CSRF protection of included JavaScript

2025-08-11 00:54:08 +02:00 · 2010-10-18 01:20:02 +02:00
parent 031a82a4ad
commit 6f5c1981a0
3 changed files with 5 additions and 2 deletions
--- a/adminer/include/connect.inc.php
+++ b/adminer/include/connect.inc.php
@@ -43,7 +43,7 @@ function connect_error() {
 		}
 	}
 	page_footer("db");
-	echo "<script type='text/javascript' src='" . h(ME) . "script=connect'></script>\n";
+	echo "<script type='text/javascript' src='" . h(ME . "script=connect&token=$token") . "'></script>\n";
 }

 if (isset($_GET["status"])) {