Use noreferrer in external links

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index d602bbd53608896ae55d258744f59b949d0b4d9e..3553925dc021583a353bec6aa905fce70a00e44b 100644 (file)
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -225,7 +225,7 @@ username.form['auth[driver]'].onchange();
                if (preg_match('~blob|bytea|raw|file~', $field["type"]) && !is_utf8($val)) {
                        $return = lang('%d byte(s)', strlen($original));
                }
-               return ($link ? "<a href='" . h($link) . "'>$return</a>" : $return);
+               return ($link ? "<a href='" . h($link) . "'" . (is_url($link) ? " rel='noreferrer'" : "") . ">$return</a>" : $return);
        }
 
        /** Value conversion used in select and edit

diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index 3d71146239d0582b5acd6fe785b8c2b4f8cbd0f2..9635aa8aa097915b468433c93731e87089293a1e 100644 (file)
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -183,7 +183,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
                        $return = ($val ? lang('yes') : lang('no'));
                }
                if ($link) {
-                       $return = "<a href='$link'>$return</a>";
+                       $return = "<a href='$link'" . (is_url($link) ? " rel='noreferrer'" : "") . ">$return</a>";
                }
                if (!$link && !like_bool($field) && preg_match('~int|float|double|decimal~', $field["type"])) {
                        $return = "<div class='number'>$return</div>"; // Firefox doesn't support <colgroup>