Escape link in doc_link (bug #797)
This commit is contained in:
parent
60ad161178
commit
4043092ec2
|
@ -542,7 +542,7 @@ function doc_link($paths, $text = "<sup>?</sup>") {
|
|||
$urls['sql'] = "https://mariadb.com/kb/en/library/";
|
||||
$paths['sql'] = (isset($paths['mariadb']) ? $paths['mariadb'] : str_replace(".html", "/", $paths['sql']));
|
||||
}
|
||||
return ($paths[$jush] ? "<a href='$urls[$jush]$paths[$jush]'" . target_blank() . ">$text</a>" : "");
|
||||
return ($paths[$jush] ? "<a href='" . h($urls[$jush] . $paths[$jush]) . "'" . target_blank() . ">$text</a>" : "");
|
||||
}
|
||||
|
||||
/** Wrap gzencode() for usage in ob_start()
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
Adminer 4.8.1-dev:
|
||||
Internet Explorer or PDO in Adminer 4.7.8-4.8.0: Fix XSS in doc_link (bug #797)
|
||||
Fix more PHP 8 warnings (bug #781)
|
||||
Avoid PHP warnings with PDO drivers (bug #786, regression from 4.7.8)
|
||||
MySQL: Allow moving views to other DB and renaming DB with views (bug #783)
|
||||
|
|
Loading…
Reference in a new issue