Release 4.7.4

adminer/db.inc.php

@@ -65,7 +65,6 @@ if ($adminer->homepage()) {
 					search_tables();
 				}
 			}
-			$doc_link = doc_link(array('sql' => 'show-table-status.html'));
 			echo "<div class='scrollable'>\n";
 			echo "<table cellspacing='0' class='nowrap checkable'>\n";
 			echo script("mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});");
@@ -74,12 +73,12 @@ if ($adminer->homepage()) {
 			echo '<th>' . lang('Table');
 			echo '<td>' . lang('Engine') . doc_link(array('sql' => 'storage-engines.html'));
 			echo '<td>' . lang('Collation') . doc_link(array('sql' => 'charset-charsets.html', 'mariadb' => 'supported-character-sets-and-collations/'));
-			echo '<td>' . lang('Data Length') . $doc_link;
-			echo '<td>' . lang('Index Length') . $doc_link;
-			echo '<td>' . lang('Data Free') . $doc_link;
+			echo '<td>' . lang('Data Length') . doc_link(array('sql' => 'show-table-status.html', 'pgsql' => 'functions-admin.html#FUNCTIONS-ADMIN-DBOBJECT', 'oracle' => 'REFRN20286'));
+			echo '<td>' . lang('Index Length') . doc_link(array('sql' => 'show-table-status.html', 'pgsql' => 'functions-admin.html#FUNCTIONS-ADMIN-DBOBJECT'));
+			echo '<td>' . lang('Data Free') . doc_link(array('sql' => 'show-table-status.html'));
 			echo '<td>' . lang('Auto Increment') . doc_link(array('sql' => 'example-auto-increment.html', 'mariadb' => 'auto_increment/'));
-			echo '<td>' . lang('Rows') . $doc_link;
-			echo (support("comment") ? '<td>' . lang('Comment') . $doc_link : '');
+			echo '<td>' . lang('Rows') . doc_link(array('sql' => 'show-table-status.html', 'pgsql' => 'catalog-pg-class.html#CATALOG-PG-CLASS', 'oracle' => 'REFRN20286'));
+			echo (support("comment") ? '<td>' . lang('Comment') . doc_link(array('sql' => 'show-table-status.html', 'pgsql' => 'functions-info.html#FUNCTIONS-INFO-COMMENT-TABLE')) : '');
 			echo "</thead>\n";
 
 			$tables = 0;

adminer/foreign.inc.php

@@ -97,7 +97,7 @@ foreach ($row["source"] as $key => $val) {
 	'mariadb' => "foreign-keys/",
 	'pgsql' => "sql-createtable.html#SQL-CREATETABLE-REFERENCES",
 	'mssql' => "ms174979.aspx",
-	'oracle' => "clauses002.htm#sthref2903",
+	'oracle' => "https://docs.oracle.com/cd/B19306_01/server.102/b14200/clauses002.htm#sthref2903",
 )); ?>
 <p>
 <input type="submit" value="<?php echo lang('Save'); ?>">

adminer/include/bootstrap.inc.php

@@ -84,7 +84,7 @@ include "../adminer/drivers/mysql.inc.php"; // must be included as last driver
 
 define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
 define("DB", $_GET["db"]); // for the sake of speed and size
-define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"]) . '?'
+define("ME", str_replace(":", "%3a", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"])) . '?'
 	. (sid() ? SID . '&' : '')
 	. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
 	. (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '')

adminer/include/editing.inc.php

@@ -531,9 +531,9 @@ function doc_link($paths, $text = "<sup>?</sup>") {
 	$urls = array(
 		'sql' => "https://dev.mysql.com/doc/refman/$version/en/",
 		'sqlite' => "https://www.sqlite.org/",
-		'pgsql' => "https://www.postgresql.org/docs/$version/static/",
+		'pgsql' => "https://www.postgresql.org/docs/$version/",
 		'mssql' => "https://msdn.microsoft.com/library/",
-		'oracle' => "https://download.oracle.com/docs/cd/B19306_01/server.102/b14200/",
+		'oracle' => "https://www.oracle.com/pls/topic/lookup?ctx=db" . preg_replace('~^.* (\d+)\.(\d+)\.\d+\.\d+\.\d+.*~s', '\1\2', $server_info) . "&id=",
 	);
 	if (preg_match('~MariaDB~', $server_info)) {
 		$urls['sql'] = "https://mariadb.com/kb/en/library/";

adminer/include/version.inc.php

@@ -1,2 +1,2 @@
 <?php
-$VERSION = "4.7.3";
+$VERSION = "4.7.4";

adminer/processlist.inc.php

@@ -27,7 +27,7 @@ foreach (process_list() as $i => $row) {
 			echo "<th>$key" . doc_link(array(
 				'sql' => "show-processlist.html#processlist_" . strtolower($key),
 				'pgsql' => "monitoring-stats.html#PG-STAT-ACTIVITY-VIEW",
-				'oracle' => "../b14237/dynviews_2088.htm",
+				'oracle' => "REFRN30223",
 			));
 		}
 		echo "</thead>\n";

changes.txt

@@ -1,3 +1,6 @@
+Adminer 4.7.4 (released 2019-10-22):
+Fix XSS if Adminer is accessible at URL /data:
+
 Adminer 4.7.3 (released 2019-08-27):
 Allow editing foreign keys pointing to tables in other database/schema (bug #694)
 Fix blocking of concurrent instances in PHP >7.2 (bug #703)

compile.php

@@ -403,6 +403,12 @@ if ($driver) {
 		$file = str_replace('<?php echo html_select("auth[driver]", $drivers, DRIVER) . "\n"; ?>', "<input type='hidden' name='auth[driver]' value='" . ($driver == "mysql" ? "server" : $driver) . "'>" . reset($drivers), $file);
 	}
 	$file = preg_replace('(;../externals/jush/modules/jush-(?!textarea\.|txt\.|js\.|' . preg_quote($driver == "mysql" ? "sql" : $driver) . '\.)[^.]+.js)', '', $file);
+	$file = preg_replace_callback('~doc_link\(array\((.*)\)\)~sU', function ($match) use ($driver) {
+		list(, $links) = $match;
+		$links = preg_replace("~'(?!(" . ($driver == "mysql" ? "sql|mariadb" : $driver) . ")')[^']*' => [^,]*,?~", '', $links);
+		return (trim($links) ? "doc_link(array($links))" : "''");
+	}, $file);
+	//! strip doc_link() definition
 }
 if ($project == "editor") {
 	$file = preg_replace('~;.\.\/externals/jush/jush\.css~', '', $file);