From 66b01a4b9c9e6cf433a086f535e293fdcee33120 Mon Sep 17 00:00:00 2001
From: Albert Peschar <albert@peschar.net>
Date: Wed, 27 Jan 2021 17:35:02 +0200
Subject: [PATCH] Linkify URLs in SQL results

---
 adminer/include/editing.inc.php | 27 ++++++++++++++++-----------
 changes.txt                     |  1 +
 2 files changed, 17 insertions(+), 11 deletions(-)

diff --git a/adminer/include/editing.inc.php b/adminer/include/editing.inc.php
index 517cb539..3cc2734e 100644
--- a/adminer/include/editing.inc.php
+++ b/adminer/include/editing.inc.php
@@ -61,6 +61,20 @@ function select($result, $connection2 = null, $orgtables = array(), $limit = 0)
 		}
 		echo "<tr" . odd() . ">";
 		foreach ($row as $key => $val) {
+			$link = "";
+			if (isset($links[$key]) && !$columns[$links[$key]]) {
+				if ($orgtables && $jush == "sql") { // MySQL EXPLAIN
+					$table = $row[array_search("table=", $links)];
+					$link = ME . $links[$key] . urlencode($orgtables[$table] != "" ? $orgtables[$table] : $table);
+				} else {
+					$link = ME . "edit=" . urlencode($links[$key]);
+					foreach ($indexes[$links[$key]] as $col => $j) {
+						$link .= "&where" . urlencode("[" . bracket_escape($col) . "]") . "=" . urlencode($row[$j]);
+					}
+				}
+			} elseif (is_url($val)) {
+				$link = $val;
+			}
 			if ($val === null) {
 				$val = "<i>NULL</i>";
 			} elseif ($blobs[$key] && !is_utf8($val)) {
@@ -71,17 +85,8 @@ function select($result, $connection2 = null, $orgtables = array(), $limit = 0)
 					$val = "<code>$val</code>";
 				}
 			}
-			if (isset($links[$key]) && !$columns[$links[$key]]) {
-				if ($orgtables && $jush == "sql") { // MySQL EXPLAIN
-					$table = $row[array_search("table=", $links)];
-					$link = $links[$key] . urlencode($orgtables[$table] != "" ? $orgtables[$table] : $table);
-				} else {
-					$link = "edit=" . urlencode($links[$key]);
-					foreach ($indexes[$links[$key]] as $col => $j) {
-						$link .= "&where" . urlencode("[" . bracket_escape($col) . "]") . "=" . urlencode($row[$j]);
-					}
-				}
-				$val = "<a href='" . h(ME . $link) . "'>$val</a>";
+			if ($link) {
+				$val = "<a href='" . h($link) . "'" . (is_url($link) ? target_blank() : '') . ">$val</a>";
 			}
 			echo "<td>$val";
 		}
diff --git a/changes.txt b/changes.txt
index e14a02f8..7d672eff 100644
--- a/changes.txt
+++ b/changes.txt
@@ -3,6 +3,7 @@ Fix XSS in browsers which don't encode URL parameters (bug #775, regression from
 Elasticsearch, ClickHouse: Do not print response if HTTP code is not 200
 Don't syntax highlight during IME composition (bug #747)
 Quote values with leading and trailing zeroes in CSV export (bug #777)
+Link URLs in SQL command (PR #411)
 MySQL: Do not export names in quotes with sql_mode='ANSI_QUOTES' (bug #749)
 MySQL: Avoid error in PHP 8 when connecting to socket (PR #409)
 MySQL: Don't quote default value of text fields (bug #779)