From b14aa75a9845f9eb8d1c1f843b027a9bbafc0580 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Tue, 23 Jan 2018 12:53:22 +0100
Subject: [PATCH] Hide window.opener from pages opened in a new window (bug
 #561)

---
 adminer/include/adminer.inc.php   | 6 +++---
 adminer/include/auth.inc.php      | 2 +-
 adminer/include/editing.inc.php   | 2 +-
 adminer/include/functions.inc.php | 7 +++++++
 adminer/lang/bg.inc.php           | 2 +-
 adminer/lang/cs.inc.php           | 4 ++--
 adminer/lang/da.inc.php           | 2 +-
 adminer/lang/de.inc.php           | 2 +-
 adminer/lang/el.inc.php           | 2 +-
 adminer/lang/fa.inc.php           | 2 +-
 adminer/lang/fi.inc.php           | 2 +-
 adminer/lang/fr.inc.php           | 2 +-
 adminer/lang/gl.inc.php           | 2 +-
 adminer/lang/he.inc.php           | 4 ++--
 adminer/lang/no.inc.php           | 2 +-
 adminer/lang/pl.inc.php           | 2 +-
 adminer/lang/ru.inc.php           | 4 ++--
 adminer/lang/vi.inc.php           | 2 +-
 adminer/lang/xx.inc.php           | 4 ++--
 adminer/static/editing.js         | 2 +-
 changes.txt                       | 1 +
 editor/include/adminer.inc.php    | 4 ++--
 22 files changed, 35 insertions(+), 27 deletions(-)

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index 7029e2cd..89ad937a 100644
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -9,7 +9,7 @@ class Adminer {
 	* @return string HTML code
 	*/
 	function name() {
-		return "<a href='https://www.adminer.org/' target='_blank' id='h1'>Adminer</a>";
+		return "<a href='https://www.adminer.org/'" . target_blank() . " id='h1'>Adminer</a>";
 	}
 
 	/** Connection parameters
@@ -126,7 +126,7 @@ class Adminer {
 	function login($login, $password) {
 		global $jush;
 		if ($jush == "sqlite") {
-			return lang('<a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to use SQLite.', '<code>login()</code>');
+			return lang('<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.', target_blank(), '<code>login()</code>');
 		}
 		return true;
 	}
@@ -889,7 +889,7 @@ class Adminer {
 		?>
 <h1>
 <?php echo $this->name(); ?> <span class="version"><?php echo $VERSION; ?></span>
-<a href="https://www.adminer.org/#download" target="_blank" id="version"><?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : ""); ?></a>
+<a href="https://www.adminer.org/#download"<?php echo target_blank(); ?> id="version"><?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : ""); ?></a>
 </h1>
 <?php
 		if ($missing == "auth") {
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index a9d6e9fd..22ff2403 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -134,7 +134,7 @@ function auth_error($error) {
 			$password = get_password();
 			if ($password !== null) {
 				if ($password === false) {
-					$error .= '<br>' . lang('Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.', '<code>permanentLogin()</code>');
+					$error .= '<br>' . lang('Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.', target_blank(), '<code>permanentLogin()</code>');
 				}
 				set_password(DRIVER, SERVER, $_GET["username"], null);
 			}
diff --git a/adminer/include/editing.inc.php b/adminer/include/editing.inc.php
index e525a540..94197287 100644
--- a/adminer/include/editing.inc.php
+++ b/adminer/include/editing.inc.php
@@ -498,7 +498,7 @@ function doc_link($paths) {
 		'mssql' => "https://msdn.microsoft.com/library/",
 		'oracle' => "https://download.oracle.com/docs/cd/B19306_01/server.102/b14200/",
 	);
-	return ($paths[$jush] ? "<a href='$urls[$jush]$paths[$jush]' target='_blank' rel='noreferrer'><sup>?</sup></a>" : "");
+	return ($paths[$jush] ? "<a href='$urls[$jush]$paths[$jush]'" . target_blank() . "><sup>?</sup></a>" : "");
 }
 
 /** Wrap gzencode() for usage in ob_start()
diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index e0ded6ba..1d3ecf75 100644
