mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-09 08:06:59 +02:00
Code Issues Releases Wiki Activity

Verify if adminer.version was created on www.adminer.org

Browse Source
This commit is contained in:
Jakub Vrana
2018-01-24 15:10:44 +01:00
parent 6c96b060e7
commit 8b29ae910f
3 changed files with 17 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
adminer/include/design.inc.php
View File

@@ -35,8 +35,21 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
<body class="<?php echo lang('ltr'); ?> nojs">
<?php
$filename = get_temp_dir() . "/adminer.version";
if (!$_COOKIE["adminer_version"] && file_exists($filename) && filemtime($filename) + 86400 > time()) { // 86400 - 1 day in seconds
$_COOKIE["adminer_version"] = file_get_contents($filename); // doesn't need to send to the browser
if (!$_COOKIE["adminer_version"] && function_exists('openssl_verify') && file_exists($filename) && filemtime($filename) + 86400 > time()) { // 86400 - 1 day in seconds
$version = unserialize(file_get_contents($filename));
$public = "-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqWOVuF5uw7/+Z70djoK
RlHIZFZPO0uYRezq90+7Amk+FDNd7KkL5eDve+vHRJBLAszF/7XKXe11xwliIsFs
DFWQlsABVZB3oisKCBEuI71J4kPH8dKGEWR9jDHFw3cWmoH3PmqImX6FISWbG3B8
h7FIx3jEaw5ckVPVTeo5JRm/1DZzJxjyDenXvBQ/6o9DgZKeNDgxwKzH+sw9/YCO
jHnq1cFpOIISzARlrHMa/43YfeNRAm/tsBXjSxembBPo7aQZLAWHmaj5+K19H10B
nCpz9Y++cipkVEiKRGih4ZEvjoFysEOdRLj6WiD/uUNky4xGeA6LaJqh5XpkFkcQ
fQIDAQAB
-----END PUBLIC KEY-----
";
if (openssl_verify($version["version"], base64_decode($version["signature"]), $public) == 1) {
$_COOKIE["adminer_version"] = $version["version"]; // doesn't need to send to the browser
}
}
?>
<script<?php echo nonce(); ?>>

2
adminer/script.inc.php
View File

@@ -37,7 +37,7 @@ if ($_GET["script"] == "db") {
} elseif ($_GET["script"] == "version") {
$fp = file_open_lock(get_temp_dir() . "/adminer.version");
if ($fp) {
file_write_unlock($fp, $_POST["version"]);
file_write_unlock($fp, serialize(array("signature" => $_POST["signature"], "version" => $_POST["version"])));
}
} else { // connect

2
adminer/static/functions.js
View File

@@ -115,7 +115,7 @@ function verifyVersion(current, url, token) {
if (match) {
cookie('adminer_version=' + match[1], 1);
ajax(url + 'script=version', function () {
}, 'version=' + match[1] + '&token=' + token);
}, event.data + '&token=' + token);
}
}
}, false);