Escape link in doc_link (bug #797)

vrana · May 14, 2021 · 4043092 · 4043092
1 parent 60ad161
commit 4043092
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/adminer/include/editing.inc.php b/adminer/include/editing.inc.php
@@ -542,7 +542,7 @@ function doc_link($paths, $text = "<sup>?</sup>") {
  $urls['sql'] = "https://mariadb.com/kb/en/library/";
  $paths['sql'] = (isset($paths['mariadb']) ? $paths['mariadb'] : str_replace(".html", "/", $paths['sql']));
  }
- return ($paths[$jush] ? "<a href='$urls[$jush]$paths[$jush]'" . target_blank() . ">$text</a>" : "");
+ return ($paths[$jush] ? "<a href='" . h($urls[$jush] . $paths[$jush]) . "'" . target_blank() . ">$text</a>" : "");
 }
 
 /** Wrap gzencode() for usage in ob_start()

diff --git a/changes.txt b/changes.txt
@@ -1,4 +1,5 @@
 Adminer 4.8.1-dev:
+Internet Explorer or PDO in Adminer 4.7.8-4.8.0: Fix XSS in doc_link (bug #797)
 Fix more PHP 8 warnings (bug #781)
 Avoid PHP warnings with PDO drivers (bug #786, regression from 4.7.8)
 MySQL: Allow moving views to other DB and renaming DB with views (bug #783)