mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-10 08:34:20 +02:00
Code Issues Releases Wiki Activity

Fix open redirect if Adminer is accessible at //adminer.php%2F@ (thanks to Prakash Sharma)

Browse Source
This commit is contained in:
Jakub Vrana
2020-05-11 11:49:46 +02:00
parent a9c1004232
commit 6a2de873e1
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adminer/include/bootstrap.inc.php
View File

@@ -84,7 +84,7 @@ include "../adminer/drivers/mysql.inc.php"; // must be included as last driver
define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
define("DB", $_GET["db"]); // for the sake of speed and size
define("ME", str_replace(":", "%3a", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"])) . '?'
define("ME", str_replace(":", "%3a", preg_replace('~\?.*~', '', relative_uri())) . '?'
. (sid() ? SID . '&' : '')
. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
. (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '')