Translation update done using Pootle.
[phpmyadmin/madhuracj.git] / libraries / js_escape.lib.php
blobc410eb92b63d3e8c5a8a158e9b25cf512fcd5416
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Javascript escaping functions.
6 * @package PhpMyAdmin
8 */
10 /**
11 * Format a string so it can be a string inside JavaScript code inside an
12 * eventhandler (onclick, onchange, on..., ).
13 * This function is used to displays a javascript confirmation box for
14 * "DROP/DELETE/ALTER" queries.
16 * @param string $a_string the string to format
17 * @param boolean $add_backquotes whether to add backquotes to the string or not
19 * @return string the formatted string
21 * @access public
23 function PMA_jsFormat($a_string = '', $add_backquotes = true)
25 if (is_string($a_string)) {
26 $a_string = htmlspecialchars($a_string);
27 $a_string = PMA_escapeJsString($a_string);
28 // Needed for inline javascript to prevent some browsers
29 // treating it as a anchor
30 $a_string = str_replace('#', '\\#', $a_string);
33 return (($add_backquotes) ? PMA_backquote($a_string) : $a_string);
34 } // end of the 'PMA_jsFormat()' function
36 /**
37 * escapes a string to be inserted as string a JavaScript block
38 * enclosed by <![CDATA[ ... ]]>
39 * this requires only to escape ' with \' and end of script block
41 * We also remove NUL byte as some browsers (namely MSIE) ignore it and
42 * inserting it anywhere inside </script would allow to bypass this check.
44 * @param string $string the string to be escaped
45 * @return string the escaped string
47 function PMA_escapeJsString($string)
49 return preg_replace('@</script@i', '</\' + \'script',
50 strtr($string, array(
51 "\000" => '',
52 '\\' => '\\\\',
53 '\'' => '\\\'',
54 '"' => '\"',
55 "\n" => '\n',
56 "\r" => '\r')));
59 /**
60 * Formats a value for javascript code.
62 * @param string $value String to be formatted.
64 * @retrun string formatted value.
66 function PMA_formatJsVal($value)
68 if (is_bool($value)) {
69 if ($value) {
70 return 'true';
71 } else {
72 return 'false';
74 } elseif (is_int($value)) {
75 return (int)$value;
76 } else {
77 return '"' . PMA_escapeJsString($value) . '"';
81 /**
82 * Formats an javascript assignment with proper escaping of a value
83 * and support for assigning array of strings.
85 * @param string $key Name of value to set
86 * @param mixed $value Value to set, can be either string or array of strings
87 * @param bool $escape Whether to escape value or keep it as it is (for inclusion of js code)
89 * @return string Javascript code.
91 function PMA_getJsValue($key, $value, $escape = true)
93 $result = $key . ' = ';
94 if (!$escape) {
95 $result .= $value;
96 } elseif (is_array($value)) {
97 $result .= '[';
98 foreach ($value as $id => $val) {
99 $result .= PMA_formatJsVal($val) . ",";
101 $result .= "];\n";
102 } else {
103 $result .= PMA_formatJsVal($value) . ";\n";
105 return $result;
109 * Prints an javascript assignment with proper escaping of a value
110 * and support for assigning array of strings.
112 * @param string $key Name of value to set
113 * @param mixed $value Value to set, can be either string or array of strings
115 * @return nothing
117 function PMA_printJsValue($key, $value)
119 echo PMA_getJsValue($key, $value);