Disallow scripts without nonce

2025-08-08 15:47:00 +02:00 · 2018-01-13 22:17:00 +01:00
parent e23da5da0e
commit 80d030f51a
9 changed files with 32 additions and 13 deletions
--- a/plugins/login-sqlite.php
+++ b/plugins/login-sqlite.php
@@ -14,7 +14,7 @@ class AdminerLoginSqlite {

 	function loginForm() {
 		?>
-<script>
+<script<?php echo nonce(); ?>>
 addEventListener('load', function () {
 	var driver = qs('name="auth[driver]"');
 	if (isTag(driver, 'select')) {
--- a/plugins/tables-filter.php
+++ b/plugins/tables-filter.php
@@ -24,7 +24,7 @@ foreach ($tables as $table => $status) {
 }
 ?>
 </ul>
-<script>
+<script<?php echo nonce(); ?>>
 var tablesFilterTimeout = null;
 var tablesFilterValue = '';

--- a/plugins/tinymce.php
+++ b/plugins/tinymce.php
@@ -29,7 +29,7 @@ class AdminerTinymce {
 		}
 		echo script_src($this->path);
 		?>
-<script>
+<script<?php echo nonce(); ?>>
 tinyMCE.init({
 	mode: 'none',
 	theme: 'advanced',