From db01282e29986ffa265555a59aef8a99eef5843c Mon Sep 17 00:00:00 2001 From: Benjamin Cremer Date: Fri, 12 Mar 2021 10:29:32 +0100 Subject: [PATCH 0001/1274] Use ST_SRID() in mysql driver for MySQL 8 `SRID()` is no longer available in MySQL 8 and has been replaced with `ST_SRID` --- adminer/drivers/mysql.inc.php | 3 ++- adminer/include/version.inc.php | 2 +- changes.txt | 3 +++ 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/adminer/drivers/mysql.inc.php b/adminer/drivers/mysql.inc.php index ebb5106b4..1ba8d6512 100644 --- a/adminer/drivers/mysql.inc.php +++ b/adminer/drivers/mysql.inc.php @@ -1099,7 +1099,8 @@ function unconvert_field($field, $return) { $return = "CONV($return, 2, 10) + 0"; } if (preg_match("~geometry|point|linestring|polygon~", $field["type"])) { - $return = (min_version(8) ? "ST_" : "") . "GeomFromText($return, SRID($field[field]))"; + $prefix = (min_version(8) ? "ST_" : ""); + $return = $prefix . "GeomFromText($return, $prefix" . "SRID($field[field]))"; } return $return; } diff --git a/adminer/include/version.inc.php b/adminer/include/version.inc.php index 59333b955..9ef310c8c 100644 --- a/adminer/include/version.inc.php +++ b/adminer/include/version.inc.php @@ -1,2 +1,2 @@ Date: Sun, 23 May 2021 11:08:29 +0200 Subject: [PATCH 0002/1274] PostgreSQL: Use separator in limit1 --- adminer/drivers/pgsql.inc.php | 2 +- adminer/select.inc.php | 2 +- changes.txt | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/adminer/drivers/pgsql.inc.php b/adminer/drivers/pgsql.inc.php index caeda8751..d99efdd10 100644 --- a/adminer/drivers/pgsql.inc.php +++ b/adminer/drivers/pgsql.inc.php @@ -284,7 +284,7 @@ function limit($query, $where, $limit, $offset = 0, $separator = " ") { function limit1($table, $query, $where, $separator = "\n") { return (preg_match('~^INTO~', $query) ? limit($query, $where, 1, 0, $separator) - : " $query" . (is_view(table_status1($table)) ? $where : " WHERE ctid = (SELECT ctid FROM " . table($table) . $where . $separator . "LIMIT 1)") + : " $query" . (is_view(table_status1($table)) ? $where : $separator . "WHERE ctid = (SELECT ctid FROM " . table($table) . $where . $separator . "LIMIT 1)") ); } diff --git a/adminer/select.inc.php b/adminer/select.inc.php index 5a40aeff2..d213ae962 100644 --- a/adminer/select.inc.php +++ b/adminer/select.inc.php @@ -382,7 +382,7 @@ $key = "MD5(" . ($jush != 'sql' || preg_match("~^utf8~", $fields[$key]["collation"]) ? $key : "CONVERT($key USING " . charset($connection) . ")") . ")"; $val = md5($val); } - $unique_idf .= "&" . ($val !== null ? urlencode("where[" . bracket_escape($key) . "]") . "=" . urlencode($val) : "null%5B%5D=" . urlencode($key)); + $unique_idf .= "&" . ($val !== null ? urlencode("where[" . bracket_escape($key) . "]") . "=" . urlencode($val === false ? "f" : $val) : "null%5B%5D=" . urlencode($key)); } echo "" . (!$group && $select ? "" : "" . checkbox("check[]", substr($unique_idf, 1), in_array(substr($unique_idf, 1), (array) $_POST["check"])) diff --git a/changes.txt b/changes.txt index aa8a7cf25..d5c4c5f67 100644 --- a/changes.txt +++ b/changes.txt @@ -1,5 +1,6 @@ Adminer 4.8.2-dev: MySQL: Use ST_SRID() instead of SRID() for MySQL 8 (PR #418) +PostgreSQL PDO: Allow editing rows identified by boolean column (PR #380) Adminer 4.8.1 (released 2021-05-14): Internet Explorer or PDO in Adminer 4.7.8-4.8.0: Fix XSS in doc_link (bug #797) From 2dd65f0c0f711fe33051954ddde64a78cdea0893 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Sun, 23 May 2021 11:38:04 +0200 Subject: [PATCH 0003/1274] Support multi-line table comments --- adminer/create.inc.php | 14 ++++++++++---- changes.txt | 1 + 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/adminer/create.inc.php b/adminer/create.inc.php index 4e57f78db..03acfe424 100644 --- a/adminer/create.inc.php +++ b/adminer/create.inc.php @@ -185,11 +185,17 @@

