Release 4.6.3

Fix typo
Revert "PgSQL search operator "SQL" added"
2025-09-05 04:01:48 +02:00 · 2018-06-28 21:58:29 +02:00 · 2018-06-28 20:35:19 +02:00 · 2018-06-27 22:23:56 +02:00 · 2018-06-27 08:55:19 +02:00 · 2018-06-26 08:53:12 +02:00
57 changed files with 777 additions and 361 deletions
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,9 +1,6 @@
 [submodule "jush"]
 	path = externals/jush
-	url = git://git.code.sf.net/p/jush/git
-[submodule "wymeditor"]
-	path = externals/wymeditor
-	url = git://github.com/wymeditor/wymeditor.git
+	url = git://github.com/vrana/jush
 [submodule "JsShrink"]
 	path = externals/JsShrink
-	url = git://github.com/vrana/JsShrink.git
+	url = git://github.com/vrana/JsShrink
--- a/adminer/database.inc.php
+++ b/adminer/database.inc.php
@@ -47,7 +47,7 @@ if ($_POST) {
 } elseif ($jush == "sql") {
 	// propose database name with limited privileges
 	foreach (get_vals("SHOW GRANTS") as $grant) {
-		if (preg_match('~ ON (`(([^\\\\`]|``|\\\\.)*)%`\\.\\*)?~', $grant, $match) && $match[1]) {
+		if (preg_match('~ ON (`(([^\\\\`]|``|\\\\.)*)%`\.\*)?~', $grant, $match) && $match[1]) {
 			$name = stripcslashes(idf_unescape("`$match[2]`"));
 			break;
 		}
--- a/adminer/db.inc.php
+++ b/adminer/db.inc.php
@@ -104,18 +104,18 @@ if ($adminer->homepage()) {
 						echo ($link ? "<td align='right'>" . (support("table") || $key == "Rows" || (support("indexes") && $key != "Data_length")
 							? "<a href='" . h(ME . "$link[0]=") . urlencode($name) . "'$id title='$link[1]'>?</a>"
 							: "<span$id>?</span>"
-						) : "<td id='$key-" . h($name) . "'>&nbsp;");
+						) : "<td id='$key-" . h($name) . "'>");
 					}
 					$tables++;
 				}
-				echo (support("comment") ? "<td id='Comment-" . h($name) . "'>&nbsp;" : "");
+				echo (support("comment") ? "<td id='Comment-" . h($name) . "'>" : "");
 			}

-			echo "<tr><td>&nbsp;<th>" . lang('%d in total', count($tables_list));
-			echo "<td>" . nbsp($jush == "sql" ? $connection->result("SELECT @@storage_engine") : "");
-			echo "<td>" . nbsp(db_collation(DB, collations()));
+			echo "<tr><td><th>" . lang('%d in total', count($tables_list));
+			echo "<td>" . h($jush == "sql" ? $connection->result("SELECT @@storage_engine") : "");
+			echo "<td>" . h(db_collation(DB, collations()));
 			foreach (array("Data_length", "Index_length", "Data_free") as $key) {
-				echo "<td align='right' id='sum-$key'>&nbsp;";
+				echo "<td align='right' id='sum-$key'>";
 			}

 			echo "</table>\n";
@@ -159,7 +159,7 @@ if ($adminer->homepage()) {
 			$routines = routines();
 			if ($routines) {
 				echo "<table cellspacing='0'>\n";
-				echo '<thead><tr><th>' . lang('Name') . '<td>' . lang('Type') . '<td>' . lang('Return type') . "<td>&nbsp;</thead>\n";
+				echo '<thead><tr><th>' . lang('Name') . '<td>' . lang('Type') . '<td>' . lang('Return type') . "<td></thead>\n";
 				odd('');
 				foreach ($routines as $row) {
 					$name = ($row["SPECIFIC_NAME"] == $row["ROUTINE_NAME"] ? "" : "&name=" . urlencode($row["ROUTINE_NAME"])); // not computed on the pages to be able to print the header first
--- a/adminer/drivers/elastic.inc.php
+++ b/adminer/drivers/elastic.inc.php
@@ -2,10 +2,10 @@
 $drivers["elastic"] = "Elasticsearch (beta)";

 if (isset($_GET["elastic"])) {
-	$possible_drivers = array("json");
+	$possible_drivers = array("json + allow_url_fopen");
 	define("DRIVER", "elastic");

-	if (function_exists('json_decode')) {
+	if (function_exists('json_decode') && ini_bool('allow_url_fopen')) {
 		class Min_DB {
 			var $extension = "JSON", $server_info, $errno, $error, $_url;

@@ -129,7 +129,7 @@ if (isset($_GET["elastic"])) {
 				}
 			}
 			foreach ($where as $val) {
-				list($col,$op,$val) = explode(" ",$val,3);
+				list($col, $op, $val) = explode(" ", $val, 3);
 				if ($col == "_id") {
 					$data["query"]["ids"]["values"][] = $val;
 				}
@@ -177,7 +177,8 @@ if (isset($_GET["elastic"])) {
 			return new Min_Result($return);
 		}

-		function update($type, $record, $queryWhere) {
+		function update($type, $record, $queryWhere, $limit = 0, $separator = "\n") {
+			//! use $limit
 			$parts = preg_split('~ *= *~', $queryWhere);
 			if (count($parts) == 2) {
 				$id = trim($parts[1]);
@@ -195,7 +196,8 @@ if (isset($_GET["elastic"])) {
 			return $response['created'];
 		}

-		function delete($type, $queryWhere) {
+		function delete($type, $queryWhere, $limit = 0) {
+			//! use $limit
 			$ids = array();
 			if (is_array($_GET["where"]) && $_GET["where"]["_id"]) {
 				$ids[] = $_GET["where"]["_id"];
@@ -225,8 +227,11 @@ if (isset($_GET["elastic"])) {
 	function connect() {
 		global $adminer;
 		$connection = new Min_DB;
-		$credentials = $adminer->credentials();
-		if ($connection->connect($credentials[0], $credentials[1], $credentials[2])) {
+		list($server, $username, $password) = $adminer->credentials();
+		if ($password != "" && $connection->connect($server, $username, "")) {
+			return lang('Database does not support password.');
+		}
+		if ($connection->connect($server, $username, $password)) {
 			return $connection;
 		}
 		return $connection->error;
--- a/adminer/drivers/mongo.inc.php
+++ b/adminer/drivers/mongo.inc.php
@@ -7,26 +7,10 @@ if (isset($_GET["mongo"])) {

 	if (class_exists('MongoDB')) {
 		class Min_DB {
-			var $extension = "Mongo", $error, $last_id, $_link, $_db;
+			var $extension = "Mongo", $server_info = MongoClient::VERSION, $error, $last_id, $_link, $_db;

-			function connect($server, $username, $password) {
-				global $adminer;
-				$db = $adminer->database();
-				$options = array();
-				if ($username != "") {
-					$options["username"] = $username;
-					$options["password"] = $password;
-				}
-				if ($db != "") {
-					$options["db"] = $db;
-				}
-				try {
-					$this->_link = @new MongoClient("mongodb://$server", $options);
-					return true;
-				} catch (Exception $ex) {
-					$this->error = $ex->getMessage();
-					return false;
-				}
+			function connect($uri, $options) {
+				return @new MongoClient($uri, $options);
 			}
 			
 			function query($query) {
@@ -214,30 +198,14 @@ if (isset($_GET["mongo"])) {

 	} elseif (class_exists('MongoDB\Driver\Manager')) {
 		class Min_DB {
-			var $extension = "MongoDB", $error, $last_id;
+			var $extension = "MongoDB", $server_info = MONGODB_VERSION, $error, $last_id;
 			/** @var MongoDB\Driver\Manager */
 			var $_link;
 			var $_db, $_db_name;

-			function connect($server, $username, $password) {
-				global $adminer;
-				$db = $adminer->database();
-				$options = array();
-				if ($username != "") {
-					$options["username"] = $username;
-					$options["password"] = $password;
-				}
-				if ($db != "") {
-					$options["db"] = $db;
-				}
-				try {
-					$class = 'MongoDB\Driver\Manager';
-					$this->_link = new $class("mongodb://$server", $options);
-					return true;
-				} catch (Exception $ex) {
-					$this->error = $ex->getMessage();
-					return false;
-				}
+			function connect($uri, $options) {
+				$class = 'MongoDB\Driver\Manager';
+				return new $class($uri, $options);
 			}

 			function query($query) {
@@ -245,13 +213,8 @@ if (isset($_GET["mongo"])) {
 			}

 			function select_db($database) {
-				try {
-					$this->_db_name = $database;
-					return true;
-				} catch (Exception $ex) {
-					$this->error = $ex->getMessage();
-					return false;
-				}
+				$this->_db_name = $database;
+				return true;
 			}

 			function quote($string) {
@@ -405,7 +368,7 @@ if (isset($_GET["mongo"])) {
 		}

 		function get_databases($flush) {
-			/** @var $connection Min_DB */
+			/** @var Min_DB */
 			global $connection;
 			$return = array();
 			$class = 'MongoDB\Driver\Command';
@@ -516,7 +479,7 @@ if (isset($_GET["mongo"])) {
 		}

 		function where_to_query($whereAnd = array(), $whereOr = array()) {
-			global $operators;
+			global $adminer;
 			$data = array();
 			foreach (array('and' => $whereAnd, 'or' => $whereOr) as $type => $where) {
 				if (is_array($where)) {
@@ -528,7 +491,7 @@ if (isset($_GET["mongo"])) {
 							$class = 'MongoDB\BSON\ObjectID';
 							$val = new $class($val);
 						}
-						if (!in_array($op, $operators)) {
+						if (!in_array($op, $adminer->operators)) {
 							continue;
 						}
 						if (preg_match('~^\(f\)(.+)~', $op, $match)) {
@@ -618,6 +581,10 @@ if (isset($_GET["mongo"])) {
 		return $return;
 	}

+	function create_database($db, $collation) {
+		return true;
+	}
+
 	function last_id() {
 		global $connection;
 		return $connection->last_id;
@@ -641,11 +608,31 @@ if (isset($_GET["mongo"])) {
 	function connect() {
 		global $adminer;
 		$connection = new Min_DB;
-		$credentials = $adminer->credentials();
-		if ($connection->connect($credentials[0], $credentials[1], $credentials[2])) {
-			return $connection;
+		list($server, $username, $password) = $adminer->credentials();
+		$options = array();
+		if ($username . $password != "") {
+			$options["username"] = $username;
+			$options["password"] = $password;
+		}
+		$db = $adminer->database();
+		if ($db != "") {
+			$options["db"] = $db;
+		}
+		try {
+			$connection->_link = $connection->connect("mongodb://$server", $options);
+			if ($password != "") {
+				$options["password"] = "";
+				try {
+					$connection->connect("mongodb://$server", $options);
+					return lang('Database does not support password.');
+				} catch (Exception $ex) {
+					// this is what we want
+				}
+			}
+			return $connection;
+		} catch (Exception $ex) {
+			return $ex->getMessage();
 		}
-		return $connection->error;
 	}

 	function alter_indexes($table, $alter) {
--- a/adminer/drivers/mssql.inc.php
+++ b/adminer/drivers/mssql.inc.php
@@ -24,7 +24,7 @@ if (isset($_GET["mssql"])) {
 			}

 			function connect($server, $username, $password) {
-				$this->_link = @sqlsrv_connect($server, array("UID" => $username, "PWD" => $password, "CharacterSet" => "UTF-8"));
+				$this->_link = @sqlsrv_connect(preg_replace('~:~', ',', $server), array("UID" => $username, "PWD" => $password, "CharacterSet" => "UTF-8"));
 				if ($this->_link) {
 					$info = sqlsrv_server_info($this->_link);
 					$this->server_info = $info['SQLServerVersion'];
@@ -147,8 +147,10 @@ if (isset($_GET["mssql"])) {
 				$this->_link = @mssql_connect($server, $username, $password);
 				if ($this->_link) {
 					$result = $this->query("SELECT SERVERPROPERTY('ProductLevel'), SERVERPROPERTY('Edition')");
-					$row = $result->fetch_row();
-					$this->server_info = $this->result("sp_server_info 2", 2) . " [$row[0]] $row[1]";
+					if ($result) {
+						$row = $result->fetch_row();
+						$this->server_info = $this->result("sp_server_info 2", 2) . " [$row[0]] $row[1]";
+					}
 				} else {
 					$this->error = mssql_get_last_message();
 				}
@@ -239,7 +241,7 @@ if (isset($_GET["mssql"])) {
 			var $extension = "PDO_DBLIB";

 			function connect($server, $username, $password) {
-				$this->dsn("dblib:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\\d)~', ';port=\\1', $server)), $username, $password);
+				$this->dsn("dblib:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\d)~', ';port=\1', $server)), $username, $password);
 				return true;
 			}