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -105,6 +105,13 @@ function nonce() {
 	return ' nonce="' . get_nonce() . '"';
 }
 
+/** Get a target="_blank" attribute
+* @return string
+*/
+function target_blank() {
+	return ' target="_blank" rel="noopener"';
+}
+
 /** Escape for HTML
 * @param string
 * @return string
diff --git a/adminer/lang/bg.inc.php b/adminer/lang/bg.inc.php
index d46651ca..5fcbb191 100644
--- a/adminer/lang/bg.inc.php
+++ b/adminer/lang/bg.inc.php
@@ -12,7 +12,7 @@ $translations = array(
 	'Logout successful.' => 'Излизането е успешно.',
 	'Invalid credentials.' => 'Невалидни потребителски данни.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Прекалено много неуспешни опити за вход, опитайте пак след %d минута.', 'Прекалено много неуспешни опити за вход, опитайте пак след %d минути.'),
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Главната парола вече е невалидна. <a href="https://www.adminer.org/en/extension/" target="_blank">Изберете</a> %s метод, за да я направите постоянна.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Главната парола вече е невалидна. <a href="https://www.adminer.org/en/extension/"%s>Изберете</a> %s метод, за да я направите постоянна.',
 	'Language' => 'Език',
 	'Invalid CSRF token. Send the form again.' => 'Невалиден шифроващ ключ. Попълнете и изпратете формуляра отново.',
 	'If you did not send this request from Adminer then close this page.' => 'Ако не сте изпратили тази заявка през Adminer, затворете тази страница.',
diff --git a/adminer/lang/cs.inc.php b/adminer/lang/cs.inc.php
index 7944df8d..54d999d0 100644
--- a/adminer/lang/cs.inc.php
+++ b/adminer/lang/cs.inc.php
@@ -12,9 +12,9 @@ $translations = array(
 	'Logout successful.' => 'Odhlášení proběhlo v pořádku.',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Díky za použití Admineru, zvažte <a href="%s">příspěvek</a>.',
 	'Invalid credentials.' => 'Neplatné přihlašovací údaje.',
-	'<a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to use SQLite.' => 'Pro přihlášení k SQLite <a href="https://www.adminer.org/cs/extension/" target="_blank">implementujte</a> metodu %s.',
+	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => 'Pro přihlášení k SQLite <a href="https://www.adminer.org/cs/extension/"%s>implementujte</a> metodu %s.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minutu.', 'Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minuty.', 'Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minut.'),
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Platnost hlavního hesla vypršela. <a href="https://www.adminer.org/cs/extension/" target="_blank">Implementujte</a> metodu %s, aby platilo stále.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Platnost hlavního hesla vypršela. <a href="https://www.adminer.org/cs/extension/"%s>Implementujte</a> metodu %s, aby platilo stále.',
 	'Language' => 'Jazyk',
 	'Invalid CSRF token. Send the form again.' => 'Neplatný token CSRF. Odešlete formulář znovu.',
 	'If you did not send this request from Adminer then close this page.' => 'Pokud jste tento požadavek neposlali z Adminera, tak tuto stránku zavřete.',
diff --git a/adminer/lang/da.inc.php b/adminer/lang/da.inc.php
index bf13d4c3..6700b29c 100644
--- a/adminer/lang/da.inc.php
+++ b/adminer/lang/da.inc.php
@@ -10,7 +10,7 @@ $translations = array(
 	'Logged as: %s' => 'Logget ind som: %s',
 	'Logout successful.' => 'Log af vellykket.',
 	'Invalid credentials.' => 'Ugyldige log ind oplysninger.',
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Master-kodeordet er udløbet. <a href="https://www.adminer.org/en/extension/" target="_blank">Implementer</a> en metode for %s for at gøre det permanent.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Master-kodeordet er udløbet. <a href="https://www.adminer.org/en/extension/"%s>Implementer</a> en metode for %s for at gøre det permanent.',
