Check new version against GitHub pages

2025-08-30 01:30:12 +02:00 · 2024-04-01 18:31:10 +02:00
parent c41cb51ede
commit 441e7f050c
5 changed files with 62 additions and 65 deletions
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -1021,7 +1021,9 @@ class Adminer {
    <?php if ($missing != "auth"): ?>
 	<span class="version">
 		<?php echo $VERSION; ?>
-		<a href="https://www.adminer.org/#download"<?php echo target_blank(); ?> id="version"><?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : ""); ?></a>
+		<a href="https://github.com/pematon/adminer/releases"<?php echo target_blank(); ?> id="version">
+			<?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : ""); ?>
+		</a>
 	</span>
    <?php endif; ?>
 </h1>
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -34,7 +34,7 @@ if (isset($_GET["file"])) {
 if ($_GET["script"] == "version") {
 	$file = open_file_with_lock(get_temp_dir() . "/adminer.version");
 	if ($file) {
-		write_and_unlock_file($file, serialize(["signature" => $_POST["signature"], "version" => $_POST["version"]]));
+		write_and_unlock_file($file, serialize(["version" => $_POST["version"]]));
 	}
 	exit;
 }
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -15,6 +15,14 @@ function page_header($title, $error = "", $breadcrumb = [], $title2 = "") {
 	}
 	$title_all = $title . ($title2 != "" ? ": $title2" : "");
 	$title_page = strip_tags($title_all . (SERVER != "" && SERVER != "localhost" ? h(" - " . SERVER) : "") . " - " . $adminer->name());
+
+	// Load Adminer version from file if cookie is missing.
+	$filename = get_temp_dir() . "/adminer.version";
+	if (!$_COOKIE["adminer_version"] && file_exists($filename) && filemtime($filename) + 86400 > time()) { // 86400 - 1 day in seconds
+		$data = unserialize(file_get_contents($filename));
+		$_COOKIE["adminer_version"] = $data["version"];
+		cookie("adminer_version", $data["version"], 24 * 3600);
+	}
 	?>
 <!DOCTYPE html>
 <html lang="<?php echo $LANG; ?>" dir="<?php echo lang('ltr'); ?>">
@@ -33,32 +41,16 @@ function page_header($title, $error = "", $breadcrumb = [], $title2 = "") {
 <?php } ?>

 <body class="<?php echo lang('ltr'); ?> nojs">
-<?php
-	$filename = get_temp_dir() . "/adminer.version";
-	if (!$_COOKIE["adminer_version"] && function_exists('openssl_verify') && file_exists($filename) && filemtime($filename) + 86400 > time()) { // 86400 - 1 day in seconds
-		$version = unserialize(file_get_contents($filename));
-		$public = "-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqWOVuF5uw7/+Z70djoK
-RlHIZFZPO0uYRezq90+7Amk+FDNd7KkL5eDve+vHRJBLAszF/7XKXe11xwliIsFs
-DFWQlsABVZB3oisKCBEuI71J4kPH8dKGEWR9jDHFw3cWmoH3PmqImX6FISWbG3B8
-h7FIx3jEaw5ckVPVTeo5JRm/1DZzJxjyDenXvBQ/6o9DgZKeNDgxwKzH+sw9/YCO
-jHnq1cFpOIISzARlrHMa/43YfeNRAm/tsBXjSxembBPo7aQZLAWHmaj5+K19H10B
-nCpz9Y++cipkVEiKRGih4ZEvjoFysEOdRLj6WiD/uUNky4xGeA6LaJqh5XpkFkcQ
-fQIDAQAB
-----END PUBLIC KEY-----
-";
-		if (openssl_verify($version["version"], base64_decode($version["signature"]), $public) == 1) {
-			$_COOKIE["adminer_version"] = $version["version"]; // doesn't need to send to the browser
-		}
-	}
-	?>
 <script<?php echo nonce(); ?>>
-mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick<?php
-	echo (isset($_COOKIE["adminer_version"]) ? "" : ", onload: partial(verifyVersion, '$VERSION', '" . js_escape(ME) . "', '" . get_token() . "')"); // $token may be empty in auth.inc.php
-	?>});
-document.body.className = document.body.className.replace(/ nojs/, ' js');
-var offlineMessage = '<?php echo js_escape(lang('You are offline.')); ?>';
-var thousandsSeparator = '<?php echo js_escape(lang(',')); ?>';
+	document.body.onkeydown = bodyKeydown;
+	document.body.onclick = bodyClick;
+	<?php if (!isset($_COOKIE["adminer_version"])): ?>
+	document.body.onload = function () { verifyVersion('<?php echo $VERSION; ?>', '<?php echo js_escape(ME); ?>', '<?php echo get_token(); ?>') };
+	<?php endif; ?>
+	document.body.className = document.body.className.replace(/ nojs/, ' js');
+
+	var offlineMessage = '<?php echo js_escape(lang('You are offline.')); ?>';
+	var thousandsSeparator = '<?php echo js_escape(lang(',')); ?>';
 </script>

