Fix XSS in displaying non-UTF-8 strings
This commit is contained in:
parent
da2a0190a4
commit
7a62838510
|
@ -349,12 +349,10 @@ if (!$columns) {
|
|||
}
|
||||
if ($val === "") { // === - may be int
|
||||
$val = " ";
|
||||
} elseif (is_utf8($val)) {
|
||||
if ($text_length != "" && is_shortable($field)) {
|
||||
$val = shorten_utf8($val, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network
|
||||
} else {
|
||||
$val = h($val);
|
||||
}
|
||||
} elseif ($text_length != "" && is_shortable($field)) {
|
||||
$val = shorten_utf8($val, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network
|
||||
} else {
|
||||
$val = h($val);
|
||||
}
|
||||
|
||||
if (!$link) { // link related items
|
||||
|
|
|
@ -2,6 +2,7 @@ Adminer 3.6.3-dev:
|
|||
Display error code in SQL query
|
||||
Allow specifying external links
|
||||
Treat Meta key same as Ctrl
|
||||
Fix XSS in displaying non-UTF-8 strings
|
||||
Don't use type="number" for decimal numbers
|
||||
|
||||
Adminer 3.6.2 (released 2012-12-21):
|
||||
|
|
Loading…
Reference in a new issue