: "> -' +" . h($row["Comment"]) . "" + : '' + ) : '') -; ?> +; +?>

diff --git a/changes.txt b/changes.txt index d5c4c5f67..a9a2c3d22 100644 --- a/changes.txt +++ b/changes.txt @@ -1,4 +1,5 @@ Adminer 4.8.2-dev: +Support multi-line table comments MySQL: Use ST_SRID() instead of SRID() for MySQL 8 (PR #418) PostgreSQL PDO: Allow editing rows identified by boolean column (PR #380) From ea1acfc8bcbbbb7073fc96a03e4065f64165d5ee Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Sun, 23 May 2021 11:38:51 +0200 Subject: [PATCH 0004/1274] Preventively escape name --- adminer/include/editing.inc.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/adminer/include/editing.inc.php b/adminer/include/editing.inc.php index 5556b0147..5e12d44bc 100644 --- a/adminer/include/editing.inc.php +++ b/adminer/include/editing.inc.php @@ -151,7 +151,7 @@ function set_adminer_settings($settings) { */ function textarea($name, $value, $rows = 10, $cols = 80) { global $jush; - echo "
' - : '' + ? '
' + : '' ) . "\n" . ($collations ? html_select("collation", array("" => "(" . lang('collation') . ")") + $collations, $row["collation"]) . doc_link(array( 'sql' => "charset-charsets.html", 'mariadb' => "supported-character-sets-and-collations/", 'mssql' => "ms187963.aspx", )) : ""); -echo script("focus(qs('#name'));"); ?> \n"; echo $this->loginFormField('driver', '' . lang('System') . '', html_select("auth[driver]", $drivers, DRIVER, "loginDriver(this);") . "\n"); echo $this->loginFormField('server', '' . lang('Server') . '', '' . "\n"); - echo $this->loginFormField('username', '' . lang('Username') . '', '' . script("focus(qs('#username')); qs('#username').form['auth[driver]'].onchange();")); + echo $this->loginFormField('username', '' . lang('Username') . '', '' . script("qs('#username').form['auth[driver]'].onchange();")); echo $this->loginFormField('password', '' . lang('Password') . '', '' . "\n"); echo $this->loginFormField('db', '' . lang('Database') . '', '' . "\n"); echo "\n"; diff --git a/adminer/include/driver.inc.php b/adminer/include/driver.inc.php index 8bcb242e5..d849c7588 100644 --- a/adminer/include/driver.inc.php +++ b/adminer/include/driver.inc.php @@ -152,9 +152,9 @@ function convertSearch($idf, $val, $field) { } /** Convert operator so it can be used in search - * @param string $operator - * @return string - */ + * @param string $operator + * @return string + */ function convertOperator($operator) { return $operator; } diff --git a/adminer/scheme.inc.php b/adminer/scheme.inc.php index b17745418..0795b2a89 100644 --- a/adminer/scheme.inc.php +++ b/adminer/scheme.inc.php @@ -26,8 +26,7 @@ ?>

-

" autocapitalize="off"> - +

" autocapitalize="off"> \n"; - echo $this->loginFormField('username', '' . lang('Username') . '', '' . script("focus(qs('#username'));")); + echo $this->loginFormField('username', '' . lang('Username') . '', ''); echo $this->loginFormField('password', '' . lang('Password') . '', '' . "\n"); echo "\n"; echo "

\n"; From d9289355d7e439037089da823a7cbaafd59d057b Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Mon, 17 Feb 2025 15:48:23 +0100 Subject: [PATCH 0106/1274] Fix style --- adminer/elastic.php | 4 ++-- adminer/include/adminer.inc.php | 3 +-- adminer/include/functions.inc.php | 4 ++-- plugins/drivers/elastic.php | 2 +- plugins/drivers/elastic5.php | 2 +- 5 files changed, 7 insertions(+), 8 deletions(-) diff --git a/adminer/elastic.php b/adminer/elastic.php index ccfc59755..3ceca576a 100644 --- a/adminer/elastic.php +++ b/adminer/elastic.php @@ -4,10 +4,10 @@ function adminer_object() { include_once "../plugins/login-password-less.php"; include_once "../plugins/drivers/elastic.php"; include_once "../plugins/drivers/elastic5.php"; - return new AdminerPlugin([ + return new AdminerPlugin(array( // TODO: