From 51dbfb6987504261bfa327d3406906181180d5c3 Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Tue, 18 Feb 2025 08:16:53 +0100 Subject: [PATCH] Hide error message from HTTP servers --- changes.txt | 4 ++++ plugins/drivers/clickhouse.php | 9 ++------- plugins/drivers/elastic.php | 2 -- plugins/drivers/elastic5.php | 10 ++-------- plugins/drivers/simpledb.php | 3 +-- 5 files changed, 9 insertions(+), 19 deletions(-) diff --git a/changes.txt b/changes.txt index 4dee070f..1d2ac7f3 100644 --- a/changes.txt +++ b/changes.txt @@ -1,3 +1,7 @@ +Adminer 4.15.0-dev: +Don't allow path in HTTP servers +Hide error message from HTTP servers + Adminer 4.14.0: Use autofocus HTML attribute PostgreSQL: Fix initial value of exported autoincrement diff --git a/plugins/drivers/clickhouse.php b/plugins/drivers/clickhouse.php index 30305400..a9666645 100644 --- a/plugins/drivers/clickhouse.php +++ b/plugins/drivers/clickhouse.php @@ -9,7 +9,6 @@ if (isset($_GET["clickhouse"])) { var $_db = 'default'; function rootQuery($db, $query) { - @ini_set('track_errors', 1); // @ - may be disabled $file = @file_get_contents("$this->_url/?database=$db", false, stream_context_create(array('http' => array( 'method' => 'POST', 'content' => $this->isQuerySelectLike($query) ? "$query FORMAT JSONCompact" : $query, @@ -19,12 +18,8 @@ if (isset($_GET["clickhouse"])) { 'max_redirects' => 0, )))); - if ($file === false) { - $this->error = $php_errormsg; - return $file; - } - if (!preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) { - $this->error = lang('Invalid credentials.') . " $http_response_header[0]"; + if ($file === false || !preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) { + $this->error = lang('Invalid credentials.'); return false; } $return = json_decode($file, true); diff --git a/plugins/drivers/elastic.php b/plugins/drivers/elastic.php index 351c8531..df6f92ef 100644 --- a/plugins/drivers/elastic.php +++ b/plugins/drivers/elastic.php @@ -17,8 +17,6 @@ if (isset($_GET["elastic"])) { * @return array|false */ function rootQuery($path, array $content = null, $method = 'GET') { - @ini_set('track_errors', 1); // @ - may be disabled - $file = @file_get_contents("$this->_url/" . ltrim($path, '/'), false, stream_context_create(array('http' => array( 'method' => $method, 'content' => $content !== null ? json_encode($content) : null, diff --git a/plugins/drivers/elastic5.php b/plugins/drivers/elastic5.php index ceb6abfe..c277a0ad 100644 --- a/plugins/drivers/elastic5.php +++ b/plugins/drivers/elastic5.php @@ -15,8 +15,6 @@ if (isset($_GET["elastic5"])) { * @return mixed */ function rootQuery($path, $content = array(), $method = 'GET') { - @ini_set('track_errors', 1); // @ - may be disabled - $file = @file_get_contents("$this->_url/" . ltrim($path, '/'), false, stream_context_create(array('http' => array( 'method' => $method, 'content' => $content === null ? $content : json_encode($content), @@ -25,12 +23,8 @@ if (isset($_GET["elastic5"])) { 'follow_location' => 0, 'max_redirects' => 0, )))); - if (!$file) { - $this->error = $php_errormsg; - return $file; - } - if (!preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) { - $this->error = lang('Invalid credentials.') . " $http_response_header[0]"; + if (!$file || !preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) { + $this->error = lang('Invalid credentials.'); return false; } $return = json_decode($file, true); diff --git a/plugins/drivers/simpledb.php b/plugins/drivers/simpledb.php index 64628fcd..b9212b1a 100644 --- a/plugins/drivers/simpledb.php +++ b/plugins/drivers/simpledb.php @@ -424,7 +424,6 @@ if (isset($_GET["simpledb"])) { } $query = str_replace('%7E', '~', substr($query, 1)); $query .= "&Signature=" . urlencode(base64_encode(hmac('sha1', "POST\n" . preg_replace('~^https?://~', '', $host) . "\n/\n$query", $secret, true))); - @ini_set('track_errors', 1); // @ - may be disabled $file = @file_get_contents((preg_match('~^https?://~', $host) ? $host : "http://$host"), false, stream_context_create(array('http' => array( 'method' => 'POST', // may not fit in URL with GET 'content' => $query, @@ -433,7 +432,7 @@ if (isset($_GET["simpledb"])) { 'max_redirects' => 0, )))); if (!$file) { - $connection->error = $php_errormsg; + $this->error = lang('Invalid credentials.'); return false; } libxml_use_internal_errors(true);