 	'Language' => 'Sprog',
 	'Invalid CSRF token. Send the form again.' => 'Ugyldigt CSRF-token - Genindsend formen.',
 	'No extension' => 'Ingen udvidelse',
diff --git a/adminer/lang/de.inc.php b/adminer/lang/de.inc.php
index f8382484..2cf80dcd 100644
--- a/adminer/lang/de.inc.php
+++ b/adminer/lang/de.inc.php
@@ -283,6 +283,6 @@ $translations = array(
 	'Saving' => 'Speichere',
 	'yes' => 'ja',
 	'no' => 'nein',
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Das Master-Passwort ist abgelaufen. <a href="https://www.adminer.org/de/extension/" target="_blank">Implementieren</a> Sie die %s Methode, um es permanent zu machen.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Das Master-Passwort ist abgelaufen. <a href="https://www.adminer.org/de/extension/"%s>Implementieren</a> Sie die %s Methode, um es permanent zu machen.',
 	'%d / ' => '%d / ',
 );
diff --git a/adminer/lang/el.inc.php b/adminer/lang/el.inc.php
index 181a03c9..6c203048 100644
--- a/adminer/lang/el.inc.php
+++ b/adminer/lang/el.inc.php
@@ -12,7 +12,7 @@ $translations = array(
 	'Logout successful.' => 'Αποσυνδεθήκατε με επιτυχία.',
 	'Invalid credentials.' => 'Εσφαλμένα Διαπιστευτήρια.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Επανηλημμένες ανεπιτυχείς προσπάθειες σύνδεσης, δοκιμάστε ξανά σε %s λεπτό.', 'Επανηλημμένες ανεπιτυχείς προσπάθειες σύνδεσης, δοκιμάστε ξανά σε %s λεπτά.'),
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Έλειξε ο Κύριος Κωδικός. <a href="https://www.adminer.org/en/extension/" target="_blank">Ενεργοποιήστε</a> τη μέθοδο %s για να τον κάνετε μόνιμο.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Έλειξε ο Κύριος Κωδικός. <a href="https://www.adminer.org/en/extension/"%s>Ενεργοποιήστε</a> τη μέθοδο %s για να τον κάνετε μόνιμο.',
 	'Language' => 'Γλώσσα',
 	'Invalid CSRF token. Send the form again.' => 'Άκυρο κουπόνι CSRF. Στείλτε τη φόρμα ξανά.',
 	'If you did not send this request from Adminer then close this page.' => 'Αν δε στείλατε αυτό το αίτημα από το Adminer, τότε κλείστε αυτή τη σελίδα.',
diff --git a/adminer/lang/fa.inc.php b/adminer/lang/fa.inc.php
index 3f48b111..51238d60 100644
--- a/adminer/lang/fa.inc.php
+++ b/adminer/lang/fa.inc.php
@@ -12,7 +12,7 @@ $translations = array(
 	'Logout successful.' => 'با موفقیت خارج شدید.',
 	'Invalid credentials.' => 'اعتبار سنجی نامعتبر.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('ورودهای ناموفق بیش از حد، %d دقیقه دیگر تلاش نمایید.', 'ورودهای ناموفق بیش از حد، %d دقیقه دیگر تلاش نمایید.'),
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'رمز اصلی باطل شده است. روش %s را <a href="https://www.adminer.org/en/extension/" target="_blank">پیاده سازی</a> کرده تا آن را دائمی سازید.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'رمز اصلی باطل شده است. روش %s را <a href="https://www.adminer.org/en/extension/"%s>پیاده سازی</a> کرده تا آن را دائمی سازید.',
 	'Language' => 'زبان',
 	'Invalid CSRF token. Send the form again.' => 'CSRF token نامعتبر است. دوباره سعی کنید.',
 	'No extension' => 'پسوند نامعتبر',
diff --git a/adminer/lang/fi.inc.php b/adminer/lang/fi.inc.php
index d2be47d7..f0fe450c 100644
--- a/adminer/lang/fi.inc.php
+++ b/adminer/lang/fi.inc.php
@@ -12,7 +12,7 @@ $translations = array(
 	'Logout successful.' => 'Uloskirjautuminen onnistui.',
 	'Invalid credentials.' => 'Virheelliset kirjautumistiedot.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Liian monta epäonnistunutta sisäänkirjautumisyritystä, kokeile uudestaan %d minuutin kuluttua.', 'Liian monta epäonnistunutta sisäänkirjautumisyritystä, kokeile uudestaan %d minuutin kuluttua.'),
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Master-salasana ei ole enää voimassa. <a href="https://www.adminer.org/en/extension/" target="_blank">Toteuta</a> %s-metodi sen tekemiseksi pysyväksi.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Master-salasana ei ole enää voimassa. <a href="https://www.adminer.org/en/extension/"%s>Toteuta</a> %s-metodi sen tekemiseksi pysyväksi.',
