From 7a628385101f17355e54cfe957abecf35d472c51 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Fri, 18 Jan 2013 14:23:45 -0800
Subject: [PATCH] Fix XSS in displaying non-UTF-8 strings

---
 adminer/select.inc.php | 10 ++++------
 changes.txt            |  1 +
 2 files changed, 5 insertions(+), 6 deletions(-)

diff --git a/adminer/select.inc.php b/adminer/select.inc.php
index 29a3f6ad..6b35e62b 100644
--- a/adminer/select.inc.php
+++ b/adminer/select.inc.php
@@ -349,12 +349,10 @@ if (!$columns) {
 							}
 							if ($val === "") { // === - may be int
 								$val = "&nbsp;";
-							} elseif (is_utf8($val)) {
-								if ($text_length != "" && is_shortable($field)) {
-									$val = shorten_utf8($val, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network
-								} else {
-									$val = h($val);
-								}
+							} elseif ($text_length != "" && is_shortable($field)) {
+								$val = shorten_utf8($val, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network
+							} else {
+								$val = h($val);
 							}
 							
 							if (!$link) { // link related items
diff --git a/changes.txt b/changes.txt
index bd43363a..d675aa68 100644
--- a/changes.txt
+++ b/changes.txt
@@ -2,6 +2,7 @@ Adminer 3.6.3-dev:
 Display error code in SQL query
 Allow specifying external links
 Treat Meta key same as Ctrl
+Fix XSS in displaying non-UTF-8 strings
 Don't use type="number" for decimal numbers
 
 Adminer 3.6.2 (released 2012-12-21):