diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php index 1a945c38..52999519 100644 --- a/adminer/include/functions.inc.php +++ b/adminer/include/functions.inc.php @@ -348,7 +348,9 @@ function get_setting(string $key, string $cookie = "adminer_settings") { * @param mixed[] $settings */ function save_settings(array $settings, string $cookie = "adminer_settings"): void { - cookie($cookie, http_build_query($settings + get_settings($cookie))); + $value = http_build_query($settings + get_settings($cookie)); + cookie($cookie, $value); + $_COOKIE[$cookie] = $value; } /** Restart stopped session */ diff --git a/plugins/config.php b/plugins/config.php index 1b217d0b..a5fa23f2 100644 --- a/plugins/config.php +++ b/plugins/config.php @@ -12,10 +12,9 @@ class AdminerConfig extends Adminer\Plugin { static $called; // this function is called from page_header() and it also calls page_header() if (isset($_GET["config"]) && !$called && Adminer\connection()) { $called = true; - if ($_POST) { //! check $error - unset($_POST["token"]); - Adminer\save_settings($_POST, "adminer_config"); - Adminer\redirect($_SERVER["REQUEST_URI"], $this->lang('Configuration saved.')); + if ($_GET["config"]) { // using $_GET allows sharing links between devices but doesn't protect against CSRF + Adminer\save_settings($_GET["config"], "adminer_config"); + Adminer\redirect(null, $this->lang('Configuration saved.')); } Adminer\page_header($this->lang('Configuration')); $config = Adminer\adminer()->config(); @@ -23,14 +22,14 @@ class AdminerConfig extends Adminer\Plugin { // this plugin itself defines config() so this branch is not currently used echo "

" . $this->lang('Only some plugins support configuration, e.g. %s.', 'menu-links') . "\n"; } else { - echo "

\n"; + echo "\n"; + Adminer\hidden_fields_get(); echo "\n"; foreach (array_reverse($config) as $title => $html) { // Plugins::$append actually prepends echo "
$title$html\n"; } echo "
\n"; echo "

\n"; - echo Adminer\input_token(); echo "

\n"; } Adminer\page_footer('db'); @@ -43,7 +42,7 @@ class AdminerConfig extends Adminer\Plugin { '' => $this->lang('Use %s if exists', "adminer.css"), 'builtin' => $this->lang('Use builtin design'), ); - return array($this->lang('Design') => Adminer\html_radios('design', $options, Adminer\get_setting("design", "adminer_config"), "
")); + return array($this->lang('Design') => Adminer\html_radios('config[design]', $options, Adminer\get_setting("design", "adminer_config"), "
")); } function css() { diff --git a/plugins/menu-links.php b/plugins/menu-links.php index f9cd37a0..dfa9fa3b 100644 --- a/plugins/menu-links.php +++ b/plugins/menu-links.php @@ -11,7 +11,7 @@ class AdminerMenuLinks extends Adminer\Plugin { /** @param ''|'table'|'select'|'auto' $menu see config() for explanation */ function __construct($menu = '') { - $this->menu = Adminer\get_setting("menu", "adminer_config") ?: $menu; + $this->menu = $menu; } function config() { @@ -21,11 +21,12 @@ class AdminerMenuLinks extends Adminer\Plugin { '' => $this->lang('Both'), 'auto' => $this->lang('Auto (Select on select page, Table otherwise)'), ); - return array($this->lang('Menu table links') => Adminer\html_radios('menu', $options, $this->menu, "
")); + $menu = Adminer\get_setting("menu", "adminer_config") ?: $this->menu; + return array($this->lang('Menu table links') => Adminer\html_radios('config[menu]', $options, $menu, "
")); } function tablesPrint(array $tables) { - $menu = $this->menu; + $menu = Adminer\get_setting("menu", "adminer_config") ?: $this->menu; $titles = array( 'select' => Adminer\lang('Select data'), 'table' => Adminer\lang('Show structure'),