mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-06 14:46:36 +02:00
Code Issues Releases Wiki Activity

Add helper for <input type=hidden name=token>

Browse Source
This commit is contained in:
Jakub Vrana
2025-03-17 18:45:08 +01:00
parent 91f9980267
commit e1f0fded69
23 changed files with 35 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
adminer/call.inc.php
View File

@@ -85,7 +85,7 @@ if ($in) {
?>
<p>
<input type="submit" value="<?php echo lang('Call'); ?>">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
</form>
<pre>

2
adminer/check.inc.php
View File

@@ -47,5 +47,5 @@ echo doc_link(array(
<?php if ($name != "") { ?>
<input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"><?php echo confirm(lang('Drop %s?', $name)); ?>
<?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
</form>

2
adminer/create.inc.php
View File

@@ -234,6 +234,6 @@ if (support("partitioning")) {
}
echo "</table>\n</div></fieldset>\n";
}
echo input_token();
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/database.inc.php
View File

@@ -76,6 +76,6 @@ if (DB != "") {
} elseif (!$_POST["add_x"] && $_GET["db"] == "") {
echo "<input type='image' class='icon' name='add' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'>\n";
}
echo input_token();
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/db.inc.php
View File

@@ -157,7 +157,7 @@ if ($adminer->homepage()) {
}
echo "<input type='hidden' name='all' value=''>"; // used by trCheck()
echo script("qsl('input').onclick = function () { selectCount('selected', formChecked(this, /^(tables|views)\[/));" . (support("table") ? " selectCount('selected2', formChecked(this, /^tables\[/) || $tables);" : "") . " }");
echo "<input type='hidden' name='token' value='$token'>\n";
echo input_token();
echo "</div></fieldset>\n";
echo "</div></div>\n";
}

2
adminer/dump.inc.php
View File

@@ -183,7 +183,7 @@ echo "<tr><th>" . lang('Data') . "<td>" . html_select('data_style', $data_style,
?>
</table>
<p><input type="submit" value="<?php echo lang('Export'); ?>">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
<table>
<?php

2
adminer/event.inc.php
View File

@@ -56,5 +56,5 @@ if (!$row && $EVENT != "") {
<?php if ($EVENT != "") { ?>
<input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"><?php echo confirm(lang('Drop %s?', $EVENT)); ?>
<?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
</form>

2
adminer/foreign.inc.php
View File

@@ -116,5 +116,5 @@ foreach ($row["source"] as $key => $val) {
<?php if ($name != "") { ?>
<input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"><?php echo confirm(lang('Drop %s?', $name)); ?>
<?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
</form>

2
adminer/include/connect.inc.php
View File

@@ -84,7 +84,7 @@ if (
. "</div></div>\n"
: ""
);
echo "<input type='hidden' name='token' value='$token'>\n";
echo input_token();
echo "</form>\n";
echo script("tableCheck();");
}

4
adminer/include/design.inc.php
View File

@@ -182,7 +182,7 @@ function page_messages($error) {
* @return null
*/
function page_footer($missing = "") {
global $adminer, $token;
global $adminer;
?>
</div>
@@ -195,7 +195,7 @@ function page_footer($missing = "") {
<p class="logout">
<span><?php echo h($_GET["username"]) . "\n"; ?></span>
<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" id="logout">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
</p>
</form>
<?php } ?>

13
adminer/include/html.inc.php
View File

@@ -25,6 +25,15 @@ function nonce() {
return ' nonce="' . get_nonce() . '"';
}
/** Get <input type="hidden" name="token">
* @param string token to use instead of global $token
* @return string HTML
*/
function input_token($special = "") {
global $token;
return "<input type='hidden' name='token' value='" . ($special ?: $token) . "'>\n";
}
/** Get a target="_blank" attribute
* @return string
*/
@@ -414,7 +423,7 @@ function on_help($command, $side = 0) {
* @return null
*/
function edit_form($table, $fields, $row, $update) {
global $adminer, $token, $error;
global $adminer, $error;
$table_name = $adminer->tableName(table_status1($table, true));
page_header(
($update ? lang('Edit') : lang('Insert')),
@@ -514,7 +523,7 @@ function edit_form($table, $fields, $row, $update) {
?>
<input type="hidden" name="referer" value="<?php echo h(isset($_POST["referer"]) ? $_POST["referer"] : $_SERVER["HTTP_REFERER"]); ?>">
<input type="hidden" name="save" value="1">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
</form>
<?php
}