@@ -406,7 +408,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)

 	function view($name) {
 		global $connection;
-		return array("select" => preg_replace('~^(?:[^[]|\\[[^]]*])*\\s+AS\\s+~isU', '', $connection->result("SELECT VIEW_DEFINITION FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_SCHEMA = SCHEMA_NAME() AND TABLE_NAME = " . q($name))));
+		return array("select" => preg_replace('~^(?:[^[]|\[[^]]*])*\s+AS\s+~isU', '', $connection->result("SELECT VIEW_DEFINITION FROM INFORMATION_SCHEMA.VIEWS WHERE TABLE_SCHEMA = SCHEMA_NAME() AND TABLE_NAME = " . q($name))));
 	}

 	function collations() {
@@ -423,7 +425,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)

 	function error() {
 		global $connection;
-		return nl_br(h(preg_replace('~^(\\[[^]]*])+~m', '', $connection->error)));
+		return nl_br(h(preg_replace('~^(\[[^]]*])+~m', '', $connection->error)));
 	}

 	function create_database($db, $collation) {
@@ -454,7 +456,7 @@ WHERE OBJECT_NAME(i.object_id) = " . q($table)
 			if (!$val) {
 				$alter["DROP"][] = " COLUMN $column";
 			} else {
-				$val[1] = preg_replace("~( COLLATE )'(\\w+)'~", "\\1\\2", $val[1]);
+				$val[1] = preg_replace("~( COLLATE )'(\\w+)'~", '\1\2', $val[1]);
 				if ($field[0] == "") {
 					$alter["ADD"][] = "\n  " . implode("", $val) . ($table == "" ? substr($foreign[$val[0]], 16 + strlen($val[0])) : ""); // 16 - strlen("  FOREIGN KEY ()")
 				} else {
@@ -561,7 +563,7 @@ WHERE s.xtype = 'TR' AND s.name = " . q($name)
 		); // triggers are not schema-scoped
 		$return = reset($rows);
 		if ($return) {
-			$return["Statement"] = preg_replace('~^.+\\s+AS\\s+~isU', '', $return["text"]); //! identifiers, comments
+			$return["Statement"] = preg_replace('~^.+\s+AS\s+~isU', '', $return["text"]); //! identifiers, comments
 		}
 		return $return;
 	}
--- a/adminer/drivers/mysql.inc.php
+++ b/adminer/drivers/mysql.inc.php
@@ -30,6 +30,7 @@ if (!defined("DRIVER")) {
 					(!is_numeric($port) ? $port : $socket),
 					($ssl ? 64 : 0) // 64 - MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT (not available before PHP 5.6.16)
 				);
+				$this->options(MYSQLI_OPT_LOCAL_INFILE, false);
 				return $return;
 			}

@@ -56,7 +57,7 @@ if (!defined("DRIVER")) {
 			}
 		}

-	} elseif (extension_loaded("mysql") && !(ini_get("sql.safe_mode") && extension_loaded("pdo_mysql"))) {
+	} elseif (extension_loaded("mysql") && !((ini_bool("sql.safe_mode") || ini_bool("mysql.allow_local_infile")) && extension_loaded("pdo_mysql"))) {
 		class Min_DB {
 			var
 				$extension = "MySQL", ///< @var string extension name
@@ -74,6 +75,10 @@ if (!defined("DRIVER")) {
 			* @return bool
 			*/
 			function connect($server, $username, $password) {
+				if (ini_bool("mysql.allow_local_infile")) {
+					$this->error = lang('Disable %s or enable %s or %s extensions.', "'mysql.allow_local_infile'", "MySQLi", "PDO_MySQL");
+					return false;
+				}
 				$this->_link = @mysql_connect(
 					($server != "" ? $server : ini_get("mysql.default_host")),
 					("$server$username" != "" ? $username : ini_get("mysql.default_user")),
@@ -230,17 +235,17 @@ if (!defined("DRIVER")) {

 			function connect($server, $username, $password) {
 				global $adminer;
-				$options = array();
+				$options = array(PDO::MYSQL_ATTR_LOCAL_INFILE => false);
 				$ssl = $adminer->connectSsl();
 				if ($ssl) {
-					$options = array(
+					$options += array(
 						PDO::MYSQL_ATTR_SSL_KEY => $ssl['key'],
 						PDO::MYSQL_ATTR_SSL_CERT => $ssl['cert'],
 						PDO::MYSQL_ATTR_SSL_CA => $ssl['ca'],
 					);
 				}
 				$this->dsn(
-					"mysql:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\\d)~', ';port=\\1', $server)),
+					"mysql:charset=utf8;host=" . str_replace(":", ";unix_socket=", preg_replace('~:(\d)~', ';port=\1', $server)),
 					$username,
 					$password,
 					$options
@@ -298,8 +303,18 @@ if (!defined("DRIVER")) {
 			return queries($prefix . implode(",\n", $values) . $suffix);
 		}
 		
+		function slowQuery($query, $timeout) {
+			if (min_version('5.7.8', '10.1.2')) {
+				if (preg_match('~MariaDB~', $this->_conn->server_info)) {
+					return "SET STATEMENT max_statement_time=$timeout FOR $query";
+				} elseif (preg_match('~^(SELECT\b)(.+)~is', $query, $match)) {
+					return "$match[1] /*+ MAX_EXECUTION_TIME(" . ($timeout * 1000) . ") */ $match[2]";
+				}
+			}
+		}
+
 		function convertSearch($idf, $val, $field) {
-			return (preg_match('~char|text|enum|set~', $field["type"]) && !preg_match("~^utf8~", $field["collation"])
+			return (preg_match('~char|text|enum|set~', $field["type"]) && !preg_match("~^utf8~", $field["collation"]) && preg_match('~[\x80-\xFF]~', $val['val'])
 				? "CONVERT($idf USING " . charset($this->_conn) . ")"
 				: $idf
 			);
@@ -376,7 +391,7 @@ if (!defined("DRIVER")) {
 		$return = get_session("dbs");
 		if ($return === null) {
 			$query = (min_version(5)
-				? "SELECT SCHEMA_NAME FROM information_schema.SCHEMATA"
+				? "SELECT SCHEMA_NAME FROM information_schema.SCHEMATA ORDER BY SCHEMA_NAME"
 				: "SHOW DATABASES"
 			); // SHOW DATABASES can be disabled by skip_show_database
 			$return = ($flush ? slow_query($query) : get_vals($query));
@@ -484,7 +499,7 @@ if (!defined("DRIVER")) {
 		) as $row) {
 			if ($row["Engine"] == "InnoDB") {
 				// ignore internal comment, unnecessary since MySQL 5.1.21
-				$row["Comment"] = preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["Comment"]);
+				$row["Comment"] = preg_replace('~(?:(.+); )?InnoDB free: .*~', '\1', $row["Comment"]);
 			}
 			if (!isset($row["Engine"])) {
 				$row["Comment"] = "";
@@ -521,7 +536,7 @@ if (!defined("DRIVER")) {
 	function fields($table) {
 		$return = array();
 		foreach (get_rows("SHOW FULL COLUMNS FROM " . table($table)) as $row) {
-			preg_match('~^([^( ]+)(?:\\((.+)\\))?( unsigned)?( zerofill)?$~', $row["Type"], $match);
+			preg_match('~^([^( ]+)(?:\((.+)\))?( unsigned)?( zerofill)?$~', $row["Type"], $match);
 			$return[$row["Field"]] = array(
 				"field" => $row["Field"],
 				"full_type" => $row["Type"],
@@ -591,7 +606,7 @@ if (!defined("DRIVER")) {
 	*/
 	function view($name) {
 		global $connection;
-		return array("select" => preg_replace('~^(?:[^`]|`[^`]*`)*\\s+AS\\s+~isU', '', $connection->result("SHOW CREATE VIEW " . table($name), 1)));
+		return array("select" => preg_replace('~^(?:[^`]|`[^`]*`)*\s+AS\s+~isU', '', $connection->result("SHOW CREATE VIEW " . table($name), 1)));
 	}

 	/** Get sorted grouped list of collations
@@ -801,6 +816,12 @@ if (!defined("DRIVER")) {
 			) {
 				return false;
 			}
+			foreach (get_rows("SHOW TRIGGERS LIKE " . q(addcslashes($table, "%_\\"))) as $row) {
+				$trigger = $row["Trigger"];
+				if (!queries("CREATE TRIGGER " . ($target == DB ? idf_escape("copy_$trigger") : idf_escape($target) . "." . idf_escape($trigger)) . " $row[Timing] $row[Event] ON $name FOR EACH ROW\n$row[Statement];")) {
+					return false;
+				}
+			}
 		}
 		foreach ($views as $table) {
 			$name = ($target == DB ? table("copy_$table") : idf_escape($target) . "." . table($table));
@@ -870,7 +891,7 @@ if (!defined("DRIVER")) {
 				"field" => $name,
 				"type" => strtolower($param[5]),
 				"length" => preg_replace_callback("~$enum_length~s", 'normalize_enum', $param[6]),
-				"unsigned" => strtolower(preg_replace('~\\s+~', ' ', trim("$param[8] $param[7]"))),
+				"unsigned" => strtolower(preg_replace('~\s+~', ' ', trim("$param[8] $param[7]"))),
 				"null" => 1,
 				"full_type" => $param[4],
 				"inout" => strtoupper($param[1]),
@@ -976,7 +997,7 @@ if (!defined("DRIVER")) {
 		global $connection;
 		$return = $connection->result("SHOW CREATE TABLE " . table($table), 1);
 		if (!$auto_increment) {
-			$return = preg_replace('~ AUTO_INCREMENT=\\d+~', '', $return); //! skip comments
+			$return = preg_replace('~ AUTO_INCREMENT=\d+~', '', $return); //! skip comments
 		}
 		return $return;
 	}
@@ -1105,7 +1126,7 @@ if (!defined("DRIVER")) {
 	$grouping = array("avg", "count", "count distinct", "group_concat", "max", "min", "sum"); ///< @var array grouping functions used in select
 	$edit_functions = array( ///< @var array of array("$type|$type2" => "$function/$function2") functions used in editing, [0] - edit and insert, [1] - edit only
 		array(
-			"char" => "md5/sha1/password/encrypt/uuid", //! JavaScript for disabling maxlength
+			"char" => "md5/sha1/password/encrypt/uuid",
 			"binary" => "md5/sha1",
 			"date|time" => "now",
 		), array(
--- a/adminer/drivers/pgsql.inc.php
+++ b/adminer/drivers/pgsql.inc.php
@@ -6,7 +6,7 @@ if (isset($_GET["pgsql"])) {
 	define("DRIVER", "pgsql");
 	if (extension_loaded("pgsql")) {
 		class Min_DB {
-			var $extension = "PgSQL", $_link, $_result, $_string, $_database = true, $server_info, $affected_rows, $error;
+			var $extension = "PgSQL", $_link, $_result, $_string, $_database = true, $server_info, $affected_rows, $error, $timeout;

