Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Escape links

  • Loading branch information...
commit f7f553a947c221d571a12681a171245cd414b7f3 1 parent 2fb1ebc
@vrana authored
View
2  adminer/include/adminer.inc.php
@@ -196,7 +196,7 @@ function selectVal($val, $link, $field) {
if (ereg('blob|bytea|raw|file', $field["type"]) && !is_utf8($val)) {
$return = lang('%d byte(s)', strlen($val));
}
- return ($link ? "<a href='$link'>$return</a>" : $return);
+ return ($link ? "<a href='" . h($link) . "'>$return</a>" : $return);
}
/** Value conversion used in select and edit
View
1  editor/include/adminer.inc.php
@@ -164,6 +164,7 @@ function rowDescriptions($rows, $foreignKeys) {
function selectVal($val, $link, $field) {
$return = ($val === null ? "&nbsp;" : $val);
+ $link = h($link);
if (ereg('blob|bytea', $field["type"]) && !is_utf8($val)) {
$return = lang('%d byte(s)', strlen($val));
if (ereg("^(GIF|\xFF\xD8\xFF|\x89PNG\x0D\x0A\x1A\x0A)", $val)) { // GIF|JPG|PNG, getimagetype() works with filename
Please sign in to comment.
Something went wrong with that request. Please try again.