diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index 95879e59..bee16a0f 100644
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -262,7 +262,7 @@ class Adminer {
if (preg_match('~json~', $field["type"])) {
$return = "$return
";
}
- return ($link ? "$return" : $return);
+ return ($link ? "$return" : $return);
}
/** Value conversion used in select and edit
diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index 1d677f3a..5bff85c5 100644
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -128,7 +128,7 @@ function nonce() {
* @return string
*/
function target_blank() {
- return ' target="_blank" rel="noopener"';
+ return ' target="_blank" rel="noreferrer noopener"';
}
/** Escape for HTML
@@ -1215,7 +1215,7 @@ function rand_string() {
* @return string HTML
*/
function select_value($val, $link, $field, $text_length) {
- global $adminer, $HTTPS;
+ global $adminer;
if (is_array($val)) {
$return = "";
foreach ($val as $k => $v) {
@@ -1233,11 +1233,8 @@ function select_value($val, $link, $field, $text_length) {
if (is_mail($val)) {
$link = "mailto:$val";
}
- if ($protocol = is_url($val)) {
- $link = (($protocol == "http" && $HTTPS) || preg_match('~WebKit|Firefox~i', $_SERVER["HTTP_USER_AGENT"]) // WebKit supports noreferrer since 2009, Firefox since version 38
- ? $val // HTTP links from HTTPS pages don't receive Referer automatically
- : "https://www.adminer.org/redirect/?url=" . urlencode($val) // intermediate page to hide Referer
- );
+ if (is_url($val)) {
+ $link = $val; // IE 11 and all modern browsers hide referrer
}
}
$return = $adminer->editVal($val, $field);
@@ -1268,11 +1265,11 @@ function is_mail($email) {
/** Check whether the string is URL address
* @param string
-* @return string "http", "https" or ""
+* @return bool
*/
function is_url($string) {
$domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // one domain component //! IDN
- return (preg_match("~^(https?)://($domain?\\.)+$domain(:\\d+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string, $match) ? strtolower($match[1]) : ""); //! restrict path, query and fragment characters
+ return preg_match("~^(https?)://($domain?\\.)+$domain(:\\d+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string); //! restrict path, query and fragment characters
}
/** Check if field should be shortened
diff --git a/adminer/static/editing.js b/adminer/static/editing.js
index ab5f5f32..03288b31 100644
--- a/adminer/static/editing.js
+++ b/adminer/static/editing.js
@@ -5,7 +5,7 @@
*/
function bodyLoad(version) {
if (window.jush) {
- jush.create_links = ' target="_blank" rel="noopener"';
+ jush.create_links = ' target="_blank" rel="noreferrer noopener"';
if (version) {
for (var key in jush.urls) {
var obj = jush.urls;
diff --git a/changes.txt b/changes.txt
index e8bcf53e..9c7ac54c 100644
--- a/changes.txt
+++ b/changes.txt
@@ -2,6 +2,7 @@ Adminer 4.5.1-dev:
Fix counting selected rows after going back to select page
PHP <5.3 compatibility even with Elasticsearch enabled
Fully support functions in default values
+Stop redirecting links via adminer.org
MariaDB: Support JSON since MariaDB 10.2
PostgreSQL: Support functions
PostgreSQL: Allow editing views with uppercase letters (bug #467)
diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index 51961595..1da44c47 100644
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -195,7 +195,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
$return = (preg_match('~^(1|t|true|y|yes|on)$~i', $value) ? lang('yes') : lang('no'));
}
if ($link) {
- $return = "$return";
+ $return = "$return";
}
if (!$link && !like_bool($field) && preg_match('~int|float|double|decimal~', $field["type"])) {
$return = "