mirror of
https://github.com/vrana/adminer.git
synced 2025-08-08 15:47:00 +02:00
Don't allow path in HTTP servers
This commit is contained in:
Jakub Vrana
@@ -59,7 +59,7 @@ if (isset($_GET["clickhouse"])) {
|
||||
|
||||
function connect($server, $username, $password) {
|
||||
preg_match('~^(https?://)?(.*)~', $server, $match);
|
||||
$this->_url = ($match[1] ? $match[1] : "http://") . "$username:$password@$match[2]";
|
||||
$this->_url = ($match[1] ? $match[1] : "http://") . urlencode($username) . ":" . urlencode($password) . "@$match[2]";
|
||||
$return = $this->query('SELECT 1');
|
||||
return (bool) $return;
|
||||
}
|
||||
@@ -217,8 +217,11 @@ if (isset($_GET["clickhouse"])) {
|
||||
function connect() {
|
||||
global $adminer;
|
||||
$connection = new Min_DB;
|
||||
$credentials = $adminer->credentials();
|
||||
if ($connection->connect($credentials[0], $credentials[1], $credentials[2])) {
|
||||
list($server, $username, $password) = $adminer->credentials();
|
||||
if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $server)) {
|
||||
return lang('Invalid server.');
|
||||
}
|
||||
if ($connection->connect($server, $username, $password)) {
|
||||
return $connection;
|
||||
}
|
||||
return $connection->error;
|
||||
|
||||
@@ -78,20 +78,13 @@ if (isset($_GET["elastic"])) {
|
||||
* @return bool
|
||||
*/
|
||||
function connect($server, $username, $password) {
|
||||
$this->_url = build_http_url($server, $username, $password, "localhost", 9200);
|
||||
|
||||
preg_match('~^(https?://)?(.*)~', $server, $match);
|
||||
$this->_url = ($match[1] ? $match[1] : "http://") . urlencode($username) . ":" . urlencode($password) . "@$match[2]";
|
||||
$return = $this->query('');
|
||||
if (!$return) {
|
||||
return false;
|
||||
if ($return) {
|
||||
$this->server_info = $return['version']['number'];
|
||||
}
|
||||
|
||||
if (!isset($return['version']['number'])) {
|
||||
$this->error = lang('Invalid server or credentials.');
|
||||
return false;
|
||||
}
|
||||
|
||||
$this->server_info = $return['version']['number'];
|
||||
return true;
|
||||
return (bool) $return;
|
||||
}
|
||||
|
||||
function select_db($database) {
|
||||
@@ -275,6 +268,9 @@ if (isset($_GET["elastic"])) {
|
||||
$connection = new Min_DB;
|
||||
|
||||
list($server, $username, $password) = adminer()->credentials();
|
||||
if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $server)) {
|
||||
return lang('Invalid server.');
|
||||
}
|
||||
if ($password != "" && $connection->connect($server, $username, "")) {
|
||||
return lang('Database does not support password.');
|
||||
}
|
||||
|
||||
@@ -72,7 +72,7 @@ if (isset($_GET["elastic5"])) {
|
||||
|
||||
function connect($server, $username, $password) {
|
||||
preg_match('~^(https?://)?(.*)~', $server, $match);
|
||||
$this->_url = ($match[1] ? $match[1] : "http://") . "$username:$password@$match[2]";
|
||||
$this->_url = ($match[1] ? $match[1] : "http://") . urlencode($username) . ":" . urlencode($password) . "@$match[2]";
|
||||
$return = $this->query('');
|
||||
if ($return) {
|
||||
$this->server_info = $return['version']['number'];
|
||||
@@ -266,6 +266,9 @@ if (isset($_GET["elastic5"])) {
|
||||
$connection = new Min_DB;
|
||||
|
||||
list($server, $username, $password) = adminer()->credentials();
|
||||
if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $server)) {
|
||||
return lang('Invalid server.');
|
||||
}
|
||||
if ($password != "" && $connection->connect($server, $username, "")) {
|
||||
return lang('Database does not support password.');
|
||||
}
|
||||
|
||||
@@ -248,7 +248,10 @@ if (isset($_GET["simpledb"])) {
|
||||
|
||||
function connect() {
|
||||
global $adminer;
|
||||
list(, , $password) = $adminer->credentials();
|
||||
list($host, , $password) = $adminer->credentials();
|
||||
if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $host)) {
|
||||
return lang('Invalid server.');
|
||||
}
|
||||
if ($password != "") {
|
||||
return lang('Database does not support password.');
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user