beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Fix XSS in displaying non-UTF-8 strings

Browse source
This commit is contained in:
Jakub Vrana 2013-01-18 14:23:45 -08:00
parent da2a0190a4
commit 7a62838510
2 changed files with 5 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
adminer/select.inc.php
View file

@ -349,12 +349,10 @@ if (!$columns) {
} }
if ($val === "") { // === - may be int if ($val === "") { // === - may be int
$val = " "; $val = " ";
} elseif (is_utf8($val)) { } elseif ($text_length != "" && is_shortable($field)) {
if ($text_length != "" && is_shortable($field)) { $val = shorten_utf8($val, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network
$val = shorten_utf8($val, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network } else {
} else { $val = h($val);
$val = h($val);
}
} }
if (!$link) { // link related items if (!$link) { // link related items

1
changes.txt
View file

@ -2,6 +2,7 @@ Adminer 3.6.3-dev:
Display error code in SQL query Display error code in SQL query
Allow specifying external links Allow specifying external links
Treat Meta key same as Ctrl Treat Meta key same as Ctrl
Fix XSS in displaying non-UTF-8 strings
Don't use type="number" for decimal numbers Don't use type="number" for decimal numbers
Adminer 3.6.2 (released 2012-12-21): Adminer 3.6.2 (released 2012-12-21):