 			function _error($errno, $error) {
 				if (ini_bool("html_errors")) {
@@ -69,12 +69,18 @@ if (isset($_GET["pgsql"])) {
 				$this->error = "";
 				if (!$result) {
 					$this->error = pg_last_error($this->_link);
-					return false;
+					$return = false;
 				} elseif (!pg_num_fields($result)) {
 					$this->affected_rows = pg_affected_rows($result);
-					return true;
+					$return = true;
+				} else {
+					$return = new Min_Result($result);
 				}
-				return new Min_Result($result);
+				if ($this->timeout) {
+					$this->timeout = 0;
+					$this->query("RESET statement_timeout");
+				}
+				return $return;
 			}

 			function multi_query($query) {
@@ -139,7 +145,7 @@ if (isset($_GET["pgsql"])) {

 	} elseif (extension_loaded("pdo_pgsql")) {
 		class Min_DB extends Min_PDO {
-			var $extension = "PDO_PgSQL";
+			var $extension = "PDO_PgSQL", $timeout;

 			function connect($server, $username, $password) {
 				global $adminer;
@@ -155,14 +161,19 @@ if (isset($_GET["pgsql"])) {
 				return ($adminer->database() == $database);
 			}

-			function value($val, $field) {
-				return $val;
-			}
-
 			function quoteBinary($s) {
 				return q($s);
 			}

+			function query($query, $unbuffered = false) {
+				$return = parent::query($query, $unbuffered);
+				if ($this->timeout) {
+					$this->timeout = 0;
+					parent::query("RESET statement_timeout");
+				}
+				return $return;
+			}
+
 			function warnings() {
 				return ''; // not implemented in PDO_PgSQL as of PHP 7.2.1
 			}
@@ -197,17 +208,21 @@ if (isset($_GET["pgsql"])) {
 			return true;
 		}

+		function slowQuery($query, $timeout) {
+			$this->_conn->query("SET statement_timeout = " . (1000 * $timeout));
+			$this->_conn->timeout = 1000 * $timeout;
+			return $query;
+		}
+
 		function convertSearch($idf, $val, $field) {
-			return (preg_match('~char|text' . (is_numeric($val["val"]) && !preg_match('~LIKE~', $val["op"]) ? '|' . number_type() : '') . '~', $field["type"])
+			return (preg_match('~char|text'
+					. (!preg_match('~LIKE~', $val["op"]) ? '|date|time(stamp)?|boolean|uuid|' . number_type() : '')
+					. '~', $field["type"])
 				? $idf
 				: "CAST($idf AS text)"
 			);
 		}

-		function value($val, $field) {
-			return $this->_conn->value($val, $field);
-		}
-
 		function quoteBinary($s) {
 			return $this->_conn->quoteBinary($s);
 		}
@@ -271,7 +286,7 @@ if (isset($_GET["pgsql"])) {
 	function limit1($table, $query, $where, $separator = "\n") {
 		return (preg_match('~^INTO~', $query)
 			? limit($query, $where, 1, 0, $separator)
-			: " $query WHERE ctid = (SELECT ctid FROM " . table($table) . $where . $separator . "LIMIT 1)"
+			: " $query" . (is_view(table_status1($table)) ? $where : " WHERE ctid = (SELECT ctid FROM " . table($table) . $where . $separator . "LIMIT 1)")
 		);
 	}

@@ -358,7 +373,7 @@ ORDER BY a.attnum"
 				$row["full_type"] = $row["type"] . $length . $addon . $array;
 			}
 			$row["null"] = !$row["attnotnull"];
-			$row["auto_increment"] = preg_match('~^nextval\\(~i', $row["default"]);
+			$row["auto_increment"] = preg_match('~^nextval\(~i', $row["default"]);
 			$row["privileges"] = array("insert" => 1, "select" => 1, "update" => 1);
 			if (preg_match('~(.+)::[^)]+(.*)~', $row["default"], $match)) {
 				$row["default"] = ($match[1] == "NULL" ? null : (($match[1][0] == "'" ? idf_unescape($match[1]) : $match[1]) . $match[2]));
@@ -434,8 +449,8 @@ WHERE table_schema = current_schema() AND table_name = " . q($name))));
 	function error() {
 		global $connection;
 		$return = h($connection->error);
-		if (preg_match('~^(.*\\n)?([^\\n]*)\\n( *)\\^(\\n.*)?$~s', $return, $match)) {
-			$return = $match[1] . preg_replace('~((?:[^&]|&[^;]*;){' . strlen($match[3]) . '})(.*)~', '\\1<b>\\2</b>', $match[2]) . $match[4];
+		if (preg_match('~^(.*\n)?([^\n]*)\n( *)\^(\n.*)?$~s', $return, $match)) {
+			$return = $match[1] . preg_replace('~((?:[^&]|&[^;]*;){' . strlen($match[3]) . '})(.*)~', '\1<b>\2</b>', $match[2]) . $match[4];
 		}
 		return nl_br($return);
 	}
@@ -830,7 +845,7 @@ AND typelem = 0"
 		$structured_types[$key] = array_keys($val);
 	}
 	$unsigned = array();
-	$operators = array("=", "<", ">", "<=", ">=", "!=", "~", "!~", "LIKE", "LIKE %%", "ILIKE", "ILIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL"); // no "SQL" to avoid SQL injection
+	$operators = array("=", "<", ">", "<=", ">=", "!=", "~", "!~", "LIKE", "LIKE %%", "ILIKE", "ILIKE %%", "IN", "IS NULL", "NOT LIKE", "NOT IN", "IS NOT NULL"); // no "SQL" to avoid CSRF
 	$functions = array("char_length", "lower", "round", "to_hex", "to_timestamp", "upper");
 	$grouping = array("avg", "count", "count distinct", "max", "min", "sum");
 	$edit_functions = array(
--- a/adminer/drivers/simpledb.inc.php
+++ b/adminer/drivers/simpledb.inc.php
@@ -19,6 +19,7 @@ if (isset($_GET["simpledb"])) {
 					$params['NextToken'] = $this->next;
 				}
 				$result = sdb_request_all('Select', 'Item', $params, $this->timeout); //! respect $unbuffered
+				$this->timeout = 0;
 				if ($result === false) {
 					return $result;
 				}
@@ -236,12 +237,22 @@ if (isset($_GET["simpledb"])) {
 		function rollback() {
 			return false;
 		}
+		
+		function slowQuery($query, $timeout) {
+			$this->_conn->timeout = $timeout;
+			return $query;
+		}

 	}



 	function connect() {
+		global $adminer;
+		list(, , $password) = $adminer->credentials();
+		if ($password != "") {
+			return lang('Database does not support password.');
+		}
 		return new Min_DB;
 	}

--- a/adminer/drivers/sqlite.inc.php
+++ b/adminer/drivers/sqlite.inc.php
@@ -152,7 +152,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {

 				function fetch_field() {
 					$name = $this->_result->fieldName($this->_offset++);
-					$pattern = '(\\[.*]|"(?:[^"]|"")*"|(.+))';
+					$pattern = '(\[.*]|"(?:[^"]|"")*"|(.+))';
 					if (preg_match("~^($pattern\\.)?$pattern\$~", $name, $match)) {
 						$table = ($match[3] != "" ? $match[3] : idf_unescape($match[2]));
 						$name = ($match[5] != "" ? $match[5] : idf_unescape($match[4]));
@@ -240,6 +240,11 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
 	}

 	function connect() {
+		global $adminer;
+		list(, , $password) = $adminer->credentials();
+		if ($password != "") {
+			return lang('Database does not support password.');
+		}
 		return new Min_DB;
 	}

@@ -273,7 +278,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
 	}

 	function tables_list() {
-		return get_key_vals("SELECT name, type FROM sqlite_master WHERE type IN ('table', 'view') ORDER BY (name = 'sqlite_sequence'), name", 1);
+		return get_key_vals("SELECT name, type FROM sqlite_master WHERE type IN ('table', 'view') ORDER BY (name = 'sqlite_sequence'), name");
 	}

 	function count_tables($databases) {
@@ -402,7 +407,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {

 	function view($name) {
 		global $connection;
-		return array("select" => preg_replace('~^(?:[^`"[]+|`[^`]*`|"[^"]*")* AS\\s+~iU', '', $connection->result("SELECT sql FROM sqlite_master WHERE name = " . q($name)))); //! identifiers may be inside []
+		return array("select" => preg_replace('~^(?:[^`"[]+|`[^`]*`|"[^"]*")* AS\s+~iU', '', $connection->result("SELECT sql FROM sqlite_master WHERE name = " . q($name)))); //! identifiers may be inside []
 	}

 	function collations() {
@@ -649,7 +654,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
 		if ($name == "") {
 			return array("Statement" => "BEGIN\n\t;\nEND");
 		}
-		$idf = '(?:[^`"\\s]+|`[^`]*`|"[^"]*")+';
+		$idf = '(?:[^`"\s]+|`[^`]*`|"[^"]*")+';
 		$trigger_options = trigger_options();
 		preg_match(
 			"~^CREATE\\s+TRIGGER\\s*$idf\\s*(" . implode("|", $trigger_options["Timing"]) . ")\\s+([a-z]+)(?:\\s+OF\\s+($idf))?\\s+ON\\s*$idf\\s*(?:FOR\\s+EACH\\s+ROW\\s)?(.*)~is",
@@ -670,7 +675,7 @@ if (isset($_GET["sqlite"]) || isset($_GET["sqlite2"])) {
 		$return = array();
 		$trigger_options = trigger_options();
 		foreach (get_rows("SELECT * FROM sqlite_master WHERE type = 'trigger' AND tbl_name = " . q($table)) as $row) {
-			preg_match('~^CREATE\\s+TRIGGER\\s*(?:[^`"\\s]+|`[^`]*`|"[^"]*")+\\s*(' . implode("|", $trigger_options["Timing"]) . ')\\s*(.*)\\s+ON\\b~iU', $row["sql"], $match);
+			preg_match('~^CREATE\s+TRIGGER\s*(?:[^`"\s]+|`[^`]*`|"[^"]*")+\s*(' . implode("|", $trigger_options["Timing"]) . ')\s*(.*)\s+ON\b~iU', $row["sql"], $match);
 			$return[$row["name"]] = array($match[1], $match[2]);
 		}
 		return $return;
--- a/adminer/event.inc.php
+++ b/adminer/event.inc.php
@@ -42,7 +42,7 @@ if (!$row && $EVENT != "") {
 <tr><th><?php echo lang('Every'); ?><td><input type="number" name="INTERVAL_VALUE" value="<?php echo h($row["INTERVAL_VALUE"]); ?>" class="size"> <?php echo html_select("INTERVAL_FIELD", $intervals, $row["INTERVAL_FIELD"]); ?>
 <tr><th><?php echo lang('Status'); ?><td><?php echo html_select("STATUS", $statuses, $row["STATUS"]); ?>
 <tr><th><?php echo lang('Comment'); ?><td><input name="EVENT_COMMENT" value="<?php echo h($row["EVENT_COMMENT"]); ?>" maxlength="64">
-<tr><th>&nbsp;<td><?php echo checkbox("ON_COMPLETION", "PRESERVE", $row["ON_COMPLETION"] == "PRESERVE", lang('On completion preserve')); ?>
+<tr><th><td><?php echo checkbox("ON_COMPLETION", "PRESERVE", $row["ON_COMPLETION"] == "PRESERVE", lang('On completion preserve')); ?>
 </table>
 <p><?php textarea("EVENT_DEFINITION", $row["EVENT_DEFINITION"]); ?>
 <p>
--- a/adminer/file.inc.php
+++ b/adminer/file.inc.php
@@ -1,13 +1,5 @@
 <?php
-//! rewrite in compile.php to cache moderately with -dev version
-if ($_SERVER["HTTP_IF_MODIFIED_SINCE"]) {
-	header("HTTP/1.1 304 Not Modified");
-	exit;
-}
-
-header("Expires: " . gmdate("D, d M Y H:i:s", time() + 365*24*60*60) . " GMT");
-header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
-header("Cache-Control: immutable");
+// caching headers added in compile.php

 if ($_GET["file"] == "favicon.ico") {
 	header("Content-Type: image/x-icon");
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -75,7 +75,7 @@ class Adminer {
 	* @return float number of seconds
 	*/
 	function queryTimeout() {
-		return 5;
+		return 2;
 	}

