mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-09 16:17:48 +02:00
Code Issues Releases Wiki Activity

Fix open redirect if Adminer is accessible at //adminer.php%2F@ (thanks to Prakash Sharma)

Browse Source
This commit is contained in:
Jakub Vrana
2020-05-11 11:49:46 +02:00
parent a9c1004232
commit 6a2de873e1
3 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
adminer/include/functions.inc.php
View File

@@ -721,12 +721,19 @@ function format_time($start) {
return lang('%.3f s', max(0, microtime(true) - $start));
}
/** Get relative REQUEST_URI
* @return string
*/
function relative_uri() {
return preg_replace('~^[^?]*/([^?]*)~', '\1', $_SERVER["REQUEST_URI"]);
}
/** Remove parameter from query string
* @param string
* @return string
*/
function remove_from_uri($param = "") {
return substr(preg_replace("~(?<=[?&])($param" . (SID ? "" : "|" . session_name()) . ")=[^&]*&~", '', "$_SERVER[REQUEST_URI]&"), 0, -1);
return substr(preg_replace("~(?<=[?&])($param" . (SID ? "" : "|" . session_name()) . ")=[^&]*&~", '', relative_uri() . "&"), 0, -1);
}
/** Generate page number for pagination