mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-13 18:14:07 +02:00
Code Issues Releases Wiki Activity

Ignore $_POST[session_name()] only if session.use_trans_sid is enabled

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@112 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2007-07-11 05:54:36 +00:00
parent 3474510b2f
commit 29187c2d49
1 changed files with 7 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
auth.inc.php
View File

@@ -1,12 +1,16 @@
<?php
$ignore = array("server", "username", "password");
if (ini_get("session.use_trans_sid") && isset($_POST[session_name()])) {
$ignore[] = session_name();
}
if (isset($_POST["server"])) {
if (isset($_REQUEST[session_name()])) {
session_regenerate_id();
$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
if (count($_POST) == ($_POST[session_name()] ? 4 : 3)) {
if (count($_POST) == count($ignore)) {
if ((string) $_GET["server"] === $_POST["server"]) {
$location = preg_replace('~(\\?)' . urlencode(session_name()) . '=[^&]*&|[?&]' . urlencode(session_name()) . '=[^&]*~', '\\1', $_SERVER["REQUEST_URI"]);
$location = preg_replace('~(\\?)' . urlencode(session_name()) . '=[^&]*&|[&?]' . urlencode(session_name()) . '=[^&]*~', '\\1', $_SERVER["REQUEST_URI"]);
} else {
$location = preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : '');
}
@@ -50,7 +54,7 @@ if (!isset($_SESSION["usernames"][$_GET["server"]]) || !$mysql->connect($_GET["s
}
}
}
} elseif ($key != "server" && $key != "username" && $key != "password") {
} elseif (!in_array($key, $ignore)) {
echo '<input type="hidden" name="' . htmlspecialchars($key) . '" value="' . htmlspecialchars($val) . '" />';
}
}