 	/** Headers to send before HTML output
@@ -118,19 +118,26 @@ class Adminer {
 	*/
 	function loginForm() {
 		global $drivers;
-		?>
-<table cellspacing="0">
-<tr><th><?php echo lang('System'); ?><td><?php echo html_select("auth[driver]", $drivers, DRIVER) . "\n"; ?>
-<tr><th><?php echo lang('Server'); ?><td><input name="auth[server]" value="<?php echo h(SERVER); ?>" title="hostname[:port]" placeholder="localhost" autocapitalize="off">
-<tr><th><?php echo lang('Username'); ?><td><input name="auth[username]" id="username" value="<?php echo h($_GET["username"]); ?>" autocapitalize="off">
-<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
-<tr><th><?php echo lang('Database'); ?><td><input name="auth[db]" value="<?php echo h($_GET["db"]); ?>" autocapitalize="off">
-</table>
-<?php
-		echo script("focus(qs('#username'));"); 
+		echo "<table cellspacing='0'>\n";
+		echo $this->loginFormField('driver', '<tr><th>' . lang('System') . '<td>', html_select("auth[driver]", $drivers, DRIVER) . "\n");
+		echo $this->loginFormField('server', '<tr><th>' . lang('Server') . '<td>', '<input name="auth[server]" value="' . h(SERVER) . '" title="hostname[:port]" placeholder="localhost" autocapitalize="off">' . "\n");
+		echo $this->loginFormField('username', '<tr><th>' . lang('Username') . '<td>', '<input name="auth[username]" id="username" value="' . h($_GET["username"]) . '" autocapitalize="off">' . script("focus(qs('#username'));"));
+		echo $this->loginFormField('password', '<tr><th>' . lang('Password') . '<td>', '<input type="password" name="auth[password]">' . "\n");
+		echo $this->loginFormField('db', '<tr><th>' . lang('Database') . '<td>', '<input name="auth[db]" value="' . h($_GET["db"]) . '" autocapitalize="off">' . "\n");
+		echo "</table>\n";
 		echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
 		echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
 	}
+	
+	/** Get login form field
+	* @param string
+	* @param string HTML
+	* @param string HTML
+	* @return string
+	*/
+	function loginFormField($name, $heading, $value) {
+		return $heading . $value;
+	}

 	/** Authorize the user
 	* @param string
@@ -138,9 +145,8 @@ class Adminer {
 	* @return mixed true for success, string for error message, false for unknown error
 	*/
 	function login($login, $password) {
-		global $jush;
-		if ($jush == "sqlite") {
-			return lang('<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.', target_blank(), '<code>login()</code>');
+		if ($password == "") {
+			return lang('Adminer does not support accessing a database without a password, <a href="https://www.adminer.org/en/password/"%s>more information</a>.', target_blank());
 		}
 		return true;
 	}
@@ -312,7 +318,7 @@ class Adminer {
 			echo ($field["null"] ? " <i>NULL</i>" : "");
 			echo ($field["auto_increment"] ? " <i>" . lang('Auto Increment') . "</i>" : "");
 			echo (isset($field["default"]) ? " <span title='" . lang('Default value') . "'>[<b>" . h($field["default"]) . "</b>]</span>" : "");
-			echo (support("comment") ? "<td>" . nbsp($field["comment"]) : "");
+			echo (support("comment") ? "<td>" . h($field["comment"]) : "");
 			echo "\n";
 		}
 		echo "</table>\n";
@@ -553,7 +559,7 @@ class Adminer {
 					// find anywhere
 					$cols = array();
 					foreach ($fields as $name => $field) {
-						if ((is_numeric($val["val"]) || !preg_match('~' . number_type() . '|bit~', $field["type"]))
+						if ((preg_match('~^[-\d.' . (preg_match('~IN$~', $val["op"]) ? ',' : '') . ']+$~', $val["val"]) || !preg_match('~' . number_type() . '|bit~', $field["type"]))
 							&& (!preg_match("~[\x80-\xFF]~", $val["val"]) || preg_match('~char|text|enum|set~', $field["type"]))
 						) {
 							$cols[] = $prefix . $driver->convertSearch(idf_escape($name), $val, $field) . $cond;
@@ -575,7 +581,7 @@ class Adminer {
 		$return = array();
 		foreach ((array) $_GET["order"] as $key => $val) {
 			if ($val != "") {
-				$return[] = (preg_match('~^((COUNT\\(DISTINCT |[A-Z0-9_]+\\()(`(?:[^`]|``)+`|"(?:[^"]|"")+")\\)|COUNT\\(\\*\\))$~', $val) ? $val : idf_escape($val)) //! MS SQL uses []
+				$return[] = (preg_match('~^((COUNT\(DISTINCT |[A-Z0-9_]+\()(`(?:[^`]|``)+`|"(?:[^"]|"")+")\)|COUNT\(\*\))$~', $val) ? $val : idf_escape($val)) //! MS SQL uses []
 					. (isset($_GET["desc"][$key]) ? " DESC" : "")
 				;
 			}
@@ -718,7 +724,7 @@ class Adminer {
 			$return = "$function()";
 		} elseif (preg_match('~^current_(date|timestamp)$~', $function)) {
 			$return = $function;
-		} elseif (preg_match('~^([+-]|\\|\\|)$~', $function)) {
+		} elseif (preg_match('~^([+-]|\|\|)$~', $function)) {
 			$return = idf_escape($name) . " $function $return";
 		} elseif (preg_match('~^[+-] interval$~', $function)) {
 			$return = idf_escape($name) . " $function " . (preg_match("~^(\\d+|'[0-9.: -]') [A-Z_]+\$~i", $value) ? $value : $return);
@@ -837,7 +843,7 @@ class Adminer {
 						foreach ($row as $key => $val) {
 							$field = $fields[$key];
 							$row[$key] = ($val !== null
-								? unconvert_field($field, preg_match(number_type(), $field["type"]) && $val != '' ? $val : q($val))
+								? unconvert_field($field, preg_match(number_type(), $field["type"]) && $val != '' ? $val : q(($val === false ? 0 : $val)))
 								: "NULL"
 							);
 						}
@@ -962,7 +968,7 @@ class Adminer {
 				}
 				$server_info = $connection->server_info;
 				?>
-bodyLoad('<?php echo (is_object($connection) ? preg_replace('~^(\\d\\.?\\d).*~s', '\\1', $server_info) : ""); ?>'<?php echo (preg_match('~MariaDB~', $server_info) ? ", true" : ""); ?>);
+bodyLoad('<?php echo (is_object($connection) ? preg_replace('~^(\d\.?\d).*~s', '\1', $server_info) : ""); ?>'<?php echo (preg_match('~MariaDB~', $server_info) ? ", true" : ""); ?>);
 </script>
 <?php
 			}
@@ -991,6 +997,9 @@ bodyLoad('<?php echo (is_object($connection) ? preg_replace('~^(\\d\\.?\\d).*~s'
 	function databasesPrint($missing) {
 		global $adminer, $connection;
 		$databases = $this->databases();
+		if ($databases && !in_array(DB, $databases)) {
+			array_unshift($databases, DB);
+		}
 		?>
 <form action="">
 <p id="dbs">
@@ -1010,11 +1019,12 @@ bodyLoad('<?php echo (is_object($connection) ? preg_replace('~^(\\d\\.?\\d).*~s'
 				}
 			}
 		}
-		echo (isset($_GET["sql"]) ? '<input type="hidden" name="sql" value="">'
-			: (isset($_GET["schema"]) ? '<input type="hidden" name="schema" value="">'
-			: (isset($_GET["dump"]) ? '<input type="hidden" name="dump" value="">'
-			: (isset($_GET["privileges"]) ? '<input type="hidden" name="privileges" value="">'
-		: ""))));
+		foreach (array("import", "sql", "schema", "dump", "privileges") as $val) {
+			if (isset($_GET[$val])) {
+				echo "<input type='hidden' name='$val' value=''>";
+				break;
+			}
+		}
 		echo "</p></form>\n";
 	}

--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -120,6 +120,7 @@ function auth_error($error) {
 		if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$has_token) {
 			$error = lang('Session expired, please login again.');
 		} else {
+			restart_session();
 			add_invalid_login();
 			$password = get_password();
 			if ($password !== null) {
@@ -149,14 +150,17 @@ function auth_error($error) {
 	exit;
 }

+if (isset($_GET["username"]) && !class_exists("Min_DB")) {
+	unset($_SESSION["pwds"][DRIVER]);
+	unset_permanent();
+	page_header(lang('No extension'), lang('None of the supported PHP extensions (%s) are available.', implode(", ", $possible_drivers)), false);
+	page_footer("auth");
+	exit;
+}
+
+stop_session(true);
+
 if (isset($_GET["username"])) {
-	if (!class_exists("Min_DB")) {
-		unset($_SESSION["pwds"][DRIVER]);
-		unset_permanent();
-		page_header(lang('No extension'), lang('None of the supported PHP extensions (%s) are available.', implode(", ", $possible_drivers)), false);
-		page_footer("auth");
-		exit;
-	}
 	list($host, $port) = explode(":", SERVER, 2);
 	if (is_numeric($port) && $port < 1024) {
 		auth_error(lang('Connecting to privileged ports is not allowed.'));
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -33,7 +33,7 @@ if ($_GET["script"] == "version") {
 	exit;
 }

