151 <label for="input_foreign_filter"><?php echo __('Search') . ':'; ?></label>
152 <input type="text" name="foreign_filter" id="input_foreign_filter"
153 value="<?php echo isset($foreign_filter) ? htmlspecialchars($foreign_filter) : ''; ?>" />
154 <input type="submit" name="submit_foreign_filter" value="<?php echo __('Go');?>" />
155 </span>
156 <span class="formelement">
157 <?php echo $gotopage; ?>
158 </span>
159 <span class="formelement">
160 <?php echo $showall; ?>
161 </span>
162 </fieldset>
163 </form>
165 <table width="100%">
166 <?php
167 if (is_array($foreignData['disp_row'])) {
168 $header = '<tr>
169 <th>' . __('Keyname') . '</th>
170 <th>' . __('Description') . '</th>
171 <td width="20%"></td>
172 <th>' . __('Description') . '</th>
173 <th>' . __('Keyname') . '</th>
174 </tr>';
176 echo '<thead>' . $header . '</thead>' . "\n"
177 .'<tfoot>' . $header . '</tfoot>' . "\n"
178 .'<tbody>' . "\n";
180 $values = array();
181 $keys = array();
182 foreach ($foreignData['disp_row'] as $relrow) {
183 if ($foreignData['foreign_display'] != false) {
184 $values[] = $relrow[$foreignData['foreign_display']];
185 } else {
186 $values[] = '';
189 $keys[] = $relrow[$foreignData['foreign_field']];
192 asort($keys);
194 $hcount = 0;
195 $odd_row = true;
196 $val_ordered_current_row = 0;
197 $val_ordered_current_equals_data = false;
198 $key_ordered_current_equals_data = false;
199 foreach ($keys as $key_ordered_current_row => $value) {
200 //for ($i = 0; $i < $count; $i++) {
201 $hcount++;
203 if ($cfg['RepeatCells'] > 0 && $hcount > $cfg['RepeatCells']) {
204 echo $header;
205 $hcount = 0;
206 $odd_row = true;
209 $key_ordered_current_key = $keys[$key_ordered_current_row];
210 $key_ordered_current_val = $values[$key_ordered_current_row];
212 $val_ordered_current_key = $keys[$val_ordered_current_row];
213 $val_ordered_current_val = $values[$val_ordered_current_row];
215 $val_ordered_current_row++;
217 if (PMA_strlen($val_ordered_current_val) <= $cfg['LimitChars']) {
218 $val_ordered_current_val = htmlspecialchars($val_ordered_current_val);
219 $val_ordered_current_val_title = '';
220 } else {
221 $val_ordered_current_val_title =
222 htmlspecialchars($val_ordered_current_val);
223 $val_ordered_current_val =
224 htmlspecialchars(PMA_substr($val_ordered_current_val, 0,
225 $cfg['LimitChars']) . '...');
227 if (PMA_strlen($key_ordered_current_val) <= $cfg['LimitChars']) {
228 $key_ordered_current_val = htmlspecialchars($key_ordered_current_val);
229 $key_ordered_current_val_title = '';
230 } else {
231 $key_ordered_current_val_title =
232 htmlspecialchars($key_ordered_current_val);
233 $key_ordered_current_val =
234 htmlspecialchars(PMA_substr($key_ordered_current_val, 0,
235 $cfg['LimitChars']) . '...');
238 if (! empty($data)) {
239 $val_ordered_current_equals_data = $val_ordered_current_key == $data;
240 $key_ordered_current_equals_data = $key_ordered_current_key == $data;
244 <tr class="noclick <?php echo $odd_row ? 'odd' : 'even'; $odd_row = ! $odd_row; ?>">
245 <td nowrap="nowrap">
246 <?php
247 echo ($key_ordered_current_equals_data ? '<strong>' : '')
248 .'<a href="#" title="' . __('Use this value')
249 . ($key_ordered_current_val_title != '' ? ': ' . $key_ordered_current_val_title : '') . '"'
250 .' onclick="formupdate(\'' . md5($field) . '\', \''
251 . PMA_jsFormat($key_ordered_current_key, false) . '\'); return false;">'
252 .htmlspecialchars($key_ordered_current_key) . '</a>' . ($key_ordered_current_equals_data ? '</strong>' : '');
253 ?></td>
254 <td>
255 <?php
256 echo ($key_ordered_current_equals_data ? '<strong>' : '')
257 . '<a href="#" title="' . __('Use this value') . ($key_ordered_current_val_title != '' ? ': '
258 . $key_ordered_current_val_title : '') . '" onclick="formupdate(\''
259 . md5($field) . '\', \'' . PMA_jsFormat($key_ordered_current_key, false) . '\'); return false;">'
260 . $key_ordered_current_val . '</a>' . ($key_ordered_current_equals_data ? '</strong>' : '');
261 ?></td>
262 <td width="20%">
263 <img src="<?php echo $GLOBALS['pmaThemeImage'] . 'spacer.png'; ?>"
264 alt="" width="1" height="1" /></td>
266 <td>
267 <?php
268 echo ($val_ordered_current_equals_data ? '<strong>' : '')
269 . '<a href="#" title="' . __('Use this value') . ($val_ordered_current_val_title != '' ? ': '
270 . $val_ordered_current_val_title : '') . '" onclick="formupdate(\'' . md5($field)
271 . '\', \'' . PMA_jsFormat($val_ordered_current_key, false) . '\'); return false;">'
272 . $val_ordered_current_val . '</a>' . ($val_ordered_current_equals_data ? '</strong>' : '');
273 ?></td>
274 <td nowrap="nowrap">
275 <?php
276 echo ($val_ordered_current_equals_data ? '<strong>' : '') . '<a href="#" title="'
277 . __('Use this value') . ($val_ordered_current_val_title != '' ? ': ' . $val_ordered_current_val_title : '')
278 . '" onclick="formupdate(\'' . md5($field) . '\', \''
279 . PMA_jsFormat($val_ordered_current_key, false) . '\'); return false;">' . htmlspecialchars($val_ordered_current_key)
280 . '</a>' . ($val_ordered_current_equals_data ? '</strong>' : '');
281 ?></td>
282 </tr>
283 <?php
284 } // end while
287 </tbody>
288 </table>
290 </body>
291 </html>