From 74457f0895ef55aca34ce2977d66d5f79ac4e9ea Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Fri, 28 Mar 2025 18:29:05 +0100 Subject: [PATCH] Move $HTTPS to HTTPS --- adminer/include/bootstrap.inc.php | 6 +++--- adminer/include/functions.inc.php | 3 +-- phpstan.neon | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php index 050e6a45..9fd82101 100644 --- a/adminer/include/bootstrap.inc.php +++ b/adminer/include/bootstrap.inc.php @@ -39,7 +39,7 @@ if ($_GET["script"] == "version") { exit; } -global $adminer, $connection, $driver, $drivers, $error, $HTTPS, $permanent, $has_token, $token, $translations; // allows including Adminer inside a function +global $adminer, $connection, $driver, $drivers, $error, $permanent, $has_token, $token, $translations; // allows including Adminer inside a function if (!$_SERVER["REQUEST_URI"]) { // IIS 5 compatibility $_SERVER["REQUEST_URI"] = $_SERVER["ORIG_PATH_INFO"]; @@ -50,13 +50,13 @@ if (!strpos($_SERVER["REQUEST_URI"], '?') && $_SERVER["QUERY_STRING"] != "") { / if ($_SERVER["HTTP_X_FORWARDED_PREFIX"]) { $_SERVER["REQUEST_URI"] = $_SERVER["HTTP_X_FORWARDED_PREFIX"] . $_SERVER["REQUEST_URI"]; } -$HTTPS = ($_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")) || ini_bool("session.cookie_secure"); // session.cookie_secure could be set on HTTP if we are behind a reverse proxy +define('Adminer\HTTPS', ($_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")) || ini_bool("session.cookie_secure")); // session.cookie_secure could be set on HTTP if we are behind a reverse proxy @ini_set("session.use_trans_sid", '0'); // protect links in export, @ - may be disabled if (!defined("SID")) { session_cache_limiter(""); // to allow restarting session session_name("adminer_sid"); // use specific session name to get own namespace - session_set_cookie_params(0, preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS, true); // ini_set() may be disabled + session_set_cookie_params(0, preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"]), "", HTTPS, true); // ini_set() may be disabled session_start(); } diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php index 52f97b8e..615717e6 100644 --- a/adminer/include/functions.inc.php +++ b/adminer/include/functions.inc.php @@ -323,12 +323,11 @@ function convert_fields(array $columns, array $fields, array $select = array()): * @param int $lifetime number of seconds, 0 for session cookie, 2592000 - 30 days */ function cookie(string $name, ?string $value, int $lifetime = 2592000): void { - global $HTTPS; header( "Set-Cookie: $name=" . urlencode($value) . ($lifetime ? "; expires=" . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT" : "") . "; path=" . preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"]) - . ($HTTPS ? "; secure" : "") + . (HTTPS ? "; secure" : "") . "; HttpOnly; SameSite=lax", false ); diff --git a/phpstan.neon b/phpstan.neon index 5b519550..2b16c4b0 100644 --- a/phpstan.neon +++ b/phpstan.neon @@ -12,7 +12,7 @@ parameters: - identifier: includeOnce.fileNotFound # ./adminer-plugins.php - "~^Function (set_magic_quotes_runtime|mysql_)~" # PHP < 7 functions - "~an unknown class OCI-?Lob~" # this looks like PHPStan bug - - "~^Variable \\$(adminer|connection|driver|drivers|error|HTTPS|permanent|has_token|token|translations) might not be defined~" # declared in bootstrap.inc.php + - "~^Variable \\$(adminer|connection|driver|drivers|error|permanent|has_token|token|translations) might not be defined~" # declared in bootstrap.inc.php - "~expects int, float given~" # this will work - "~expects bool~" # truthy values - "~fread expects int<1, max>, 100000~" # 1e6