inline the result of password_hash() so that the password is not visible in source codes new AdminerLoginPasswordLess(password_hash("YOUR_PASSWORD_HERE", PASSWORD_DEFAULT)), - ]); + )); } include "./index.php"; diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php index e5dafa71b..210f5b171 100644 --- a/adminer/include/adminer.inc.php +++ b/adminer/include/adminer.inc.php @@ -248,8 +248,7 @@ function selectQuery($query, $start, $failed = false) { * @param string query to be executed * @return string escaped query to be printed */ - function sqlCommandQuery($query) - { + function sqlCommandQuery($query) { return shorten_utf8(trim($query), 1000); } diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php index 32fb0184b..c57a05739 100644 --- a/adminer/include/functions.inc.php +++ b/adminer/include/functions.inc.php @@ -964,8 +964,8 @@ function input($field, $value, $function) { if ($input != "") { echo $input; } elseif (preg_match('~bool~', $field["type"])) { - echo "" . - ""; + echo "" + . ""; } elseif ($field["type"] == "set") { //! 64 bits preg_match_all("~'((?:[^']|'')*)'~", $field["length"], $matches); foreach ($matches[1] as $i => $val) { diff --git a/plugins/drivers/elastic.php b/plugins/drivers/elastic.php index cf4b17f25..399d7ccab 100644 --- a/plugins/drivers/elastic.php +++ b/plugins/drivers/elastic.php @@ -22,7 +22,7 @@ function rootQuery($path, array $content = null, $method = 'GET') { $file = @file_get_contents("$this->_url/" . ltrim($path, '/'), false, stream_context_create(array('http' => array( 'method' => $method, 'content' => $content !== null ? json_encode($content) : null, - 'header' => $content !== null ? 'Content-Type: application/json' : [], + 'header' => $content !== null ? 'Content-Type: application/json' : array(), 'ignore_errors' => 1, 'follow_location' => 0, 'max_redirects' => 0, diff --git a/plugins/drivers/elastic5.php b/plugins/drivers/elastic5.php index 1ad0cb272..a2fec6baf 100644 --- a/plugins/drivers/elastic5.php +++ b/plugins/drivers/elastic5.php @@ -190,7 +190,7 @@ function select($table, $select, $where, $group, $order = array(), $limit = 1, $ if ($select != array("*")) { $fields = array(); foreach ($select as $key) { - $fields[$key] = $key == "_id" ? [$hit["_id"]] : $hit['fields'][$key]; + $fields[$key] = $key == "_id" ? array($hit["_id"]) : $hit['fields'][$key]; } } From 578c9fca923e3afeccb29761f5da37dfe5d60993 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Tue, 18 Feb 2025 07:58:27 +0100 Subject: [PATCH 0107/1274] Don't allow path in HTTP servers --- plugins/drivers/clickhouse.php | 9 ++++++--- plugins/drivers/elastic.php | 20 ++++++++------------ plugins/drivers/elastic5.php | 5 ++++- plugins/drivers/simpledb.php | 5 ++++- 4 files changed, 22 insertions(+), 17 deletions(-) diff --git a/plugins/drivers/clickhouse.php b/plugins/drivers/clickhouse.php index 86f3464d3..30305400c 100644 --- a/plugins/drivers/clickhouse.php +++ b/plugins/drivers/clickhouse.php @@ -59,7 +59,7 @@ function query($query) { function connect($server, $username, $password) { preg_match('~^(https?://)?(.*)~', $server, $match); - $this->_url = ($match[1] ? $match[1] : "http://") . "$username:$password@$match[2]"; + $this->_url = ($match[1] ? $match[1] : "http://") . urlencode($username) . ":" . urlencode($password) . "@$match[2]"; $return = $this->query('SELECT 1'); return (bool) $return; } @@ -217,8 +217,11 @@ function drop_tables($tables) { function connect() { global $adminer; $connection = new Min_DB; - $credentials = $adminer->credentials(); - if ($connection->connect($credentials[0], $credentials[1], $credentials[2])) { + list($server, $username, $password) = $adminer->credentials(); + if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $server)) { + return lang('Invalid server.'); + } + if ($connection->connect($server, $username, $password)) { return $connection; } return $connection->error; diff --git a/plugins/drivers/elastic.php b/plugins/drivers/elastic.php index 399d7ccab..351c85312 100644 --- a/plugins/drivers/elastic.php +++ b/plugins/drivers/elastic.php @@ -78,20 +78,13 @@ function query($path, array $content = null, $method = 'GET') { * @return bool */ function connect($server, $username, $password) { - $this->_url = build_http_url($server, $username, $password, "localhost", 9200); - + preg_match('~^(https?://)?