diff options
| author | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-02-05 19:04:58 +0000 |
|---|---|---|
| committer | Steven Wittens <steven@10.no-reply.drupal.org> | 2006-02-05 19:04:58 +0000 |
| commit | d38429248ee2cbaa442e396f251b1781acbc0d66 (patch) | |
| tree | fb04fcaf6c118752902bc8d4a18ec763e3d9c4da /includes | |
| parent | afde65151c2e3807f8879fd0fe2ecd1cdda9f050 (diff) | |
| download | brdo-d38429248ee2cbaa442e396f251b1781acbc0d66.tar.gz brdo-d38429248ee2cbaa442e396f251b1781acbc0d66.tar.bz2 | |
- #47510: Show JavaScript alert when PHP errors occur
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/common.inc | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/includes/common.inc b/includes/common.inc index 5548ae68b..aead0a2d7 100644 --- a/includes/common.inc +++ b/includes/common.inc @@ -1171,6 +1171,8 @@ function drupal_call_js($function) { /** * Converts a PHP variable into its Javascript equivalent. + * + * We use HTML-safe strings, i.e. with <, > and & escaped. */ function drupal_to_js($var) { switch (gettype($var)) { @@ -1180,8 +1182,18 @@ function drupal_to_js($var) { return $var; case 'resource': case 'string': - return '"'. str_replace(array("\r", "\n"), array('\r', '\n'), addslashes($var)) .'"'; + return '"'. str_replace(array("\r", "\n", "<", ">", "&"), + array('\r', '\n', '\x3c', '\x3e', '\x26'), + addslashes($var)) .'"'; case 'array': + if (array_keys($var) === range(0, sizeof($var) - 1)) { + $output = array(); + foreach($var as $v) { + $output[] = drupal_to_js($v); + } + return '[ '. implode(', ', $output) .' ]'; + } + // Fall through case 'object': $output = array(); foreach ($var as $k => $v) { |