mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-25 23:36:20 +02:00
Code Issues Releases Wiki Activity

Prevent CSRF

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@76 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2007-07-06 18:08:17 +00:00
parent f90c7d8f50
commit 505b79d82c
1 changed files with 39 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
index.php
View File

@@ -13,23 +13,35 @@ include "./connect.inc.php";
if (isset($_GET["dump"])) { if (isset($_GET["dump"])) {
include "./dump.inc.php"; include "./dump.inc.php";
} else { } else {
if (isset($_GET["sql"])) { if (isset($_GET["table"])) {
include "./sql.inc.php";
} elseif (isset($_GET["table"])) {
include "./table.inc.php"; include "./table.inc.php";
} elseif (isset($_GET["select"])) { } elseif (isset($_GET["select"])) {
include "./select.inc.php"; include "./select.inc.php";
} elseif (isset($_GET["view"])) {
include "./view.inc.php";
} else {
$params = preg_replace('~.*\\?~', '', $_SERVER["REQUEST_URI"]);
if ($_POST) {
$error = (in_array($_POST["token"], (array) $_SESSION["tokens"][$params]) ? "" : lang('Invalid CSRF token.'));
}
if ($_POST && !$error) {
$token = $_POST["token"];
} else {
$token = rand(1, 1e6);
$_SESSION["tokens"][$params][] = $token;
}
if (isset($_GET["sql"])) {
include "./sql.inc.php";
} elseif (isset($_GET["edit"])) { } elseif (isset($_GET["edit"])) {
include "./edit.inc.php"; include "./edit.inc.php";
} elseif (isset($_GET["create"])) { } elseif (isset($_GET["create"])) {
include "./create.inc.php"; include "./create.inc.php";
} elseif (isset($_GET["indexes"])) { } elseif (isset($_GET["indexes"])) {
include "./indexes.inc.php"; include "./indexes.inc.php";
} elseif (isset($_GET["view"])) {
include "./view.inc.php";
} elseif (isset($_GET["database"])) { } elseif (isset($_GET["database"])) {
include "./database.inc.php"; include "./database.inc.php";
} else { } else {
unset($_SESSION["tokens"][$params]);
page_header(htmlspecialchars(lang('Database') . ": " . $_GET["db"])); page_header(htmlspecialchars(lang('Database') . ": " . $_GET["db"]));
echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n"; echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
if (mysql_get_server_info() >= 5) { if (mysql_get_server_info() >= 5) {
@@ -43,12 +55,12 @@ if (isset($_GET["dump"])) {
echo "<th>" . htmlspecialchars($row["ROUTINE_NAME"]) . "</th>"; //! parameters from SHOW CREATE {PROCEDURE|FUNCTION} echo "<th>" . htmlspecialchars($row["ROUTINE_NAME"]) . "</th>"; //! parameters from SHOW CREATE {PROCEDURE|FUNCTION}
echo "<td><pre>" . htmlspecialchars($row["ROUTINE_DEFINITION"]) . "</pre></td>"; echo "<td><pre>" . htmlspecialchars($row["ROUTINE_DEFINITION"]) . "</pre></td>";
echo "</tr>\n"; echo "</tr>\n";
//! call, drop, replace
} }
echo "</table>\n"; echo "</table>\n";
} }
mysql_free_result($result); mysql_free_result($result);
} }
} }
}
page_footer(); page_footer();
} }