Fix XSS in browsers which don't encode URL parameters (bug #775)
This commit is contained in:
parent
cde988853d
commit
5c395afc09
|
@ -222,7 +222,7 @@ if (!isset($_GET["import"])) {
|
|||
}
|
||||
echo "<p>";
|
||||
textarea("query", $q, 20);
|
||||
echo script(($_POST ? "" : "qs('textarea').focus();\n") . "qs('#form').onsubmit = partial(sqlSubmit, qs('#form'), '" . remove_from_uri("sql|limit|error_stops|only_errors") . "');");
|
||||
echo script(($_POST ? "" : "qs('textarea').focus();\n") . "qs('#form').onsubmit = partial(sqlSubmit, qs('#form'), '" . js_escape(remove_from_uri("sql|limit|error_stops|only_errors|history")) . "');");
|
||||
echo "<p>$execute\n";
|
||||
echo lang('Limit rows') . ": <input type='number' name='limit' class='size' value='" . h($_POST ? $_POST["limit"] : $_GET["limit"]) . "'>\n";
|
||||
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
Adminer 4.7.9-dev:
|
||||
Fix XSS in browsers which don't encode URL parameters (bug #775, regression from 4.7.0)
|
||||
Elasticsearch, ClickHouse: Do not print response if HTTP code is not 200
|
||||
Don't syntax highlight during IME composition (bug #747)
|
||||
MySQL: Do not export names in quotes with sql_mode='ANSI_QUOTES' (bug #749)
|
||||
|
|
Loading…
Reference in a new issue