mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-12 09:34:10 +02:00
Code Issues Releases Wiki Activity

Escape links

Browse Source
This commit is contained in:
Jakub Vrana
2012-12-05 15:29:57 -08:00
parent 2fb1ebc7f1
commit f7f553a947
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adminer/include/adminer.inc.php
View File

@@ -196,7 +196,7 @@ username.form['auth[driver]'].onchange();
if (ereg('blob|bytea|raw|file', $field["type"]) && !is_utf8($val)) { if (ereg('blob|bytea|raw|file', $field["type"]) && !is_utf8($val)) {
$return = lang('%d byte(s)', strlen($val)); $return = lang('%d byte(s)', strlen($val));
} }
return ($link ? "<a href='$link'>$return</a>" : $return); return ($link ? "<a href='" . h($link) . "'>$return</a>" : $return);
} }
/** Value conversion used in select and edit /** Value conversion used in select and edit

1
editor/include/adminer.inc.php
View File

@@ -164,6 +164,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
function selectVal($val, $link, $field) { function selectVal($val, $link, $field) {
$return = ($val === null ? "&nbsp;" : $val); $return = ($val === null ? "&nbsp;" : $val);
$link = h($link);
if (ereg('blob|bytea', $field["type"]) && !is_utf8($val)) { if (ereg('blob|bytea', $field["type"]) && !is_utf8($val)) {
$return = lang('%d byte(s)', strlen($val)); $return = lang('%d byte(s)', strlen($val));
if (ereg("^(GIF|\xFF\xD8\xFF|\x89PNG\x0D\x0A\x1A\x0A)", $val)) { // GIF|JPG|PNG, getimagetype() works with filename if (ereg("^(GIF|\xFF\xD8\xFF|\x89PNG\x0D\x0A\x1A\x0A)", $val)) { // GIF|JPG|PNG, getimagetype() works with filename