PostgreSQL: Allow to set connection's sslmode with AdminerLoginSsl plugin

Thanks to wodka (https://github.com/vrana/adminer/pull/427/files)
2025-08-29 17:19:52 +02:00 · 2024-09-17 17:56:12 +02:00
parent 353cd452a3
commit e4e76b6384
3 changed files with 64 additions and 38 deletions
--- a/adminer/drivers/mysql.inc.php
+++ b/adminer/drivers/mysql.inc.php
@@ -16,10 +16,17 @@ if (!defined("DRIVER")) {
 				global $adminer;
 				mysqli_report(MYSQLI_REPORT_OFF); // stays between requests, not required since PHP 5.3.4
 				list($host, $port) = explode(":", $server, 2); // part after : is used for port or socket
+
 				$ssl = $adminer->connectSsl();
-				if ($ssl) {
-					$this->ssl_set($ssl['key'], $ssl['cert'], $ssl['ca'], '', '');
+				if (isset($ssl['key']) || isset($ssl['cert']) || isset($ssl['ca'])) {
+					$this->ssl_set(
+						isset($ssl['key']) ? $ssl['key'] : null,
+						isset($ssl['cert']) ? $ssl['cert'] : null,
+						isset($ssl['ca']) ? $ssl['ca'] : null,
+						null, null
+					);
 				}
+
 				$return = @$this->real_connect(
 					($server != "" ? $host : ini_get("mysqli.default_host")),
 					($server . $username != "" ? $username : ini_get("mysqli.default_user")),
@@ -234,25 +241,23 @@ if (!defined("DRIVER")) {

 			function connect($server, $username, $password) {
 				global $adminer;
-				$options = array(PDO::MYSQL_ATTR_LOCAL_INFILE => false);
+
+				$dsn = "mysql:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\d)~', ';port=\1', $server));
+
+				$options = [PDO::MYSQL_ATTR_LOCAL_INFILE => false];
 				$ssl = $adminer->connectSsl();
-				if ($ssl) {
-					if (!empty($ssl['key'])) {
-						$options[PDO::MYSQL_ATTR_SSL_KEY] = $ssl['key'];
-					}
-					if (!empty($ssl['cert'])) {
-						$options[PDO::MYSQL_ATTR_SSL_CERT] = $ssl['cert'];
-					}
-					if (!empty($ssl['ca'])) {
-						$options[PDO::MYSQL_ATTR_SSL_CA] = $ssl['ca'];
-					}
+				if (isset($ssl['key'])) {
+					$options[PDO::MYSQL_ATTR_SSL_KEY] = $ssl['key'];
 				}
-				$this->dsn(
-					"mysql:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\d)~', ';port=\1', $server)),
-					$username,
-					$password,
-					$options
-				);
+				if (isset($ssl['cert'])) {
+					$options[PDO::MYSQL_ATTR_SSL_CERT] = $ssl['cert'];
+				}
+				if (isset($ssl['ca'])) {
+					$options[PDO::MYSQL_ATTR_SSL_CA] = $ssl['ca'];
+				}
+
+				$this->dsn($dsn, $username, $password, $options);
+
 				return true;
 			}

--- a/adminer/drivers/pgsql.inc.php
+++ b/adminer/drivers/pgsql.inc.php
@@ -19,7 +19,14 @@ if (isset($_GET["pgsql"])) {
 				global $adminer;
 				$db = $adminer->database();
 				set_error_handler(array($this, '_error'));
+
 				$this->_string = "host='" . str_replace(":", "' port='", addcslashes($server, "'\\")) . "' user='" . addcslashes($username, "'\\") . "' password='" . addcslashes($password, "'\\") . "'";
+
+				$ssl = $adminer->connectSsl();
+				if (isset($ssl["mode"])) {
+					$this->_string .= " sslmode='" . $ssl["mode"] . "'";
+				}
+
 				$this->_link = @pg_connect("$this->_string dbname='" . ($db != "" ? addcslashes($db, "'\\") : "postgres") . "'", PGSQL_CONNECT_FORCE_NEW);
 				if (!$this->_link && $db != "") {
 					// try to connect directly with database for performance
@@ -148,9 +155,19 @@ if (isset($_GET["pgsql"])) {

 			function connect($server, $username, $password) {
 				global $adminer;
+
 				$db = $adminer->database();
-				$this->dsn("pgsql:host='" . str_replace(":", "' port='", addcslashes($server, "'\\")) . "' client_encoding=utf8 dbname='" . ($db != "" ? addcslashes($db, "'\\") : "postgres") . "'", $username, $password); //! client_encoding is supported since 9.1 but we can't yet use min_version here
-				//! connect without DB in case of an error
+
+				//! client_encoding is supported since 9.1, but we can't yet use min_version here
+				$dsn = "pgsql:host='" . str_replace(":", "' port='", addcslashes($server, "'\\")) . "' client_encoding=utf8 dbname='" . ($db != "" ? addcslashes($db, "'\\") : "postgres") . "'";
+
+				$ssl = $adminer->connectSsl();
+				if (isset($ssl["mode"])) {
+					$dsn .= " sslmode='" . $ssl["mode"] . "'";
+				}
+
+				$this->dsn($dsn, $username, $password);
+
 				return true;
 			}

--- a/plugins/login-ssl.php
+++ b/plugins/login-ssl.php
@@ -1,24 +1,28 @@
 <?php

-/** Connect to MySQL using SSL
-* @link https://www.adminer.org/plugins/#use
-* @author Jakub Vrana, https://www.vrana.cz/
-* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
-* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
-*/
-class AdminerLoginSsl {
-	/** @access protected */
-	var $ssl;
+/**
+ * Connect to MySQL using SSL
+ *
+ * @link https://www.adminer.org/plugins/#use
+ * @author Jakub Vrana, https://www.vrana.cz/
+ * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
+ * @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
+  */
+class AdminerLoginSsl
+{
+	private var $ssl;

 	/**
-	* @param array array("key" => filename, "cert" => filename, "ca" => filename)
-	*/
-	function __construct($ssl) {
+	 * MySQL: ["key" => filename, "cert" => filename, "ca" => filename]
+	 * PostgresSQL: ["mode" => sslmode] (https://www.postgresql.org/docs/current/libpq-connect.html#LIBPQ-CONNECT-SSLMODE)
+	 */
+	function __construct(array $ssl)
+	{
 		$this->ssl = $ssl;
 	}

-	function connectSsl() {
+	function connectSsl()
+	{
 		return $this->ssl;
 	}
-	
 }