Fix XSS in alter table (found by HP Fortify)

diff --git a/adminer/include/editing.inc.php b/adminer/include/editing.inc.php
index fd2b9e248c8c04ef413acaa4f8c66376712a4957..3a347a87d770f24ca146d381da77074cbf8a481e 100644 (file)
--- a/adminer/include/editing.inc.php
+++ b/adminer/include/editing.inc.php
@@ -234,6 +234,7 @@ function type_class($type) {
 */
 function edit_fields($fields, $collations, $type = "TABLE", $foreign_keys = array(), $comments = false) {
        global $connection, $inout;
+       $fields = array_values($fields);
        ?>
 <thead><tr class="wrap">
 <?php if ($type == "PROCEDURE") { ?><td>&nbsp;<?php } ?>

diff --git a/adminer/include/version.inc.php b/adminer/include/version.inc.php
index 95642c3c65c7e4b19e9ebf7e3b04e6643565fa14..2c60500b5a056cac2c15ea6d44bdffc7c83d46df 100644 (file)
--- a/adminer/include/version.inc.php
+++ b/adminer/include/version.inc.php
@@ -1,2 +1,2 @@
 <?php
-$VERSION = "4.2.1";
+$VERSION = "4.2.2";

diff --git a/changes.txt b/changes.txt
index bb3be89f081068c0900062d28f9f55f96ef29de2..e4160af25e35412cb955dad210c8fb577215cdf4 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -1,3 +1,6 @@
+Adminer 4.2.2 (released ):
+Fix XSS in alter table (found by HP Fortify)
+
 Adminer 4.2.1 (released 2015-03-10):
 Send referrer header to the same domain
 MySQL: Fix usage of utf8mb4 if the client library doesn't support it