Escape HTML markup in transformation wrapper

...in case content type is html. Signed-off-by: Michal Čihař <michal@cihar.com>
phpmyadmin · Jul 13, 2016 · 09a427b · 09a427b
1 parent 8f3ee9f
commit 09a427b
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/transformation_wrapper.php b/transformation_wrapper.php
@@ -112,7 +112,11 @@
 PMA_downloadHeader($cn, $mime_type);
 
 if (! isset($resize)) {
-    echo $row[$transform_key];
+    if (stripos($mime_type, 'html') === false) {
+        echo $row[$transform_key];
+    } else {
+        echo htmlspecialchars($row[$transform_key]);
+    }
 } else {
     // if image_*__inline.inc.php finds that we can resize,
     // it sets $resize to jpeg or png