mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-17 12:00:41 +02:00
Code Issues Releases Wiki Activity

Exception to CSRF can be abused in Editor

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@852 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2009-07-20 11:59:11 +00:00
parent ed2c27c249
commit 21c98c49c1
2 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adminer/include/bootstrap.inc.php
View File

@@ -99,6 +99,6 @@ include "./include/export.inc.php";
$confirm = " onclick=\"return confirm('" . lang('Are you sure?') . "');\"";
$token = $_SESSION["tokens"][$_GET["server"]];
$error = ($_POST
? ($_POST["token"] == $token || isset($_GET["dump"]) ? "" : lang('Invalid CSRF token. Send the form again.'))
? ($_POST["token"] == $token ? "" : lang('Invalid CSRF token. Send the form again.'))
: ($_SERVER["REQUEST_METHOD"] != "POST" ? "" : lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.')) // posted form with no data means that post_max_size exceeded because Adminer always sends token at least
);