mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-14 02:23:59 +02:00
Code Issues Releases Wiki Activity

Handle max_input_vars and generalize Suhosin compatibility

Browse Source
This commit is contained in:
Jakub Vrana
2013-04-01 18:45:26 -07:00
parent f3920f381d
commit 7769cab32c
34 changed files with 60 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
adminer/include/auth.inc.php
View File

@@ -114,7 +114,27 @@ $token = $_SESSION["token"]; ///< @var string CSRF protection
if ($auth && $_POST["token"]) {
$_POST["token"] = $token; // reset token after explicit login
}
$error = ($_POST ///< @var string
? ($_POST["token"] == $token ? "" : lang('Invalid CSRF token. Send the form again.'))
: ($_SERVER["REQUEST_METHOD"] != "POST" ? "" : lang('Too big POST data. Reduce the data or increase the %s configuration directive.', '"post_max_size"')) // posted form with no data means that post_max_size exceeded because Adminer always sends token at least
);
$error = ''; ///< @var string
if ($_POST) {
if ($_POST["token"] != $token) {
$ini = "max_input_vars";
$max_vars = ini_get($ini);
if (extension_loaded("suhosin")) {
foreach (array("suhosin.request.max_vars", "suhosin.post.max_vars") as $key) {
$val = ini_get($key);
if ($val && (!$max_vars || $val < $max_vars)) {
$ini = $key;
$max_vars = $val;
}
}
}
$error = (!$_POST["token"] && $max_vars
? lang('Maximum number of allowed fields exceeded. Please increase %s.', "'$ini'")
: lang('Invalid CSRF token. Send the form again.')
);
}
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
// posted form with no data means that post_max_size exceeded because Adminer always sends token at least
$error = lang('Too big POST data. Reduce the data or increase the %s configuration directive.', "'post_max_size'");
}

7
adminer/include/editing.inc.php
View File

@@ -214,12 +214,11 @@ function type_class($type) {
* @param array
* @param array
* @param string TABLE or PROCEDURE
* @param int number of fields allowed by Suhosin
* @param array returned by referencable_primary()
* @param bool display comments column
* @return null
*/
function edit_fields($fields, $collations, $type = "TABLE", $allowed = 0, $foreign_keys = array(), $comments = false) {
function edit_fields($fields, $collations, $type = "TABLE", $foreign_keys = array(), $comments = false) {
global $connection, $inout;
?>
<thead><tr class="wrap">
@@ -245,7 +244,7 @@ function edit_fields($fields, $collations, $type = "TABLE", $allowed = 0, $forei
?>
<tr<?php echo ($display ? "" : " style='display: none;'"); ?>>
<?php echo ($type == "PROCEDURE" ? "<td>" . html_select("fields[$i][inout]", explode("|", $inout), $field["inout"]) : ""); ?>
<th><?php if ($display) { ?><input name="fields[<?php echo $i; ?>][field]" value="<?php echo h($field["field"]); ?>" onchange="<?php echo ($field["field"] != "" || count($fields) > 1 ? "" : "editingAddRow(this, $allowed); "); ?>editingNameChange(this);" maxlength="64" autocapitalize="off"><?php } ?><input type="hidden" name="fields[<?php echo $i; ?>][orig]" value="<?php echo h($orig); ?>">
<th><?php if ($display) { ?><input name="fields[<?php echo $i; ?>][field]" value="<?php echo h($field["field"]); ?>" onchange="<?php echo ($field["field"] != "" || count($fields) > 1 ? "" : "editingAddRow(this); "); ?>editingNameChange(this);" maxlength="64" autocapitalize="off"><?php } ?><input type="hidden" name="fields[<?php echo $i; ?>][orig]" value="<?php echo h($orig); ?>">
<?php edit_type("fields[$i]", $field, $collations, $foreign_keys); ?>
<?php if ($type == "TABLE") { ?>
<td><?php echo checkbox("fields[$i][null]", 1, $field["null"]); ?>
@@ -256,7 +255,7 @@ function edit_fields($fields, $collations, $type = "TABLE", $allowed = 0, $forei
<?php
echo "<td>";
echo (support("move_col") ?
"<input type='image' class='icon' name='add[$i]' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "' onclick='return !editingAddRow(this, $allowed, 1);'>&nbsp;"
"<input type='image' class='icon' name='add[$i]' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "' onclick='return !editingAddRow(this, 1);'>&nbsp;"
. "<input type='image' class='icon' name='up[$i]' src='../adminer/static/up.gif' alt='^' title='" . lang('Move up') . "'>&nbsp;"
. "<input type='image' class='icon' name='down[$i]' src='../adminer/static/down.gif' alt='v' title='" . lang('Move down') . "'>&nbsp;"
: "");