-global $adminer, $connection, $drivers, $edit_functions, $enum_length, $error, $functions, $grouping, $HTTPS, $inout, $jush, $LANG, $langs, $on_actions, $permanent, $structured_types, $has_token, $token, $translations, $types, $unsigned, $VERSION; // allows including Adminer inside a function
+global $adminer, $connection, $driver, $drivers, $edit_functions, $enum_length, $error, $functions, $grouping, $HTTPS, $inout, $jush, $LANG, $langs, $on_actions, $permanent, $structured_types, $has_token, $token, $translations, $types, $unsigned, $VERSION; // allows including Adminer inside a function

 if (!$_SERVER["REQUEST_URI"]) { // IIS 5 compatibility
 	$_SERVER["REQUEST_URI"] = $_SERVER["ORIG_PATH_INFO"];
@@ -44,13 +44,13 @@ if (!strpos($_SERVER["REQUEST_URI"], '?') && $_SERVER["QUERY_STRING"] != "") { /
 if ($_SERVER["HTTP_X_FORWARDED_PREFIX"]) {
 	$_SERVER["REQUEST_URI"] = $_SERVER["HTTP_X_FORWARDED_PREFIX"] . $_SERVER["REQUEST_URI"];
 }
-$HTTPS = $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off");
+$HTTPS = ($_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")) || ini_bool("session.cookie_secure"); // session.cookie_secure could be set on HTTP if we are behind a reverse proxy

@ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled
 if (!defined("SID")) {
 	session_cache_limiter(""); // to allow restarting session
 	session_name("adminer_sid"); // use specific session name to get own namespace
-	$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS);
+	$params = array(0, preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS);
 	if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
 		$params[] = true; // HttpOnly
 	}
@@ -83,7 +83,7 @@ include "../adminer/drivers/mysql.inc.php"; // must be included as last driver

 define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
 define("DB", $_GET["db"]); // for the sake of speed and size
-define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?'
+define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"]) . '?'
 	. (sid() ? SID . '&' : '')
 	. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
 	. (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '')
@@ -95,11 +95,6 @@ include "./include/adminer.inc.php";
 include "../adminer/include/design.inc.php";
 include "../adminer/include/xxtea.inc.php";
 include "../adminer/include/auth.inc.php";
-
-if (!ini_bool("session.use_cookies") || @ini_set("session.use_cookies", false) !== false) { // @ - may be disabled
-	session_write_close(); // improves concurrency if a user opens several pages at once, may be restarted later
-}
-
 include "./include/editing.inc.php";
 include "./include/connect.inc.php";

--- a/adminer/include/connect.inc.php
+++ b/adminer/include/connect.inc.php
@@ -32,7 +32,7 @@ function connect_error() {
 			echo "<table cellspacing='0' class='checkable'>\n";
 			echo script("mixin(qsl('table'), {onclick: tableClick, ondblclick: partialArg(tableClick, true)});");
 			echo "<thead><tr>"
-				. (support("database") ? "<td>&nbsp;" : "")
+				. (support("database") ? "<td>" : "")
 				. "<th>" . lang('Database') . " - <a href='" . h(ME) . "refresh=1'>" . lang('Refresh') . "</a>"
 				. "<td>" . lang('Collation')
 				. "<td>" . lang('Tables')
@@ -47,7 +47,7 @@ function connect_error() {
 				$id = h("Db-" . $db);
 				echo "<tr" . odd() . ">" . (support("database") ? "<td>" . checkbox("db[]", $db, in_array($db, (array) $_POST["db"]), "", "", "", $id) : "");
 				echo "<th><a href='$root' id='$id'>" . h($db) . "</a>";
-				$collation = nbsp(db_collation($db, $collations));
+				$collation = h(db_collation($db, $collations));
 				echo "<td>" . (support("database") ? "<a href='$root" . ($scheme ? "&amp;ns=" : "") . "&amp;database=' title='" . lang('Alter database') . "'>$collation</a>" : $collation);
 				echo "<td align='right'><a href='$root&amp;schema=' id='tables-" . h($db) . "' title='" . lang('Database schema') . "'>" . ($_GET["dbsize"] ? $tables : "?") . "</a>";
 				echo "<td align='right' id='size-" . h($db) . "'>" . ($_GET["dbsize"] ? db_size($db) : "?");
--- a/adminer/include/driver.inc.php
+++ b/adminer/include/driver.inc.php
@@ -113,6 +113,14 @@
 		return queries("ROLLBACK");
 	}
 	
+	/** Return query with a timeout
+	* @param string
+	* @param int seconds
+	* @return string or null if the driver doesn't support query timeouts
+	*/
+	function slowQuery($query, $timeout) {
+	}
+	
 	/** Convert column to be searchable
 	* @param string escaped column name
 	* @param array array("op" => , "val" => )
@@ -129,7 +137,10 @@
 	* @return string
 	*/
 	function value($val, $field) {
-		return $val;
+		return (method_exists($this->_conn, 'value')
+			? $this->_conn->value($val, $field)
+			: (is_resource($val) ? stream_get_contents($val) : $val)
+		);
 	}

 	/** Quote binary string
--- a/adminer/include/editing.inc.php
+++ b/adminer/include/editing.inc.php
@@ -64,8 +64,6 @@ function select($result, $connection2 = null, $orgtables = array(), $limit = 0)
 				$val = "<i>NULL</i>";
 			} elseif ($blobs[$key] && !is_utf8($val)) {
 				$val = "<i>" . lang('%d byte(s)', strlen($val)) . "</i>"; //! link to download
-			} elseif (!strlen($val)) { // strlen - SQLite can return int
-				$val = "&nbsp;"; // some content to print a border
 			} else {
 				$val = h($val);
 				if ($types[$key] == 254) { // 254 - char
@@ -156,7 +154,7 @@ echo optionlist(array_merge($extra_types, $structured_types), $type);
 ?></select>
 <?php echo on_help("getTarget(event).value", 1); ?>
 <?php echo script("mixin(qsl('select'), {onfocus: function () { lastType = selectValue(this); }, onchange: editingTypeChange});", ""); ?>
-<td><input name="<?php echo h($key); ?>[length]" value="<?php echo h($field["length"]); ?>" size="3"<?php echo (!$field["length"] && preg_match('~var(char|binary)$~', $type) ? " class='required'" : ""); ?> aria-labelledby="label-length"><?php echo script("mixin(qsl('input'), {onfocus: editingLengthFocus, oninput: editingLengthChange});", ""); ?><td class="options"><?php //! type="number" with enabled JavaScript
+<td><input name="<?php echo h($key); ?>[length]" value="<?php echo h($field["length"]); ?>" size="3"<?php echo (!$field["length"] && preg_match('~var(char|binary)$~', $type) ? " class='required'" : ""); //! type="number" with enabled JavaScript ?> aria-labelledby="label-length"><?php echo script("mixin(qsl('input'), {onfocus: editingLengthFocus, oninput: editingLengthChange});", ""); ?><td class="options"><?php
 	echo "<select name='" . h($key) . "[collation]'" . (preg_match('~(char|text|enum|set)$~', $type) ? "" : " class='hidden'") . '><option value="">(' . lang('collation') . ')' . optionlist($collations, $field["collation"]) . '</select>';
 	echo ($unsigned ? "<select name='" . h($key) . "[unsigned]'" . (!$type || preg_match(number_type(), $type) ? "" : " class='hidden'") . '><option>' . optionlist($unsigned, $field["unsigned"]) . '</select>' : '');
 	echo (isset($field['on_update']) ? "<select name='" . h($key) . "[on_update]'" . (preg_match('~timestamp|datetime~', $type) ? "" : " class='hidden'") . '>' . optionlist(array("" => "(" . lang('ON UPDATE') . ")", "CURRENT_TIMESTAMP"), $field["on_update"]) . '</select>' : '');
@@ -245,7 +243,7 @@ function edit_fields($fields, $collations, $type = "TABLE", $foreign_keys = arra
 	$fields = array_values($fields);
 	?>
 <thead><tr>
-<?php if ($type == "PROCEDURE") { ?><td>&nbsp;<?php } ?>
+<?php if ($type == "PROCEDURE") { ?><td><?php } ?>
 <th id="label-name"><?php echo ($type == "TABLE" ? lang('Column name') : lang('Parameter name')); ?>
 <td id="label-type"><?php echo lang('Type'); ?><textarea id="enum-edit" rows="4" cols="12" wrap="off" style="display: none;"></textarea><?php echo script("qs('#enum-edit').onblur = editingLengthBlur;"); ?>
 <td id="label-length"><?php echo lang('Length'); ?>
@@ -285,9 +283,9 @@ function edit_fields($fields, $collations, $type = "TABLE", $foreign_keys = arra
 		}
 		echo "<td>";
 		echo (support("move_col") ?
-			"<input type='image' class='icon' name='add[$i]' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'>&nbsp;"
-			. "<input type='image' class='icon' name='up[$i]' src='../adminer/static/up.gif' alt='↑' title='" . lang('Move up') . "'>&nbsp;"
-			. "<input type='image' class='icon' name='down[$i]' src='../adminer/static/down.gif' alt='↓' title='" . lang('Move down') . "'>&nbsp;"
+			"<input type='image' class='icon' name='add[$i]' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'> "
+			. "<input type='image' class='icon' name='up[$i]' src='../adminer/static/up.gif' alt='↑' title='" . lang('Move up') . "'> "
+			. "<input type='image' class='icon' name='down[$i]' src='../adminer/static/down.gif' alt='↓' title='" . lang('Move down') . "'> "
 		: "");
 		echo ($orig == "" || support("drop_col") ? "<input type='image' class='icon' name='drop_col[$i]' src='../adminer/static/cross.gif' alt='x' title='" . lang('Remove') . "'>" : "");
 	}
@@ -360,7 +358,7 @@ function grant($grant, $privileges, $columns, $on) {
 			: queries("$grant ALL PRIVILEGES$on") && queries("$grant GRANT OPTION$on")
 		);
 	}
-	return queries("$grant " . preg_replace('~(GRANT OPTION)\\([^)]*\\)~', '\\1', implode("$columns, ", $privileges) . $columns) . $on);
+	return queries("$grant " . preg_replace('~(GRANT OPTION)\([^)]*\)~', '\1', implode("$columns, ", $privileges) . $columns) . $on);
 }

 /** Drop old object and create a new one
@@ -443,7 +441,7 @@ function create_routine($routine, $row) {
 * @return string
 */
 function remove_definer($query) {
-	return preg_replace('~^([A-Z =]+) DEFINER=`' . preg_replace('~@(.*)~', '`@`(%|\\1)', logged_user()) . '`~', '\\1', $query); //! proper escaping of user
+	return preg_replace('~^([A-Z =]+) DEFINER=`' . preg_replace('~@(.*)~', '`@`(%|\1)', logged_user()) . '`~', '\1', $query); //! proper escaping of user
 }

 /** Format foreign key to use in SQL query
@@ -499,7 +497,7 @@ function ini_bytes($ini) {
 function doc_link($paths, $text = "<sup>?</sup>") {
 	global $jush, $connection;
 	$server_info = $connection->server_info;
-	$version = preg_replace('~^(\\d\\.?\\d).*~s', '\\1', $server_info); // two most significant digits
+	$version = preg_replace('~^(\d\.?\d).*~s', '\1', $server_info); // two most significant digits
 	$urls = array(
 		'sql' => "https://dev.mysql.com/doc/refman/$version/en/",
 		'sqlite' => "https://www.sqlite.org/",
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -154,14 +154,6 @@ function h($string) {
 	return str_replace("\0", "&#0;", htmlspecialchars($string, ENT_QUOTES, 'utf-8'));
 }