 	'Language' => 'Kieli',
 	'Invalid CSRF token. Send the form again.' => 'Virheellinen CSRF-vastamerkki. Lähetä lomake uudelleen.',
 	'If you did not send this request from Adminer then close this page.' => 'Jollet lähettänyt tämä pyyntö Adminerista, sulje tämä sivu.',
diff --git a/adminer/lang/fr.inc.php b/adminer/lang/fr.inc.php
index c4b5135a..4aca3776 100644
--- a/adminer/lang/fr.inc.php
+++ b/adminer/lang/fr.inc.php
@@ -274,7 +274,7 @@ $translations = array(
 	'File must be in UTF-8 encoding.' => 'Les fichiers doivent être encodés en UTF-8.',
 	'Full table scan' => 'Scan de toute la table',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Trop de connexions échouées, essayez à nouveau dans %d minute.', 'Trop de connexions échouées, essayez à nouveau dans %d minutes.'),
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Le mot de passe a expiré. <a href="https://www.adminer.org/en/extension/" target="_blank">Implémentez</a> la méthode %s afin de le rendre permanent.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Le mot de passe a expiré. <a href="https://www.adminer.org/en/extension/"%s>Implémentez</a> la méthode %s afin de le rendre permanent.',
 	'You can upload a big SQL file via FTP and import it from server.' => 'Vous pouvez uploader un gros fichier SQL par FTP et ensuite l\'importer depuis le serveur.',
 	'Size' => 'Taille',
 	'Compute' => 'Calcul',
diff --git a/adminer/lang/gl.inc.php b/adminer/lang/gl.inc.php
index ca1a4313..6ac0850b 100644
--- a/adminer/lang/gl.inc.php
+++ b/adminer/lang/gl.inc.php
@@ -278,7 +278,7 @@ $translations = array(
 	'Default value' => 'Valor por defecto',
 	'Full table scan' => 'Escaneo completo da táboa',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Demasiados intentos de conexión, intentao de novo en %d minuto', 'Demasiados intentos de conexión, intentao de novo en %d minutos'),
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'O contrasinal principal caducou. <a href="https://www.adminer.org/en/extension/" target="_blank">Implementa</a> o método %s para facelo permanente.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'O contrasinal principal caducou. <a href="https://www.adminer.org/en/extension/"%s>Implementa</a> o método %s para facelo permanente.',
 	'If you did not send this request from Adminer then close this page.' => 'Se non enviaches esta petición dende o Adminer entón pecha esta páxina',
 	'You can upload a big SQL file via FTP and import it from server.' => 'Podes subir un ficheiro SQL de gran tamaño vía FTP e importalo dende o servidor',
 	'Size' => 'Tamaño',
diff --git a/adminer/lang/he.inc.php b/adminer/lang/he.inc.php
index 8356a12a..f750db4b 100644
--- a/adminer/lang/he.inc.php
+++ b/adminer/lang/he.inc.php
@@ -276,12 +276,12 @@ $translations = array(
 	'ATTACH queries are not supported.' => 'שאילתת ATTACH אינה נתמכת',
 	'%d / ' => '%d / ',
 	'Limit rows' => 'הגבל שורות',
-	'<a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/" target="_blank">התקן</a> את תוסף SQLite בשביל להתחבר',
+	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/"%s>התקן</a> את תוסף SQLite בשביל להתחבר',
 	'Default value' => 'ערך ברירת מחדל',
 	'Full table scan' => 'סריקה טבלה מלאה',
 	'Too many unsuccessful logins, try again in %d minute(s).' => 'יותר מידי נסיונות כניסה נכשלו, אנא נסה עוד %d דקות',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'תודה שהשתמש ב-adminer אנא שקול <a href="%s">לתרום</a>.',
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'סיסמת המאסטר פגה <a href="https://www.adminer.org/en/extension/" target="_blank">התקן תוסף</a> על מנת להפוך את זה לתמידי',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'סיסמת המאסטר פגה <a href="https://www.adminer.org/en/extension/"%s>התקן תוסף</a> על מנת להפוך את זה לתמידי',
