mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-15 19:13:59 +02:00
Code Issues Releases Wiki Activity

Fix XSS (thanks to Jigal van Hemert)

Browse Source
This commit is contained in:
Jakub Vrana
2011-07-26 22:25:20 +02:00
parent 71efbc545a
commit 037c547365
4 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adminer/include/design.inc.php
View File

@@ -38,7 +38,7 @@ var areYouSure = '<?php echo lang('Resend POST data?'); ?>';
<?php } ?>
<?php } ?>
<body class="<?php echo lang('ltr'); ?> nojs"<?php echo ($_POST ? "" : " onclick=\"return bodyClick(event, '" . js_escape(DB) . "', '" . js_escape($_GET["ns"]) . "');\""); // avoid re-post confirmation after refreshing the next page in Google Chrome ?> onkeydown="bodyKeydown(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion();"); ?>">
<body class="<?php echo lang('ltr'); ?> nojs"<?php echo ($_POST ? "" : " onclick=\"return bodyClick(event, '" . h(js_escape(DB) . "', '" . js_escape($_GET["ns"])) . "');\""); // avoid re-post confirmation after refreshing the next page in Google Chrome ?> onkeydown="bodyKeydown(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion();"); ?>">
<script type="text/javascript">
document.body.className = document.body.className.replace(/(^|\s)nojs(\s|$)/, '$1js$2');
</script>

4
adminer/include/functions.inc.php
View File

@@ -130,7 +130,7 @@ function optionlist($options, $selected = null, $use_keys = false) {
*/
function html_select($name, $options, $value = "", $onchange = true) {
if ($onchange) {
return "<select name='" . h($name) . "'" . (is_string($onchange) ? " onchange=\"$onchange\"" : "") . ">" . optionlist($options, $value) . "</select>";
return "<select name='" . h($name) . "'" . (is_string($onchange) ? ' onchange="' . h($onchange) . '"' : "") . ">" . optionlist($options, $value) . "</select>";
}
$return = "";
foreach ($options as $key => $val) {
@@ -676,7 +676,7 @@ function input($field, $value, $function) {
}
$first++;
}
$onchange = ($first ? " onchange=\"var f = this.form['function[" . js_escape($name) . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
$onchange = ($first ? " onchange=\"var f = this.form['function[" . h(js_escape($name)) . "]']; if ($first > f.selectedIndex) f.selectedIndex = $first;\"" : "");
$attrs .= $onchange;
echo (count($functions) > 1 ? html_select("function[$name]", $functions, !isset($function) || in_array($function, $functions) || isset($functions[$function]) ? $function : "", "functionChange(this);") : nbsp(reset($functions))) . '<td>';
$input = $adminer->editInput($_GET["edit"], $field, $attrs, $value); // usage in call is without a table