 <div id="help" class="jush-<?php echo $jush; ?> jsonly hidden"></div>
@@ -140,20 +132,24 @@ function page_headers() {
 	$adminer->headers();
 }

-/** Get Content Security Policy headers
-* @return array of arrays with directive name in key, allowed sources in value
-*/
+/**
+ * Gets Content Security Policy headers.
+ *
+ * @return array of arrays with directive name in key, allowed sources in value
+ * @throws \Random\RandomException
+ */
 function csp() {
-	return array(
-		array(
-			"script-src" => "'self' 'unsafe-inline' 'nonce-" . get_nonce() . "' 'strict-dynamic'", // 'self' is a fallback for browsers not supporting 'strict-dynamic', 'unsafe-inline' is a fallback for browsers not supporting 'nonce-'
-			"connect-src" => "'self'",
-			"frame-src" => "https://www.adminer.org",
+	return [
+		[
+			// 'self' is a fallback for browsers not supporting 'strict-dynamic', 'unsafe-inline' is a fallback for browsers not supporting 'nonce-'
+			"script-src" => "'self' 'unsafe-inline' 'nonce-" . get_nonce() . "' 'strict-dynamic'",
+			"connect-src" => "'self' https://api.github.com/repos/pematon/adminer/releases/latest",
+			"frame-src" => "'self'",
 			"object-src" => "'none'",
 			"base-uri" => "'none'",
 			"form-action" => "'self'",
-		),
-	);
+		],
+	];
 }

 /**
--- a/adminer/static/functions.js
+++ b/adminer/static/functions.js
@@ -94,34 +94,31 @@ function cookie(assign, days) {
 	document.cookie = assign + '; expires=' + date;
 }

-/** Verify current Adminer version
-* @param string
-* @param string own URL base
-* @param string
-*/
-function verifyVersion(current, url, token) {
+/**
+ * Verifies current Adminer version.
+ *
+ * @param currentVersion string
+ * @param baseUrl string
+ * @param token string
+ */
+function verifyVersion(currentVersion, baseUrl, token) {
 	cookie('adminer_version=0', 1);
-	var iframe = document.createElement('iframe');
-	iframe.src = 'https://www.adminer.org/version/?current=' + current;
-	iframe.frameBorder = 0;
-	iframe.marginHeight = 0;
-	iframe.scrolling = 'no';
-	iframe.style.width = '7ex';
-	iframe.style.height = '1.25em';
-	if (window.postMessage && window.addEventListener) {
-		iframe.style.display = 'none';
-		addEventListener('message', function (event) {
-			if (event.origin === 'https://www.adminer.org') {
-				var match = /version=(.+)/.exec(event.data);
-				if (match) {
-					cookie('adminer_version=' + match[1], 1);
-					ajax(url + 'script=version', function () {
-					}, event.data + '&token=' + token);
-				}
-			}
-		}, false);
-	}
-	qs('#version').appendChild(iframe);
+
+	ajax('https://api.github.com/repos/pematon/adminer/releases/latest', function (request) {
+		const response = JSON.parse(request.responseText);
+
+		const version = response.tag_name.replace(/^\D*/, '');
+		if (!version) return;
+
+		cookie('adminer_version=' + version, 1);
+
+		const data = 'version=' + version + '&token=' + token;
+		ajax(baseUrl + 'script=version', function () {}, data);
+
+		if (currentVersion !== version) {
+			qs('#version').innerText = version;
+		}
+	});
 }

 /** Get value of select
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -606,7 +606,9 @@ qsl('div').onclick = whisperClick;", "")
    <?php if ($missing != "auth"): ?>
    <span class="version">
 		<?php echo $VERSION; ?>
-    	<a href="https://www.adminer.org/editor/#download"<?php echo target_blank(); ?> id="version"><?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : ""); ?></a>
+    	<a href="https://github.com/pematon/adminer/releases"<?php echo target_blank(); ?> id="version">
+			<?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : ""); ?>
+		</a>
 	</span>
 	<?php endif; ?>
 </h1>