mirror of
https://github.com/vrana/adminer.git
synced 2025-08-18 04:11:27 +02:00
Rename variables to avoid conflict with Adminer 2 sessions and enabled register_globals
This commit is contained in:
Jakub Vrana
@@ -14,7 +14,7 @@ class Adminer {
|
||||
* @return array ($server, $username, $password)
|
||||
*/
|
||||
function credentials() {
|
||||
return array(SERVER, $_GET["username"], get_session("passwords"));
|
||||
return array(SERVER, $_GET["username"], get_session("pwds"));
|
||||
}
|
||||
|
||||
/** Get key used for permanent login
|
||||
@@ -386,7 +386,7 @@ document.getElementById('username').focus();
|
||||
global $jush;
|
||||
restart_session();
|
||||
$id = "sql-" . count($_SESSION["messages"]);
|
||||
$history = &get_session("history");
|
||||
$history = &get_session("queries");
|
||||
$history[$_GET["db"]][] = (strlen($query) > 1e6 // not DB - reset in drop database
|
||||
? ereg_replace('[\x80-\xFF]+$', '', substr($query, 0, 1e6)) . "\n..." // [\x80-\xFF] - valid UTF-8, \n - can end by one-line comment
|
||||
: $query
|
||||
@@ -498,7 +498,7 @@ document.getElementById('username').focus();
|
||||
<?php
|
||||
if ($missing == "auth") {
|
||||
$first = true;
|
||||
foreach ((array) $_SESSION["passwords"] as $driver => $servers) {
|
||||
foreach ((array) $_SESSION["pwds"] as $driver => $servers) {
|
||||
foreach ($servers as $server => $usernames) {
|
||||
foreach ($usernames as $username => $password) {
|
||||
if (isset($password)) {
|
||||
|
||||
@@ -22,7 +22,7 @@ if ($_COOKIE["adminer_permanent"]) {
|
||||
|
||||
if (isset($_POST["server"])) {
|
||||
session_regenerate_id(); // defense against session fixation
|
||||
$_SESSION["passwords"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
|
||||
$_SESSION["pwds"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
|
||||
if ($_POST["permanent"]) {
|
||||
$key = base64_encode($_POST["driver"]) . "-" . base64_encode($_POST["server"]) . "-" . base64_encode($_POST["username"]);
|
||||
$private = $adminer->permanentLogin();
|
||||
@@ -42,7 +42,7 @@ if (isset($_POST["server"])) {
|
||||
page_footer("db");
|
||||
exit;
|
||||
} else {
|
||||
foreach (array("passwords", "databases", "history") as $key) {
|
||||
foreach (array("pwds", "dbs", "queries") as $key) {
|
||||
set_session($key, null);
|
||||
}
|
||||
$key = base64_encode(DRIVER) . "-" . base64_encode(SERVER) . "-" . base64_encode($_GET["username"]);
|
||||
@@ -52,13 +52,13 @@ if (isset($_POST["server"])) {
|
||||
}
|
||||
redirect(substr(preg_replace('~(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
|
||||
}
|
||||
} elseif ($permanent && !$_SESSION["passwords"]) {
|
||||
} elseif ($permanent && !$_SESSION["pwds"]) {
|
||||
session_regenerate_id();
|
||||
$private = $adminer->permanentLogin(); // try to decode even if not set
|
||||
foreach ($permanent as $key => $val) {
|
||||
list(, $cipher) = explode(":", $val);
|
||||
list($driver, $server, $username) = array_map('base64_decode', explode("-", $key));
|
||||
$_SESSION["passwords"][$driver][$server][$username] = decrypt_string(base64_decode($cipher), $private);
|
||||
$_SESSION["pwds"][$driver][$server][$username] = decrypt_string(base64_decode($cipher), $private);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -72,7 +72,7 @@ function auth_error($exception = null) {
|
||||
if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$token) {
|
||||
$error = lang('Session expired, please login again.');
|
||||
} else {
|
||||
$password = &get_session("passwords");
|
||||
$password = &get_session("pwds");
|
||||
if (isset($password)) {
|
||||
$error = h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.')));
|
||||
$password = null;
|
||||
@@ -92,7 +92,7 @@ function auth_error($exception = null) {
|
||||
if (isset($_GET["username"]) && class_exists("Min_DB")) { // doesn't exists with passing wrong driver
|
||||
$connection = connect();
|
||||
}
|
||||
if (is_string($connection) || !$adminer->login($_GET["username"], get_session("passwords"))) {
|
||||
if (is_string($connection) || !$adminer->login($_GET["username"], get_session("pwds"))) {
|
||||
auth_error();
|
||||
exit;
|
||||
}
|
||||
|
||||
@@ -6,7 +6,7 @@ function connect_error() {
|
||||
page_header(lang('Database') . ": " . h(DB), lang('Invalid database.'), true);
|
||||
} else {
|
||||
if ($_POST["db"] && !$error) {
|
||||
set_session("databases", null);
|
||||
set_session("dbs", null);
|
||||
queries_redirect(substr(ME, 0, -1), lang('Databases have been dropped.'), drop_databases($_POST["db"]));
|
||||
}
|
||||
|
||||
@@ -56,7 +56,7 @@ if (isset($_GET["status"])) {
|
||||
}
|
||||
if (!(DB != "" ? $connection->select_db(DB) : isset($_GET["sql"]) || isset($_GET["dump"]) || isset($_GET["database"]) || isset($_GET["processlist"]) || isset($_GET["privileges"]) || isset($_GET["user"]) || isset($_GET["variables"]))) {
|
||||
if (DB != "") {
|
||||
set_session("databases", null);
|
||||
set_session("dbs", null);
|
||||
}
|
||||
connect_error(); // separate function to catch SQLite error
|
||||
exit;
|
||||
|
||||
@@ -63,7 +63,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
||||
echo "<div class='message'>" . implode("</div>\n<div class='message'>", $_SESSION["messages"]) . "</div>\n";
|
||||
$_SESSION["messages"] = array();
|
||||
}
|
||||
$databases = &get_session("databases");
|
||||
$databases = &get_session("dbs");
|
||||
if (DB != "" && $databases && !in_array(DB, $databases, true)) {
|
||||
$databases = null;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user