!C99Shell v. 1.0 pre-release build #16!

Software: Apache/2.0.54 (Fedora). PHP/5.0.4 

uname -a: Linux mina-info.me 2.6.17-1.2142_FC4smp #1 SMP Tue Jul 11 22:57:02 EDT 2006 i686 

uid=48(apache) gid=48(apache) groups=48(apache)
context=system_u:system_r:httpd_sys_script_t 

Safe-mode: OFF (not secure)

/home/mnnews/public_html/login/phpmyadmin/libraries/   drwxr-xr-x
Free 4.55 GB of 27.03 GB (16.83%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Feedback    Self remove    Logout    


Viewing file:     js_escape.lib.php (4.5 KB)      -rw-r--r--
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
<?php
/* vim: set expandtab sw=4 ts=4 sts=4: */
/**
* Javascript escaping functions.
*
* @package PhpMyAdmin
*
*/
if (! defined('PHPMYADMIN')) {
    exit;
}

/**
* Format a string so it can be a string inside JavaScript code inside an
* eventhandler (onclick, onchange, on..., ).
* This function is used to displays a javascript confirmation box for
* "DROP/DELETE/ALTER" queries.
*
* @param string  $a_string       the string to format
* @param boolean $add_backquotes whether to add backquotes to the string or not
*
* @return string   the formatted string
*
* @access  public
*/
function PMA_jsFormat($a_string = '', $add_backquotes = true)
{
    if (is_string($a_string)) {
        $a_string = htmlspecialchars($a_string);
        $a_string = PMA_escapeJsString($a_string);
        // Needed for inline javascript to prevent some browsers
        // treating it as a anchor
        $a_string = str_replace('#', '\\#', $a_string);
    }

    return (($add_backquotes) ? PMA_Util::backquote($a_string) : $a_string);
} // end of the 'PMA_jsFormat()' function

/**
* escapes a string to be inserted as string a JavaScript block
* enclosed by <![CDATA[ ... ]]>
* this requires only to escape ' with \' and end of script block
*
* We also remove NUL byte as some browsers (namely MSIE) ignore it and
* inserting it anywhere inside </script would allow to bypass this check.
*
* @param string $string the string to be escaped
*
* @return string  the escaped string
*/
function PMA_escapeJsString($string)
{
    return preg_replace(
        '@</script@i', '</\' + \'script',
        strtr(
            $string,
            array(
                "\000" => '',
                '\\' => '\\\\',
                '\'' => '\\\'',
                '"' => '\"',
                "\n" => '\n',
                "\r" => '\r'
            )
        )
    );
}

/**
* Formats a value for javascript code.
*
* @param string $value String to be formatted.
*
* @return string formatted value.
*/
function PMA_formatJsVal($value)
{
    if (is_bool($value)) {
        if ($value) {
            return 'true';
        }

        return 'false';
    }

    if (is_int($value)) {
        return (int)$value;
    }

    return '"' . PMA_escapeJsString($value) . '"';
}

/**
* Formats an javascript assignment with proper escaping of a value
* and support for assigning array of strings.
*
* @param string $key    Name of value to set
* @param mixed  $value  Value to set, can be either string or array of strings
* @param bool   $escape Whether to escape value or keep it as it is
*                       (for inclusion of js code)
*
* @return string Javascript code.
*/
function PMA_getJsValue($key, $value, $escape = true)
{
    $result = $key . ' = ';
    if (!$escape) {
        $result .= $value;
    } elseif (is_array($value)) {
        $result .= '[';
        foreach ($value as $val) {
            $result .= PMA_formatJsVal($val) . ",";
        }
        $result .= "];\n";
    } else {
        $result .= PMA_formatJsVal($value) . ";\n";
    }
    return $result;
}

/**
* Prints an javascript assignment with proper escaping of a value
* and support for assigning array of strings.
*
* @param string $key   Name of value to set
* @param mixed  $value Value to set, can be either string or array of strings
*
* @return void
*/
function PMA_printJsValue($key, $value)
{
    echo PMA_getJsValue($key, $value);
}

/**
* Formats javascript assignment for form validation api
* with proper escaping of a value.
*
* @param string  $key   Name of value to set
* @param string  $value Value to set
* @param boolean $addOn Check if $.validator.format is required or not
* @param boolean $comma Check if comma is required
*
* @return string Javascript code.
*/
function PMA_getJsValueForFormValidation($key, $value, $addOn, $comma)
{
    $result = $key . ': ';
    if ($addOn) {
        $result .= '$.validator.format(';
    }
    $result .= PMA_formatJsVal($value);
    if ($addOn) {
        $result .= ')';
    }
    if ($comma) {
        $result .= ', ';
    }
    return $result;
}

/**
* Prints javascript assignment for form validation api
* with proper escaping of a value.
*
* @param string  $key   Name of value to set
* @param string  $value Value to set
* @param boolean $addOn Check if $.validator.format is required or not
* @param boolean $comma Check if comma is required
*
* @return void
*/
function PMA_printJsValueForFormValidation($key, $value, $addOn=false, $comma=true)
{
    echo PMA_getJsValueForFormValidation($key, $value, $addOn, $comma);
}

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 1.0 pre-release build #16 powered by Captain Crunch Security Team | http://ccteam.ru | Generation time: 0.0058 ]--