(.*)~', $server, $match); + $this->_url = ($match[1] ? $match[1] : "http://") . urlencode($username) . ":" . urlencode($password) . "@$match[2]"; $return = $this->query(''); - if (!$return) { - return false; + if ($return) { + $this->server_info = $return['version']['number']; } - - if (!isset($return['version']['number'])) { - $this->error = lang('Invalid server or credentials.'); - return false; - } - - $this->server_info = $return['version']['number']; - return true; + return (bool) $return; } function select_db($database) { @@ -275,6 +268,9 @@ function connect() { $connection = new Min_DB; list($server, $username, $password) = adminer()->credentials(); + if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $server)) { + return lang('Invalid server.'); + } if ($password != "" && $connection->connect($server, $username, "")) { return lang('Database does not support password.'); } diff --git a/plugins/drivers/elastic5.php b/plugins/drivers/elastic5.php index a2fec6baf..ceb6abfe2 100644 --- a/plugins/drivers/elastic5.php +++ b/plugins/drivers/elastic5.php @@ -72,7 +72,7 @@ function query($path, $content = array(), $method = 'GET') { function connect($server, $username, $password) { preg_match('~^(https?://)?(.*)~', $server, $match); - $this->_url = ($match[1] ? $match[1] : "http://") . "$username:$password@$match[2]"; + $this->_url = ($match[1] ? $match[1] : "http://") . urlencode($username) . ":" . urlencode($password) . "@$match[2]"; $return = $this->query(''); if ($return) { $this->server_info = $return['version']['number']; @@ -266,6 +266,9 @@ function connect() { $connection = new Min_DB; list($server, $username, $password) = adminer()->credentials(); + if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $server)) { + return lang('Invalid server.'); + } if ($password != "" && $connection->connect($server, $username, "")) { return lang('Database does not support password.'); } diff --git a/plugins/drivers/simpledb.php b/plugins/drivers/simpledb.php index 226625f14..64628fcd3 100644 --- a/plugins/drivers/simpledb.php +++ b/plugins/drivers/simpledb.php @@ -248,7 +248,10 @@ function slowQuery($query, $timeout) { function connect() { global $adminer; - list(, , $password) = $adminer->credentials(); + list($host, , $password) = $adminer->credentials(); + if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $host)) { + return lang('Invalid server.'); + } if ($password != "") { return lang('Database does not support password.'); } From 51dbfb6987504261bfa327d3406906181180d5c3 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Tue, 18 Feb 2025 08:16:53 +0100 Subject: [PATCH 0108/1274] Hide error message from HTTP servers --- changes.txt | 4 ++++ plugins/drivers/clickhouse.php | 9 ++------- plugins/drivers/elastic.php | 2 -- plugins/drivers/elastic5.php | 10 ++-------- plugins/drivers/simpledb.php | 3 +-- 5 files changed, 9 insertions(+), 19 deletions(-) diff --git a/changes.txt b/changes.txt index 4dee070fa..1d2ac7f34 100644 --- a/changes.txt +++ b/changes.txt @@ -1,3 +1,7 @@ +Adminer 4.15.0-dev: +Don't allow path in HTTP servers +Hide error message from HTTP servers + Adminer 4.14.0: Use autofocus HTML attribute PostgreSQL: Fix initial value of exported autoincrement diff --git a/plugins/drivers/clickhouse.php b/plugins/drivers/clickhouse.php