mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-08 23:57:29 +02:00
Code Issues Releases Wiki Activity

Move $ignore

Browse Source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1247 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2009-11-20 17:15:33 +00:00
parent 36c2ae7b22
commit cca3b36e03
1 changed files with 3 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
adminer/include/auth.inc.php
View File

@@ -1,10 +1,9 @@
<?php <?php
$ignore = array("server", "username", "password");
if (isset($_POST["server"])) { if (isset($_POST["server"])) {
session_regenerate_id(); // defense against session fixation session_regenerate_id(); // defense against session fixation
$_SESSION["usernames"][$_POST["server"]] = $_POST["username"]; $_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
$_SESSION["passwords"][$_POST["server"]] = $_POST["password"]; $_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
if (count($_POST) == count($ignore)) { if (count($_POST) == 3) { // 3 - count($ignore)
$location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri() : preg_replace('~^([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : '')); $location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri() : preg_replace('~^([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : ''));
if (!isset($_COOKIE[session_name()])) { if (!isset($_COOKIE[session_name()])) {
$location .= (strpos($location, "?") === false ? "?" : "&") . SID; $location .= (strpos($location, "?") === false ? "?" : "&") . SID;
@@ -30,7 +29,7 @@ if (isset($_POST["server"])) {
} }
function auth_error($exception = null) { function auth_error($exception = null) {
global $ignore, $connection, $adminer; global $connection, $adminer;
$session_name = session_name(); $session_name = session_name();
$username = $_SESSION["usernames"][$_GET["server"]]; $username = $_SESSION["usernames"][$_GET["server"]];
unset($_SESSION["usernames"][$_GET["server"]]); unset($_SESSION["usernames"][$_GET["server"]]);
@@ -41,7 +40,7 @@ function auth_error($exception = null) {
echo "<form action='' method='post'>\n"; echo "<form action='' method='post'>\n";
$adminer->loginForm($username); $adminer->loginForm($username);
echo "<p>\n"; echo "<p>\n";
hidden_fields($_POST, $ignore); // expired session hidden_fields($_POST, array("server", "username", "password")); // expired session
foreach ($_FILES as $key => $val) { foreach ($_FILES as $key => $val) {
echo '<input type="hidden" name="files[' . h($key) . ']" value="' . ($val["error"] ? $val["error"] : base64_encode(file_get_contents($val["tmp_name"]))) . '">'; echo '<input type="hidden" name="files[' . h($key) . ']" value="' . ($val["error"] ? $val["error"] : base64_encode(file_get_contents($val["tmp_name"]))) . '">';
} }