 	'If you did not send this request from Adminer then close this page.' => 'אם לא אתה שלחת בקשה ל-Adminer הינך יכול לסגור חלון זה',
 	'You can upload a big SQL file via FTP and import it from server.' => 'ניתן לעלות קבצים ב-FTP ואז למשוך אותם מהשרת',
 	'Size' => 'גודל',
diff --git a/adminer/lang/no.inc.php b/adminer/lang/no.inc.php
index 1368e4a3..651057b1 100644
--- a/adminer/lang/no.inc.php
+++ b/adminer/lang/no.inc.php
@@ -10,7 +10,7 @@ $translations = array(
 	'Logged as: %s' => 'Logget inn som: %s',
 	'Logout successful.' => 'Utlogging vellykket.',
 	'Invalid credentials.' => 'Ugylding innloggingsinformasjon.',
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Master-passord er utløpt. <a href="https://www.adminer.org/en/extension/" target="_blank">Implementer</a> en metode for %s for å gjøre det permanent.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Master-passord er utløpt. <a href="https://www.adminer.org/en/extension/"%s>Implementer</a> en metode for %s for å gjøre det permanent.',
 	'Language' => 'Språk',
 	'Invalid CSRF token. Send the form again.' => 'Ugylding CSRF-token - Send inn skjemaet igjen.',
 	'No extension' => 'Ingen utvidelse',
diff --git a/adminer/lang/pl.inc.php b/adminer/lang/pl.inc.php
index ecb4e1a7..25e383a1 100644
--- a/adminer/lang/pl.inc.php
+++ b/adminer/lang/pl.inc.php
@@ -12,7 +12,7 @@ $translations = array(
 	'Logout successful.' => 'Wylogowano pomyślnie.',
 	'Invalid credentials.' => 'Nieprawidłowe dane logowania.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Za dużo nieudanych prób logowania, spróbuj ponownie za %d minutę.', 'Za dużo nieudanych prób logowania, spróbuj ponownie za %d minuty.', 'Za dużo nieudanych prób logowania, spróbuj ponownie za %d minut.'),
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Ważność hasła głównego wygasła. <a href="https://www.adminer.org/pl/extension/" target="_blank">Zaimplementuj</a> własną metodę %s, aby ustawić je na stałe.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Ważność hasła głównego wygasła. <a href="https://www.adminer.org/pl/extension/"%s>Zaimplementuj</a> własną metodę %s, aby ustawić je na stałe.',
 	'Language' => 'Język',
 	'Invalid CSRF token. Send the form again.' => 'Nieprawidłowy token CSRF. Spróbuj wysłać formularz ponownie.',
 	'If you did not send this request from Adminer then close this page.' => 'Jeżeli nie wywołałeś tej strony z Adminera, zamknij to okno.',
diff --git a/adminer/lang/ru.inc.php b/adminer/lang/ru.inc.php
index 4d7309c4..06685382 100644
--- a/adminer/lang/ru.inc.php
+++ b/adminer/lang/ru.inc.php
@@ -276,11 +276,11 @@ $translations = array(
 	'ATTACH queries are not supported.' => 'ATTACH-запросы не поддерживаются.',
 	'%d / ' => '%d / ',
 	'Limit rows' => 'Лимит строк',
-	'<a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/" target="_blank">Реализуйте</a> метод %s, чтобы использовать SQLite.',
+	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/"%s>Реализуйте</a> метод %s, чтобы использовать SQLite.',
 	'Default value' => 'Значение по умолчанию',
 	'Full table scan' => 'Анализ полной таблицы',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Слишком много неудачных попыток входа. Попробуйте снова через %d минуту.', 'Слишком много неудачных попыток входа. Попробуйте снова через %d минуты.', 'Слишком много неудачных попыток входа. Попробуйте снова через %d минут.'),
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Мастер-пароль истёк. <a href="https://www.adminer.org/en/extension/" target="_blank">Реализуйте</a> метод %s, чтобы сделать его постоянным.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Мастер-пароль истёк. <a href="https://www.adminer.org/en/extension/"%s>Реализуйте</a> метод %s, чтобы сделать его постоянным.',