index 30305400c..a96666454 100644 --- a/plugins/drivers/clickhouse.php +++ b/plugins/drivers/clickhouse.php @@ -9,7 +9,6 @@ class Min_DB { var $_db = 'default'; function rootQuery($db, $query) { - @ini_set('track_errors', 1); // @ - may be disabled $file = @file_get_contents("$this->_url/?database=$db", false, stream_context_create(array('http' => array( 'method' => 'POST', 'content' => $this->isQuerySelectLike($query) ? "$query FORMAT JSONCompact" : $query, @@ -19,12 +18,8 @@ function rootQuery($db, $query) { 'max_redirects' => 0, )))); - if ($file === false) { - $this->error = $php_errormsg; - return $file; - } - if (!preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) { - $this->error = lang('Invalid credentials.') . " $http_response_header[0]"; + if ($file === false || !preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) { + $this->error = lang('Invalid credentials.'); return false; } $return = json_decode($file, true); diff --git a/plugins/drivers/elastic.php b/plugins/drivers/elastic.php index 351c85312..df6f92efe 100644 --- a/plugins/drivers/elastic.php +++ b/plugins/drivers/elastic.php @@ -17,8 +17,6 @@ class Min_DB { * @return array|false */ function rootQuery($path, array $content = null, $method = 'GET') { - @ini_set('track_errors', 1); // @ - may be disabled - $file = @file_get_contents("$this->_url/" . ltrim($path, '/'), false, stream_context_create(array('http' => array( 'method' => $method, 'content' => $content !== null ? json_encode($content) : null, diff --git a/plugins/drivers/elastic5.php b/plugins/drivers/elastic5.php index ceb6abfe2..c277a0adc 100644 --- a/plugins/drivers/elastic5.php +++ b/plugins/drivers/elastic5.php @@ -15,8 +15,6 @@ class Min_DB { * @return mixed */ function rootQuery($path, $content = array(), $method = 'GET') { - @ini_set('track_errors', 1); // @ - may be disabled - $file = @file_get_contents("$this->_url/" . ltrim($path, '/'), false, stream_context_create(array('http' => array( 'method' => $method, 'content' => $content === null ? $content : json_encode($content), @@ -25,12 +23,8 @@ function rootQuery($path, $content = array(), $method = 'GET') { 'follow_location' => 0, 'max_redirects' => 0, )))); - if (!$file) { - $this->error = $php_errormsg; - return $file; - } - if (!preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) { - $this->error = lang('Invalid credentials.') . " $http_response_header[0]"; + if (!$file || !preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) { + $this->error = lang('Invalid credentials.'); return false; } $return = json_decode($file, true); diff --git a/plugins/drivers/simpledb.php b/plugins/drivers/simpledb.php index 64628fcd3..b9212b1ae 100644 --- a/plugins/drivers/simpledb.php +++ b/plugins/drivers/simpledb.php @@ -424,7 +424,6 @@ function sdb_request($action, $params = array()) { } $query = str_replace('%7E', '~', substr($query, 1)); $query .= "&Signature=" . urlencode(base64_encode(hmac('sha1', "POST\n" . preg_replace('~^https?://~', '', $host) . "\n/\n$query", $secret, true))); - @ini_set('track_errors', 1); // @ - may be disabled $file = @file_get_contents((preg_match('~^https?://~', $host) ? $host : "http://$host"), false, stream_context_create(array('http' => array( 'method' => 'POST', // may not fit in URL with GET 'content' => $query, @@ -433,7 +432,7 @@ function sdb_request($action, $params = array()) { 'max_redirects' => 0, )))); if (!