Skip to content

Commit

Permalink
Escape link in doc_link (bug #797)
Browse files Browse the repository at this point in the history
  • Loading branch information
vrana committed May 14, 2021
1 parent 60ad161 commit 4043092
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 1 deletion.
2 changes: 1 addition & 1 deletion adminer/include/editing.inc.php
Original file line number Diff line number Diff line change
Expand Up @@ -542,7 +542,7 @@ function doc_link($paths, $text = "<sup>?</sup>") {
$urls['sql'] = "https://mariadb.com/kb/en/library/";
$paths['sql'] = (isset($paths['mariadb']) ? $paths['mariadb'] : str_replace(".html", "/", $paths['sql']));
}
return ($paths[$jush] ? "<a href='$urls[$jush]$paths[$jush]'" . target_blank() . ">$text</a>" : "");
return ($paths[$jush] ? "<a href='" . h($urls[$jush] . $paths[$jush]) . "'" . target_blank() . ">$text</a>" : "");
}

/** Wrap gzencode() for usage in ob_start()
Expand Down
1 change: 1 addition & 0 deletions changes.txt
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
Adminer 4.8.1-dev:
Internet Explorer or PDO in Adminer 4.7.8-4.8.0: Fix XSS in doc_link (bug #797)
Fix more PHP 8 warnings (bug #781)
Avoid PHP warnings with PDO drivers (bug #786, regression from 4.7.8)
MySQL: Allow moving views to other DB and renaming DB with views (bug #783)
Expand Down

0 comments on commit 4043092

Please sign in to comment.