2
adminer/include/lang.inc.php
View File

@@ -95,7 +95,7 @@ function switch_lang() {
echo "<form action='' method='post'>\n<div id='lang'>";
echo lang('Language') . ": " . html_select("lang", $langs, $LANG, "this.form.submit();");
echo " <input type='submit' value='" . lang('Use') . "' class='hidden'>\n";
echo "<input type='hidden' name='token' value='" . get_token() . "'>\n"; // $token may be empty in auth.inc.php
echo input_token(get_token()); // $token may be empty in auth.inc.php
echo "</div>\n</form>\n";
}

2
adminer/indexes.inc.php
View File

@@ -155,5 +155,5 @@ foreach ($row["indexes"] as $index) {
</div>
<p>
<input type="submit" value="<?php echo lang('Save'); ?>">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
</form>

2
adminer/procedure.inc.php
View File

@@ -59,5 +59,5 @@ if (isset($_GET["function"])) {
<?php if ($PROCEDURE != "") { ?>
<input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"><?php echo confirm(lang('Drop %s?', $PROCEDURE)); ?>
<?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
</form>

2
adminer/processlist.inc.php
View File

@@ -56,7 +56,7 @@ if (support("kill")) {
echo ($i + 1) . "/" . lang('%d in total', max_connections());
echo "<p><input type='submit' value='" . lang('Kill') . "'>\n";
}
echo input_token();
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
<?php echo script("tableCheck();"); ?>

2
adminer/scheme.inc.php
View File

@@ -34,6 +34,6 @@ if (!$row) {
if ($_GET["ns"] != "") {
echo "<input type='submit' name='drop' value='" . lang('Drop') . "'>" . confirm(lang('Drop %s?', $_GET["ns"])) . "\n";
}
echo input_token();
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/select.inc.php
View File

@@ -594,7 +594,7 @@ if (!$columns && support("table")) {
echo "</div>";
}
echo "<input type='hidden' name='token' value='$token'>\n";
echo input_token();
echo "</form>\n";
echo (!$group && $select ? "" : script("tableCheck();"));
}

2
adminer/sequence.inc.php
View File

@@ -32,6 +32,6 @@ if (!$row) {
if ($SEQUENCE != "") {
echo "<input type='submit' name='drop' value='" . lang('Drop') . "'>" . confirm(lang('Drop %s?', $SEQUENCE)) . "\n";
}
echo input_token();
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

4
adminer/sql.inc.php
View File

@@ -169,7 +169,7 @@ if (!$error && $_POST) {
. html_select("output", $adminer->dumpOutput(), $adminer_export["output"]) . " "
. html_select("format", $dump_format, $adminer_export["format"])
. "<input type='hidden' name='query' value='" . h($q) . "'>"
. " <input type='submit' name='export' value='" . lang('Export') . "'><input type='hidden' name='token' value='$token'></span>\n"
. " <input type='submit' name='export' value='" . lang('Export') . "'>" . input_token() . "</span>\n"
. "</form>\n"
;
}
@@ -258,7 +258,7 @@ if (!isset($_GET["import"])) {
echo checkbox("error_stops", 1, ($_POST ? $_POST["error_stops"] : isset($_GET["import"]) || $_GET["error_stops"]), lang('Stop on error')) . "\n";
echo checkbox("only_errors", 1, ($_POST ? $_POST["only_errors"] : isset($_GET["import"]) || $_GET["only_errors"]), lang('Show only errors')) . "\n";
echo "<input type='hidden' name='token' value='$token'>\n";
echo input_token();
if (!isset($_GET["import"]) && $history) {
print_fieldset("history", lang('History'), $_GET["history"] != "");

2
adminer/trigger.inc.php
View File

@@ -49,5 +49,5 @@ page_header(($name != "" ? lang('Alter trigger') . ": " . h($name) : lang('Creat
<?php if ($name != "") { ?>
<input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"><?php echo confirm(lang('Drop %s?', $name)); ?>
<?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
</form>

2
adminer/type.inc.php
View File

@@ -38,6 +38,6 @@ if ($TYPE != "") {
textarea("as", $row["as"]);
echo "<p><input type='submit' value='" . lang('Save') . "'>\n";
}
echo input_token();
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/user.inc.php
View File

@@ -195,5 +195,5 @@ echo "</table>\n";
<?php if (isset($_GET["host"])) { ?>
<input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"><?php echo confirm(lang('Drop %s?', "$USER@$_GET[host]")); ?>
<?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
</form>

2
adminer/view.inc.php
View File

@@ -58,5 +58,5 @@ page_header(($TABLE != "" ? lang('Alter view') : lang('Create view')), $error, a
<?php if ($TABLE != "") { ?>
<input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"><?php echo confirm(lang('Drop %s?', $TABLE)); ?>
<?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php echo input_token(); ?>
</form>