$file) { - $connection->error = $php_errormsg; + $this->error = lang('Invalid credentials.'); return false; } libxml_use_internal_errors(true); From d94e348f57571c52bd58a5c0ee28ef588aaa5c45 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Tue, 18 Feb 2025 08:26:07 +0100 Subject: [PATCH 0109/1274] Use a better random string --- plugins/file-upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/file-upload.php b/plugins/file-upload.php index af3526731..6c40f624d 100644 --- a/plugins/file-upload.php +++ b/plugins/file-upload.php @@ -36,7 +36,7 @@ function processInput($field, $value, $function = "") { return false; } //! unlink old - $filename = uniqid() . $regs2[0]; + $filename = (function_exists('random_bytes') ? bin2hex(random_bytes(8)) : uniqid("", true)) . $regs2[0]; if (!move_uploaded_file($_FILES[$name]["tmp_name"], "$this->uploadPath$table/$regs[1]-$filename")) { return false; } From 2a3626faae6e7b4241cf2d002e76317bb3dd796c Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Tue, 18 Feb 2025 08:42:30 +0100 Subject: [PATCH 0110/1274] SimpleDB: Disable XML entity loader --- changes.txt | 5 +++-- plugins/drivers/simpledb.php | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/changes.txt b/changes.txt index 1d2ac7f34..59fce18a1 100644 --- a/changes.txt +++ b/changes.txt @@ -1,6 +1,7 @@ Adminer 4.15.0-dev: -Don't allow path in HTTP servers -Hide error message from HTTP servers +HTTP drivers: Don't allow path in server name +HTTP drivers: Hide connection error message +SimpleDB: Disable XML entity loader Adminer 4.14.0: Use autofocus HTML attribute diff --git a/plugins/drivers/simpledb.php b/plugins/drivers/simpledb.php index b9212b1ae..88f5efd90 100644 --- a/plugins/drivers/simpledb.php +++ b/plugins/drivers/simpledb.php @@ -436,6 +436,7 @@ function sdb_request($action, $params = array()) { return false; } libxml_use_internal_errors(true); + libxml_disable_entity_loader(); $xml = simplexml_load_string($file); if (!$xml) { $error = libxml_get_last_error(); From 75411495224959f3ec091d0ff5a44c1d0ebe0de3 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Tue, 18 Feb 2025 08:43:51 +0100 Subject: [PATCH 0111/1274] Use Unicode --- adminer/include/design.inc.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php index e02fbc878..228db7b21 100644 --- a/adminer/include/design.inc.php +++ b/adminer/include/design.inc.php @@ -68,25 +68,25 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") { ' . $drivers[DRIVER] . ' » '; + echo '

\n" : ""); if ($explain) { - echo "\n"; } - + /** Print command box in select * @return bool whether to print default commands */ diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php index ed104154a..cbf9518c9 100644 --- a/adminer/include/auth.inc.php +++ b/adminer/include/auth.inc.php @@ -72,14 +72,14 @@ function check_invalid_login() { ) { redirect(auth_url($vendor, $server, $username, $db)); } - + } elseif ($_POST["logout"] && (!$has_token || verify_token())) { foreach (array("pwds", "db", "dbs", "queries") as $key) { set_session($key, null); } unset_permanent(); redirect(substr(preg_replace('~\b(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.') . ' ' . lang('Thanks for using Adminer, consider donating.')); - + } elseif ($permanent && !$_SESSION["pwds"]) { session_regenerate_id(); $private = $adminer->permanentLogin(); @@ -199,7 +199,7 @@ function auth_error($error) { : lang('Invalid CSRF token. Send the form again.') . ' ' . lang('If you did not send this request from Adminer then close this page.') ); } - + } elseif ($_SERVER["REQUEST_METHOD"] == "POST") { // posted form with no data means that post_max_size exceeded because Adminer always sends token at least $error = lang('Too big POST data. Reduce the data or increase the %s configuration directive.', "'post_max_size'"); diff --git a/adminer/include/connect.inc.php b/adminer/include/connect.inc.php index 38f477c8b..322444cd0 100644 --- a/adminer/include/connect.inc.php +++ b/adminer/include/connect.inc.php @@ -8,7 +8,7 @@ function connect_error() { if ($_POST["db"] && !$error) { queries_redirect(substr(ME, 0, -1), lang('Databases have been dropped.'), drop_databases($_POST["db"])); } - + page_header(lang('Select database'), $error, false); echo "