-/** Escape for TD
-* @param string
-* @return string
-*/
-function nbsp($string) {
-	return (trim($string) != "" ? h($string) : "&nbsp;");
-}
-
 /** Convert \n to <br>
 * @param string
 * @return string
@@ -401,19 +393,16 @@ function get_vals($query, $column = 0) {
 /** Get keys from first column and values from second
 * @param string
 * @param Min_DB
-* @param float
 * @param bool
 * @return array
 */
-function get_key_vals($query, $connection2 = null, $timeout = 0, $set_keys = true) {
+function get_key_vals($query, $connection2 = null, $set_keys = true) {
 	global $connection;
 	if (!is_object($connection2)) {
 		$connection2 = $connection;
 	}
 	$return = array();
-	$connection2->timeout = $timeout;
 	$result = $connection2->query($query);
-	$connection2->timeout = 0;
 	if (is_object($result)) {
 		while ($row = $result->fetch_row()) {
 			if ($set_keys) {
@@ -490,7 +479,7 @@ function where($where, $fields = array()) {
 		$key = bracket_escape($key, 1); // 1 - back
 		$column = escape_key($key);
 		$return[] = $column
-			. ($jush == "sql" && preg_match('~^[0-9]*\\.[0-9]*$~', $val) ? " LIKE " . q(addcslashes($val, "%_\\"))
+			. ($jush == "sql" && preg_match('~^[0-9]*\.[0-9]*$~', $val) ? " LIKE " . q(addcslashes($val, "%_\\"))
 				: ($jush == "mssql" ? " LIKE " . q(preg_replace('~[_%[]~', '[\0]', $val))
 				: " = " . unconvert_field($fields[$key], q($val))
 			)) // LIKE because of floats but slow with ints, in MS SQL because of text
@@ -557,7 +546,7 @@ function cookie($name, $value, $lifetime = 2592000) { // 2592000 - 30 days
 	global $HTTPS;
 	return header("Set-Cookie: $name=" . urlencode($value)
 		. ($lifetime ? "; expires=" . gmdate("D, d M Y H:i:s", time() + $lifetime) . " GMT" : "")
-		. "; path=" . preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])
+		. "; path=" . preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"])
 		. ($HTTPS ? "; secure" : "")
 		. "; HttpOnly; SameSite=lax",
 		false);
@@ -572,12 +561,13 @@ function restart_session() {
 	}
 }

-/** Stop session if it would be possible to restart it later
+/** Stop session if possible
+* @param bool
 * @return null
 */
-function stop_session() {
-	if (!ini_bool("session.use_cookies")) {
-		session_write_close();
+function stop_session($force = false) {
+	if (!ini_bool("session.use_cookies") || ($force && @ini_set("session.use_cookies", false) !== false)) { // @ - may be disabled
+		session_write_close(); // improves concurrency if a user opens several pages at once, may be restarted later
 	}
 }

@@ -607,7 +597,7 @@ function set_session($key, $val) {
 */
 function auth_url($vendor, $server, $username, $db = null) {
 	global $drivers;
-	preg_match('~([^?]*)\\??(.*)~', remove_from_uri(implode("|", array_keys($drivers)) . "|username|" . ($db !== null ? "db|" : "") . session_name()), $match);
+	preg_match('~([^?]*)\??(.*)~', remove_from_uri(implode("|", array_keys($drivers)) . "|username|" . ($db !== null ? "db|" : "") . session_name()), $match);
 	return "$match[1]?"
 		. (sid() ? SID . "&" : "")
 		. ($vendor != "server" || $server != "" ? urlencode($vendor) . "=" . urlencode($server) . "&" : "")
@@ -767,7 +757,7 @@ function get_file($key, $decompress = false) {
 		}
 		$name = $file["name"][$key];
 		$tmp_name = $file["tmp_name"][$key];
-		$content = file_get_contents($decompress && preg_match('~\\.gz$~', $name)
+		$content = file_get_contents($decompress && preg_match('~\.gz$~', $name)
 			? "compress.zlib://$tmp_name"
 			: $tmp_name
 		); //! may not be reachable because of open_basedir
@@ -812,7 +802,7 @@ function repeat_pattern($pattern, $length) {
 */
 function is_utf8($val) {
 	// don't print control chars except \t\r\n
-	return (preg_match('~~u', $val) && !preg_match('~[\\0-\\x8\\xB\\xC\\xE-\\x1F]~', $val));
+	return (preg_match('~~u', $val) && !preg_match('~[\0-\x8\xB\xC\xE-\x1F]~', $val));
 }

 /** Shorten UTF-8 string
@@ -946,14 +936,14 @@ function input($field, $value, $function) {
 	$functions = (isset($_GET["select"]) || $reset ? array("orig" => lang('original')) : array()) + $adminer->editFunctions($field);
 	$attrs = " name='fields[$name]'";
 	if ($field["type"] == "enum") {
-		echo nbsp($functions[""]) . "<td>" . $adminer->editInput($_GET["edit"], $field, $attrs, $value);
+		echo h($functions[""]) . "<td>" . $adminer->editInput($_GET["edit"], $field, $attrs, $value);
 	} else {
 		$has_function = (in_array($function, $functions) || isset($functions[$function]));
 		echo (count($functions) > 1
 			? "<select name='function[$name]'>" . optionlist($functions, $function === null || $has_function ? $function : "") . "</select>"
 				. on_help("getTarget(event).value.replace(/^SQL\$/, '')", 1)
 				. script("qsl('select').onchange = functionChange;", "")
-			: nbsp(reset($functions))
+			: h(reset($functions))
 		) . '<td>';
 		$input = $adminer->editInput($_GET["edit"], $field, $attrs, $value); // usage in call is without a table
 		if ($input != "") {
@@ -982,7 +972,7 @@ function input($field, $value, $function) {
 			echo "<textarea$attrs cols='50' rows='12' class='jush-js'>" . h($value) . '</textarea>';
 		} else {
 			// int(3) is only a display hint
-			$maxlength = (!preg_match('~int~', $field["type"]) && preg_match('~^(\\d+)(,(\\d+))?$~', $field["length"], $match) ? ((preg_match("~binary~", $field["type"]) ? 2 : 1) * $match[1] + ($match[3] ? 1 : 0) + ($match[2] && !$field["unsigned"] ? 1 : 0)) : ($types[$field["type"]] ? $types[$field["type"]] + ($field["unsigned"] ? 0 : 1) : 0));
+			$maxlength = (!preg_match('~int~', $field["type"]) && preg_match('~^(\d+)(,(\d+))?$~', $field["length"], $match) ? ((preg_match("~binary~", $field["type"]) ? 2 : 1) * $match[1] + ($match[3] ? 1 : 0) + ($match[2] && !$field["unsigned"] ? 1 : 0)) : ($types[$field["type"]] ? $types[$field["type"]] + ($field["unsigned"] ? 0 : 1) : 0));
 			if ($jush == 'sql' && min_version(5.6) && preg_match('~time~', $field["type"])) {
 				$maxlength += 7; // microtime
 			}
@@ -1253,9 +1243,7 @@ function select_value($val, $link, $field, $text_length) {
 	}
 	$return = $adminer->editVal($val, $field);
 	if ($return !== null) {
-		if ($return === "") { // === - may be int
-			$return = "&nbsp;";
-		} elseif (!is_utf8($return)) {
+		if (!is_utf8($return)) {
 			$return = "\0"; // htmlspecialchars of binary data returns an empty string
 		} elseif ($text_length != "" && is_shortable($field)) {
 			$return = shorten_utf8($return, max(0, +$text_length)); // usage of LEFT() would reduce traffic but complicate query - expected average speedup: .001 s VS .01 s on local network
@@ -1315,10 +1303,11 @@ function count_rows($table, $where, $is_group, $group) {
 * @return array of strings
 */
 function slow_query($query) {
-	global $adminer, $token;
+	global $adminer, $token, $driver;
 	$db = $adminer->database();
 	$timeout = $adminer->queryTimeout();
-	if (support("kill") && is_object($connection2 = connect()) && ($db == "" || $connection2->select_db($db))) {
+	$slow_query = $driver->slowQuery($query, $timeout);
+	if (!$slow_query && support("kill") && is_object($connection2 = connect()) && ($db == "" || $connection2->select_db($db))) {
 		$kill = $connection2->result(connection_id()); // MySQL and MySQLi can use thread_id but it's not in PDO_MySQL
 		?>
 <script<?php echo nonce(); ?>>
@@ -1333,7 +1322,7 @@ var timeout = setTimeout(function () {
 	}
 	ob_flush();
 	flush();
-	$return = @get_key_vals($query, $connection2, $timeout, false); // @ - may be killed
+	$return = @get_key_vals(($slow_query ? $slow_query : $query), $connection2, false); // @ - may be killed
 	if ($connection2) {
 		echo script("clearTimeout(timeout);");
 		ob_flush();
--- a/adminer/include/pdo.inc.php
+++ b/adminer/include/pdo.inc.php
@@ -29,6 +29,9 @@ if (extension_loaded('pdo')) {
 			$this->error = "";
 			if (!$result) {
 				list(, $this->errno, $this->error) = $this->errorInfo();
+				if (!$this->error) {
+					$this->error = lang('Unknown error.');
+				}
 				return false;
 			}
 			$this->store_result($result);
--- a/adminer/include/version.inc.php
+++ b/adminer/include/version.inc.php
@@ -1,2 +1,2 @@
 <?php
-$VERSION = "4.6.2";
+$VERSION = "4.6.3";
--- a/adminer/indexes.inc.php
+++ b/adminer/indexes.inc.php
@@ -99,7 +99,7 @@ if (!$row) {
 <th id="label-type"><?php echo lang('Index Type'); ?>
 <th><input type="submit" class="wayoff"><?php echo lang('Column (length)'); ?>
 <th id="label-name"><?php echo lang('Name'); ?>
-<th><noscript><input type='image' class='icon' name='add[0]' src='../adminer/static/plus.gif' alt='+' title='<?php echo lang('Add next'); ?>'></noscript>&nbsp;
+<th><noscript><?php echo "<input type='image' class='icon' name='add[0]' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'>"; ?></noscript>
 </thead>
 <?php
 if ($primary) {
--- a/adminer/lang/cs.inc.php
+++ b/adminer/lang/cs.inc.php
@@ -10,9 +10,10 @@ $translations = array(
 	'Logout' => 'Odhlásit',
 	'Logged as: %s' => 'Přihlášen jako: %s',
 	'Logout successful.' => 'Odhlášení proběhlo v pořádku.',
-	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Díky za použití Admineru, zvažte <a href="%s">příspěvek</a>.',
+	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Díky za použití Admineru, <a href="%s">příspějte</a> na vývoj.',
 	'Invalid credentials.' => 'Neplatné přihlašovací údaje.',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => 'Pro přihlášení k SQLite <a href="https://www.adminer.org/cs/extension/"%s>implementujte</a> metodu %s.',
+	'Adminer does not support accessing a database without a password, <a href="https://www.adminer.org/en/password/"%s>more information</a>.' => 'Adminer nepodporuje přístup k databázi bez hesla, <a href="https://www.adminer.org/cs/password/"%s>více informací</a>.',
+	'Database does not support password.' => 'Databáze nepodporuje heslo.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minutu.', 'Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minuty.', 'Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minut.'),
 	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Platnost hlavního hesla vypršela. <a href="https://www.adminer.org/cs/extension/"%s>Implementujte</a> metodu %s, aby platilo stále.',
 	'Language' => 'Jazyk',
@@ -21,6 +22,7 @@ $translations = array(
 	'No extension' => 'Žádné rozšíření',
 	'None of the supported PHP extensions (%s) are available.' => 'Není dostupné žádné z podporovaných PHP rozšíření (%s).',
 	'Connecting to privileged ports is not allowed.' => 'Připojování k privilegovaným portům není povoleno.',
+	'Disable %s or enable %s or %s extensions.' => 'Zakažte %s nebo povolte extenze %s nebo %s.',
 	'Session support must be enabled.' => 'Session proměnné musí být povolené.',
 	'Session expired, please login again.' => 'Session vypršela, přihlašte se prosím znovu.',
 	'The action will be performed after successful login with the same credentials.' => 'Akce bude provedena po úspěšném přihlášení se stejnými přihlašovacími údaji.',
@@ -53,6 +55,7 @@ $translations = array(
 	'Query executed OK, %d row(s) affected.' => array('Příkaz proběhl v pořádku, byl změněn %d záznam.', 'Příkaz proběhl v pořádku, byly změněny %d záznamy.', 'Příkaz proběhl v pořádku, bylo změněno %d záznamů.'),
 	'No commands to execute.' => 'Žádné příkazy k vykonání.',
 	'Error in query' => 'Chyba v dotazu',
+	'Unknown error.' => 'Neznámá chyba.',
 	'Warnings' => 'Varování',
 	'ATTACH queries are not supported.' => 'Dotazy ATTACH nejsou podporované.',
 	'Execute' => 'Provést',
--- a/adminer/lang/he.inc.php
+++ b/adminer/lang/he.inc.php
@@ -276,7 +276,6 @@ $translations = array(
 	'ATTACH queries are not supported.' => 'שאילתת ATTACH אינה נתמכת',
 	'%d / ' => '%d / ',
 	'Limit rows' => 'הגבל שורות',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/"%s>התקן</a> את תוסף SQLite בשביל להתחבר',
 	'Default value' => 'ערך ברירת מחדל',
 	'Full table scan' => 'סריקה טבלה מלאה',
 	'Too many unsuccessful logins, try again in %d minute(s).' => 'יותר מידי נסיונות כניסה נכשלו, אנא נסה עוד %d דקות',
--- a/adminer/lang/ms.inc.php
+++ b/adminer/lang/ms.inc.php
@@ -12,7 +12,6 @@ $translations = array(
 	'Logout successful.' => 'Log keluar berjaya.',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Terima kasih kerana menggunakan Adminer, pertimbangkan untuk <a href="%s">menderma</a>.',
 	'Invalid credentials.' => 'Akses tidak sah.',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/"%s>Gunakan</a> cara %s untuk menggunakan SQLite.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => 'Terlalu banyak percubaan log masuk yang gagal, sila cuba lagi dalam masa %d minit.',
 	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Kata laluan utama telah luput. <a href="https://www.adminer.org/en/extension/"%s>Gunakan</a> cara %s untuk mengekalkannya.',
 	'Language' => 'Bahasa',
--- a/adminer/lang/pl.inc.php
+++ b/adminer/lang/pl.inc.php
@@ -12,7 +12,6 @@ $translations = array(
 	'Logout successful.' => 'Wylogowano pomyślnie.',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Dziękujemy za używanie Adminera, rozważ proszę <a href="%s">dotację</a>.',
 	'Invalid credentials.' => 'Nieprawidłowe dane logowania.',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/pl/extension/"%s>Zaimplementuj</a> metodę %s aby użyć SQLite.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Za dużo nieudanych prób logowania, spróbuj ponownie za %d minutę.', 'Za dużo nieudanych prób logowania, spróbuj ponownie za %d minuty.', 'Za dużo nieudanych prób logowania, spróbuj ponownie za %d minut.'),
 	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Ważność hasła głównego wygasła. <a href="https://www.adminer.org/pl/extension/"%s>Zaimplementuj</a> własną metodę %s, aby ustawić je na stałe.',
 	'Language' => 'Język',
--- a/adminer/lang/ru.inc.php
+++ b/adminer/lang/ru.inc.php
@@ -276,7 +276,6 @@ $translations = array(
 	'ATTACH queries are not supported.' => 'ATTACH-запросы не поддерживаются.',
 	'%d / ' => '%d / ',
 	'Limit rows' => 'Лимит строк',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/"%s>Реализуйте</a> метод %s, чтобы использовать SQLite.',
 	'Default value' => 'Значение по умолчанию',
 	'Full table scan' => 'Анализ полной таблицы',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Слишком много неудачных попыток входа. Попробуйте снова через %d минуту.', 'Слишком много неудачных попыток входа. Попробуйте снова через %d минуты.', 'Слишком много неудачных попыток входа. Попробуйте снова через %d минут.'),
--- a/adminer/lang/tr.inc.php
+++ b/adminer/lang/tr.inc.php
@@ -12,7 +12,6 @@ $translations = array(
 	'Logout successful.' => 'Oturum başarıyla sonlandı.',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Adminer kullandığınız için teşekkür ederiz <a href="%s">bağış yapmayı düşünün</a>.',
 	'Invalid credentials.' => 'Geçersiz kimlik bilgileri.',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => 'SQLite kullanmak için <a href="https://www.adminer.org/en/extension/"%s>%s metodunu</a> kullanın.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Çok fazla oturum açma denemesi yapıldı.', '%d Dakika sonra tekrar deneyiniz.'),
 	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Ana şifrenin süresi doldu. Kalıcı olması için <a href="https://www.adminer.org/en/extension/"%s>%s medodunu</a> kullanın.',
 	'Language' => 'Dil',
--- a/adminer/lang/xx.inc.php
+++ b/adminer/lang/xx.inc.php
@@ -12,7 +12,8 @@ $translations = array(
 	'Logout successful.' => 'Xx.',
 	'Thanks for using Adminer, consider <a href="%s">donating</a>.' => 'Xx <a href="%s">xx</a>.',
 	'Invalid credentials.' => 'Xx.',
-	'<a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to use SQLite.' => '<a href="https://www.adminer.org/en/extension/"%s>Xx</a> %s xx.',
+	'Adminer does not support accessing a database without a password, <a href="https://www.adminer.org/en/password/"%s>more information</a>.' => 'Xx, <a href="https://www.adminer.org/en/password/"%s>xx</a>.',
+	'Database does not support password.' => 'Xx.',
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Xx %d.', 'Xx %d.'),
 	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => '<a href="https://www.adminer.org/en/extension/"%s>Xx</a> %s xx.',
 	'Language' => 'Xx',
@@ -21,6 +22,7 @@ $translations = array(
 	'No extension' => 'Xx',
 	'None of the supported PHP extensions (%s) are available.' => 'Xx (%s).',
 	'Connecting to privileged ports is not allowed.' => 'Xx.',
+	'Disable %s or enable %s or %s extensions.' => 'Xx %s xx %s xx %s xx.',
 	'Session support must be enabled.' => 'Xx.',
 	'Session expired, please login again.' => 'Xx.',
 	'The action will be performed after successful login with the same credentials.' => 'Xx.',
@@ -53,6 +55,7 @@ $translations = array(
 	'Query executed OK, %d row(s) affected.' => array('Xx, %d.', 'Xx, %d.'),
 	'No commands to execute.' => 'Xx.',
 	'Error in query' => 'Xx',
+	'Unknown error.' => 'Xx.',
 	'Warnings' => 'Xx',
 	'ATTACH queries are not supported.' => 'Xx.',
 	'Execute' => 'Xx',
--- a/adminer/privileges.inc.php
+++ b/adminer/privileges.inc.php
@@ -15,7 +15,7 @@ hidden_fields_get();
 echo "<input type='hidden' name='db' value='" . h(DB) . "'>\n";
 echo ($grant ? "" : "<input type='hidden' name='grant' value=''>\n");
 echo "<table cellspacing='0'>\n";
-echo "<thead><tr><th>" . lang('Username') . "<th>" . lang('Server') . "<th>&nbsp;</thead>\n";
+echo "<thead><tr><th>" . lang('Username') . "<th>" . lang('Server') . "<th></thead>\n";

