mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-15 11:04:02 +02:00
Code Issues Releases Wiki Activity

Disallow scripts without nonce

Browse Source
This commit is contained in:
Jakub Vrana
2018-01-13 22:17:00 +01:00
parent e23da5da0e
commit 80d030f51a
9 changed files with 32 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
adminer/include/adminer.inc.php
View File

@@ -420,7 +420,7 @@ class Adminer {
echo "<fieldset><legend>" . lang('Action') . "</legend><div>";
echo "<input type='submit' value='" . lang('Select') . "'>";
echo " <span id='noindex' title='" . lang('Full table scan') . "'></span>";
echo "<script>\n";
echo "<script" . nonce() . ">\n";
echo "var indexColumns = ";
$columns = array();
foreach ($indexes as $index) {
@@ -897,7 +897,7 @@ class Adminer {
if (support("sql")) {
echo script_src("../externals/jush/modules/jush-$jush.js");
?>
<script>
<script<?php echo nonce(); ?>>
<?php
if ($tables) {
$links = array();