Fix XSS in displaying non-UTF-8 strings
This commit is contained in:
parent
da2a0190a4
commit
7a62838510
|
@ -349,12 +349,10 @@ if (!$columns) {
|
||||||
}
|
}
|
||||||
if ($val === "") { // === - may be int
|
if ($val === "") { // === - may be int
|
||||||
$val = " ";
|
$val = " ";
|
||||||
} elseif (is_utf8($val)) {
|
} elseif ($text_length != "" && is_shortable($field)) {
|
||||||
if ($text_length != "" && is_shortable($field)) {
|
$val = shorten_utf8($val, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network
|
||||||
$val = shorten_utf8($val, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network
|
} else {
|
||||||
} else {
|
$val = h($val);
|
||||||
$val = h($val);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$link) { // link related items
|
if (!$link) { // link related items
|
||||||
|
|
|
@ -2,6 +2,7 @@ Adminer 3.6.3-dev:
|
||||||
Display error code in SQL query
|
Display error code in SQL query
|
||||||
Allow specifying external links
|
Allow specifying external links
|
||||||
Treat Meta key same as Ctrl
|
Treat Meta key same as Ctrl
|
||||||
|
Fix XSS in displaying non-UTF-8 strings
|
||||||
Don't use type="number" for decimal numbers
|
Don't use type="number" for decimal numbers
|
||||||
|
|
||||||
Adminer 3.6.2 (released 2012-12-21):
|
Adminer 3.6.2 (released 2012-12-21):
|
||||||
|
|
Loading…
Reference in a new issue