 while ($row = $result->fetch_assoc()) {
 	echo '<tr' . odd() . '><td>' . h($row["User"]) . "<td>" . h($row["Host"]) . '<td><a href="' . h(ME . 'user=' . urlencode($row["User"]) . '&host=' . urlencode($row["Host"])) . '">' . lang('Edit') . "</a>\n";
--- a/adminer/processlist.inc.php
+++ b/adminer/processlist.inc.php
@@ -21,7 +21,7 @@ $i = -1;
 foreach (process_list() as $i => $row) {

 	if (!$i) {
-		echo "<thead><tr lang='en'>" . (support("kill") ? "<th>&nbsp;" : "");
+		echo "<thead><tr lang='en'>" . (support("kill") ? "<th>" : "");
 		foreach ($row as $key => $val) {
 			echo "<th>$key" . doc_link(array(
 				'sql' => "show-processlist.html#processlist_" . strtolower($key),
@@ -38,7 +38,7 @@ foreach (process_list() as $i => $row) {
 			($jush == "pgsql" && $key == "current_query" && $val != "<IDLE>") ||
 			($jush == "oracle" && $key == "sql_text" && $val != "")
 			? "<code class='jush-$jush'>" . shorten_utf8($val, 100, "</code>") . ' <a href="' . h(ME . ($row["db"] != "" ? "db=" . urlencode($row["db"]) . "&" : "") . "sql=" . urlencode($val)) . '">' . lang('Clone') . '</a>'
-			: nbsp($val)
+			: h($val)
 		);
 	}
 	echo "\n";
--- a/adminer/script.inc.php
+++ b/adminer/script.inc.php
@@ -4,10 +4,10 @@ header("Content-Type: text/javascript; charset=utf-8");
 if ($_GET["script"] == "db") {
 	$sums = array("Data_length" => 0, "Index_length" => 0, "Data_free" => 0);
 	foreach (table_status() as $name => $table_status) {
-		json_row("Comment-$name", nbsp($table_status["Comment"]));
+		json_row("Comment-$name", h($table_status["Comment"]));
 		if (!is_view($table_status)) {
 			foreach (array("Engine", "Collation") as $key) {
-				json_row("$key-$name", nbsp($table_status[$key]));
+				json_row("$key-$name", h($table_status[$key]));
 			}
 			foreach ($sums + array("Auto_increment" => 0, "Rows" => 0) as $key => $val) {
 				if ($table_status[$key] != "") {
--- a/adminer/select.inc.php
+++ b/adminer/select.inc.php
@@ -184,7 +184,7 @@ if ($_POST && !$error) {
 			cookie("adminer_import", "output=" . urlencode($adminer_import["output"]) . "&format=" . urlencode($_POST["separator"]));
 			$result = true;
 			$cols = array_keys($fields);
-			preg_match_all('~(?>"[^"]*"|[^"\\r\\n]+)+~', $file, $matches);
+			preg_match_all('~(?>"[^"]*"|[^"\r\n]+)+~', $file, $matches);
 			$affected = count($matches[0]);
 			$driver->begin();
 			$separator = ($_POST["separator"] == "csv" ? "," : ($_POST["separator"] == "tsv" ? "\t" : ";"));
@@ -369,7 +369,7 @@ if (!$columns && support("table")) {
 				if (!$unique_array) {
 					$unique_array = array();
 					foreach ($rows[$n] as $key => $val) {
-						if (!preg_match('~^(COUNT\\((\\*|(DISTINCT )?`(?:[^`]|``)+`)\\)|(AVG|GROUP_CONCAT|MAX|MIN|SUM)\\(`(?:[^`]|``)+`\\))$~', $key)) { //! columns looking like functions
+						if (!preg_match('~^(COUNT\((\*|(DISTINCT )?`(?:[^`]|``)+`)\)|(AVG|GROUP_CONCAT|MAX|MIN|SUM)\(`(?:[^`]|``)+`\))$~', $key)) { //! columns looking like functions
 							$unique_array[$key] = $val;
 						}
 					}
@@ -407,9 +407,9 @@ if (!$columns && support("table")) {
 									foreach ($foreign_key["source"] as $i => $source) {
 										$link .= where_link($i, $foreign_key["target"][$i], $rows[$n][$source]);
 									}
-									$link = ($foreign_key["db"] != "" ? preg_replace('~([?&]db=)[^&]+~', '\\1' . urlencode($foreign_key["db"]), ME) : ME) . 'select=' . urlencode($foreign_key["table"]) . $link; // InnoDB supports non-UNIQUE keys
+									$link = ($foreign_key["db"] != "" ? preg_replace('~([?&]db=)[^&]+~', '\1' . urlencode($foreign_key["db"]), ME) : ME) . 'select=' . urlencode($foreign_key["table"]) . $link; // InnoDB supports non-UNIQUE keys
 									if ($foreign_key["ns"]) {
-										$link = preg_replace('~([?&]ns=)[^&]+~', '\\1' . urlencode($foreign_key["ns"]), $link);
+										$link = preg_replace('~([?&]ns=)[^&]+~', '\1' . urlencode($foreign_key["ns"]), $link);
 									}
 									if (count($foreign_key["source"]) == 1) {
 										break;
--- a/adminer/sql.inc.php
+++ b/adminer/sql.inc.php
@@ -56,7 +56,7 @@ if (!$error && $_POST) {
 		}
 		$commands = 0;
 		$errors = array();
-		$parse = '[\'"' . ($jush == "sql" ? '`#' : ($jush == "sqlite" ? '`[' : ($jush == "mssql" ? '[' : ''))) . ']|/\\*|-- |$' . ($jush == "pgsql" ? '|\\$[^$]*\\$' : '');
+		$parse = '[\'"' . ($jush == "sql" ? '`#' : ($jush == "sqlite" ? '`[' : ($jush == "mssql" ? '[' : ''))) . ']|/\*|-- |$' . ($jush == "pgsql" ? '|\$[^$]*\$' : '');
 		$total_start = microtime(true);
 		parse_str($_COOKIE["adminer_export"], $adminer_export);
 		$dump_format = $adminer->dumpFormat();
@@ -78,7 +78,7 @@ if (!$error && $_POST) {
 					$offset = $pos + strlen($found);