 	'If you did not send this request from Adminer then close this page.' => 'Если вы не посылали этот запрос из Adminer, закройте эту страницу.',
 	'You can upload a big SQL file via FTP and import it from server.' => 'Вы можете закачать большой SQL-файл по FTP и затем импортировать его с сервера.',
 	'Size' => 'Размер',
diff --git a/adminer/lang/vi.inc.php b/adminer/lang/vi.inc.php
index 3038fe91..d6192e21 100644
--- a/adminer/lang/vi.inc.php
+++ b/adminer/lang/vi.inc.php
@@ -12,7 +12,7 @@ $translations = array(
 	'Logout successful.' => 'Đã thoát xong.',
 	'Invalid credentials.' => 'Tài khoản sai.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => 'Bạn gõ sai tài khoản quá nhiều lần, hãy thử lại sau %d phút nữa.',
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Mật khẩu đã hết hạn. <a href="https://www.adminer.org/en/extension/" target="_blank">Thử cách làm</a> để giữ cố định.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Mật khẩu đã hết hạn. <a href="https://www.adminer.org/en/extension/"%s>Thử cách làm</a> để giữ cố định.',
 	'Language' => 'Ngôn ngữ',
 	'Invalid CSRF token. Send the form again.' => 'Mã kiểm tra CSRF sai, hãy nhập lại biểu mẫu.',
 	'No extension' => 'Không có phần mở rộng',
diff --git a/adminer/lang/xx.inc.php b/adminer/lang/xx.inc.php
index 932fc879..71afb3dd 100644
--- a/adminer/lang/xx.inc.php
+++ b/adminer/lang/xx.inc.php
@@ -12,9 +12,9 @@ $translations = array(
 	'Logout successful.' => 'Xx.',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Xx.',
 	'Invalid credentials.' => 'Xx.',
-	'<a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to use SQLite.' => 'Xx.',
+	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => 'Xx.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Xx.', 'Xx.'),
-	'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Xx.',
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Xx.',
 	'Language' => 'Xx',
 	'Invalid CSRF token. Send the form again.' => 'Xx.',
 	'If you did not send this request from Adminer then close this page.' => 'Xx.',
diff --git a/adminer/static/editing.js b/adminer/static/editing.js
index 85308ef7..ab5f5f32 100644
--- a/adminer/static/editing.js
+++ b/adminer/static/editing.js
@@ -5,7 +5,7 @@
 */
 function bodyLoad(version) {
 	if (window.jush) {
-		jush.create_links = ' target="_blank" rel="noreferrer"';
+		jush.create_links = ' target="_blank" rel="noopener"';
 		if (version) {
 			for (var key in jush.urls) {
 				var obj = jush.urls;
diff --git a/changes.txt b/changes.txt
index fdbcf68c..a567972b 100644
--- a/changes.txt
+++ b/changes.txt
@@ -1,6 +1,7 @@
 Adminer 4.4.1-dev:
 Display newlines in column comments (bug #573)
 Support current_timestamp() as default of time fields (bug #572)
+Hide window.opener from pages opened in a new window (bug #561)
 Adminer: Fix Search data in tables (regression from 4.4.0)
 CSP: Allow any styles, images, media and fonts, disallow base-uri
 MySQL: Support geometry in MySQL 8 (bug #574)
diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index 12442f97..51961595 100644
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -4,7 +4,7 @@ class Adminer {
 	var $_values = array();
 
 	function name() {
-		return "<a href='https://www.adminer.org/editor/' target='_blank' id='h1'>" . lang('Editor') . "</a>";
+		return "<a href='https://www.adminer.org/editor/'" . target_blank() . " id='h1'>" . lang('Editor') . "</a>";
 	}
 
 	//! driver, ns
@@ -570,7 +570,7 @@ qsl('div').onclick = whisperClick;", "")
 		?>
 <h1>
 <?php echo $this->name(); ?> <span class="version"><?php echo $VERSION; ?></span>
-<a href="https://www.adminer.org/editor/#download" target="_blank" id="version"><?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : ""); ?></a>
+<a href="https://www.adminer.org/editor/#download"<?php echo target_blank(); ?> id="version"><?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : ""); ?></a>
 </h1>
 <?php
 		if ($missing == "auth") {