Fix XSS in displaying non-UTF-8 strings

adminer/select.inc.php

@@ -349,12 +349,10 @@ if (!$columns) {
 							}
 							if ($val === "") { // === - may be int
 								$val = " ";
-							} elseif (is_utf8($val)) {
-								if ($text_length != "" && is_shortable($field)) {
-									$val = shorten_utf8($val, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network
-								} else {
-									$val = h($val);
-								}
+							} elseif ($text_length != "" && is_shortable($field)) {
+								$val = shorten_utf8($val, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network
+							} else {
+								$val = h($val);
 							}
 							
 							if (!$link) { // link related items

changes.txt

@@ -2,6 +2,7 @@ Adminer 3.6.3-dev:
 Display error code in SQL query
 Allow specifying external links
 Treat Meta key same as Ctrl
+Fix XSS in displaying non-UTF-8 strings
 Don't use type="number" for decimal numbers
 
 Adminer 3.6.2 (released 2012-12-21):