 					if ($found && rtrim($found) != $delimiter) { // find matching quote or comment end
-						while (preg_match('(' . ($found == '/*' ? '\\*/' : ($found == '[' ? ']' : (preg_match('~^-- |^#~', $found) ? "\n" : preg_quote($found) . "|\\\\."))) . '|$)s', $query, $match, PREG_OFFSET_CAPTURE, $offset)) { //! respect sql_mode NO_BACKSLASH_ESCAPES
+						while (preg_match('(' . ($found == '/*' ? '\*/' : ($found == '[' ? ']' : (preg_match('~^-- |^#~', $found) ? "\n" : preg_quote($found) . "|\\\\."))) . '|$)s', $query, $match, PREG_OFFSET_CAPTURE, $offset)) { //! respect sql_mode NO_BACKSLASH_ESCAPES
 							$s = $match[0][0];
 							if (!$s && $fp && !feof($fp)) {
 								$query .= fread($fp, 1e5);
@@ -225,13 +225,14 @@ if (!isset($_GET["import"])) {
 	
 } else {
 	echo "<fieldset><legend>" . lang('File upload') . "</legend><div>";
+	$gz = (extension_loaded("zlib") ? "[.gz]" : "");
 	echo (ini_bool("file_uploads")
-		? "SQL (&lt; " . ini_get("upload_max_filesize") . "B): <input type='file' name='sql_file[]' multiple>\n$execute" // ignore post_max_size because it is for all form fields together and bytes computing would be necessary
+		? "SQL$gz (&lt; " . ini_get("upload_max_filesize") . "B): <input type='file' name='sql_file[]' multiple>\n$execute" // ignore post_max_size because it is for all form fields together and bytes computing would be necessary
 		: lang('File uploads are disabled.')
 	);
 	echo "</div></fieldset>\n";
 	echo "<fieldset><legend>" . lang('From server') . "</legend><div>";
-	echo lang('Webserver file %s', "<code>" . h($adminer->importServerPath()) . (extension_loaded("zlib") ? "[.gz]" : "") . "</code>");
+	echo lang('Webserver file %s', "<code>" . h($adminer->importServerPath()) . "$gz</code>");
 	echo ' <input type="submit" name="webfile" value="' . lang('Run file') . '">';
 	echo "</div></fieldset>\n";
 	echo "<p>";
--- a/adminer/sqlite.php
+++ b/adminer/sqlite.php
@@ -1,8 +1,11 @@
 <?php
 function adminer_object() {
 	include_once "../plugins/plugin.php";
-	include_once "../plugins/login-sqlite.php";
-	return new AdminerPlugin(array(new AdminerLoginSqlite("admin", password_hash("", PASSWORD_DEFAULT))));
+	include_once "../plugins/login-password-less.php";
+	return new AdminerPlugin(array(
+		// TODO: inline the result of password_hash() so that the password is not visible in source codes
+		new AdminerLoginPasswordLess(password_hash("YOUR_PASSWORD_HERE", PASSWORD_DEFAULT)),
+	));
 }

 include "./index.php";
--- a/adminer/static/editing.js
+++ b/adminer/static/editing.js
@@ -395,8 +395,7 @@ function editingLengthFocus() {
 	var td = this.parentNode;
 	if (/(enum|set)$/.test(selectValue(td.previousSibling.firstChild))) {
 		var edit = qs('#enum-edit');
-		var val = this.value;
-		edit.value = (/^'.+'$/.test(val) ? val.substr(1, val.length - 2).replace(/','/g, "\n").replace(/''/g, "'") : val); //! doesn't handle 'a'',''b' correctly
+		edit.value = enumValues(this.value);
 		td.appendChild(edit);
 		this.style.display = 'none';
 		edit.style.display = 'inline';
@@ -404,13 +403,32 @@ function editingLengthFocus() {
 	}
 }

+/** Get enum values
+* @param string
+* @return string values separated by newlines
+*/
+function enumValues(s) {
+	var re = /(^|,)\s*'(([^\\']|\\.|'')*)'\s*/g;
+	var result = [];
+	var offset = 0;
+	var match;
+	while (match = re.exec(s)) {
+		if (offset != match.index) {
+			break;
+		}
+		result.push(match[2].replace(/'(')|\\(.)/g, '$1$2'));
+		offset += match[0].length;
+	}
+	return (offset == s.length ? result.join('\n') : s);
+}
+
 /** Finish editing of enum or set
 * @this HTMLTextAreaElement
 */
 function editingLengthBlur() {
 	var field = this.parentNode.firstChild;
 	var val = this.value;
-	field.value = (/^'[^\n]+'$/.test(val) ? val : val && "'" + val.replace(/\n+$/, '').replace(/'/g, "''").replace(/\n/g, "','") + "'");
+	field.value = (/^'[^\n]+'$/.test(val) ? val : val && "'" + val.replace(/\n+$/, '').replace(/'/g, "''").replace(/\\/g, '\\\\').replace(/\n/g, "','") + "'");
 	field.style.display = 'inline';
 	this.style.display = 'none';
 }
--- a/adminer/static/functions.js
+++ b/adminer/static/functions.js
@@ -205,14 +205,9 @@ function formCheck(name) {
 /** Check all rows in <table class="checkable">
 */
 function tableCheck() {
-	var tables = qsa('table', document);
-	for (var i=0; i < tables.length; i++) {
-		if (/(^|\s)checkable(\s|$)/.test(tables[i].className)) {
-			var trs = qsa('tr', tables[i]);
-			for (var j=0; j < trs.length; j++) {
-				trCheck(trs[j].firstChild.firstChild);
-			}
-		}
+	var inputs = qsa('table.checkable td:first-child input', document);
+	for (var i=0; i < inputs.length; i++) {
+		trCheck(inputs[i]);
 	}
 }

@@ -319,13 +314,13 @@ function checkboxClick(event) {

 /** Set HTML code of an element
 * @param string
-* @param string undefined to set parentNode to &nbsp;
+* @param string undefined to set parentNode to empty string
 */
 function setHtml(id, html) {
-	var el = qs('#' + id);
+	var el = qs('[id="' + id.replace(/[\\"]/g, '\\$&') + '"]'); // database name is used as ID
 	if (el) {
 		if (html == null) {
-			el.parentNode.innerHTML = '&nbsp;';
+			el.parentNode.innerHTML = '';
 		} else {
 			el.innerHTML = html;
 		}
@@ -716,7 +711,7 @@ function selectClick(event, text, warning) {
 		});
 		input.rows = rows;
 	}
-	if (value == '\u00A0' || qsa('i', td).length) { // &nbsp; or i - NULL
+	if (qsa('i', td).length) { // <i> - NULL
 		value = '';
 	}
 	if (document.selection) {
--- a/adminer/table.inc.php
+++ b/adminer/table.inc.php
@@ -34,7 +34,7 @@ if (!is_view($table_status)) {
 		$foreign_keys = foreign_keys($TABLE);
 		if ($foreign_keys) {
 			echo "<table cellspacing='0'>\n";
-			echo "<thead><tr><th>" . lang('Source') . "<td>" . lang('Target') . "<td>" . lang('ON DELETE') . "<td>" . lang('ON UPDATE') . "<td>&nbsp;</thead>\n";
+			echo "<thead><tr><th>" . lang('Source') . "<td>" . lang('Target') . "<td>" . lang('ON DELETE') . "<td>" . lang('ON UPDATE') . "<td></thead>\n";
 			foreach ($foreign_keys as $name => $foreign_key) {
 				echo "<tr title='" . h($name) . "'>";
 				echo "<th><i>" . implode("</i>, <i>", array_map('h', $foreign_key["source"])) . "</i>";
@@ -43,8 +43,8 @@ if (!is_view($table_status)) {
 					. "</a>"
 				;
 				echo "(<i>" . implode("</i>, <i>", array_map('h', $foreign_key["target"])) . "</i>)";
-				echo "<td>" . nbsp($foreign_key["on_delete"]) . "\n";
-				echo "<td>" . nbsp($foreign_key["on_update"]) . "\n";
+				echo "<td>" . h($foreign_key["on_delete"]) . "\n";
+				echo "<td>" . h($foreign_key["on_update"]) . "\n";
 				echo '<td><a href="' . h(ME . 'foreign=' . urlencode($TABLE) . '&name=' . urlencode($name)) . '">' . lang('Alter') . '</a>';
 			}
 			echo "</table>\n";
--- a/adminer/user.inc.php
+++ b/adminer/user.inc.php
@@ -29,7 +29,7 @@ $old_pass = "";

 if (isset($_GET["host"]) && ($result = $connection->query("SHOW GRANTS FOR " . q($USER) . "@" . q($_GET["host"])))) { //! use information_schema for MySQL 5 - column names in column privileges are not escaped
 	while ($row = $result->fetch_row()) {
-		if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\\([^)]+\\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO
+		if (preg_match('~GRANT (.*) ON (.*) TO ~', $row[0], $match) && preg_match_all('~ *([^(,]*[^ ,(])( *\([^)]+\))?~', $match[1], $matches, PREG_SET_ORDER)) { //! escape the part between ON and TO
 			foreach ($matches as $val) {
 				if ($val[1] != "USAGE") {
 					$grants["$match[2]$val[2]"][$val[1]] = true;
@@ -84,7 +84,7 @@ if ($_POST && !$error) {
 					$grant = array_diff($grant, $old_grant);
 					unset($grants[$object]);
 				}
-				if (preg_match('~^(.+)\\s*(\\(.*\\))?$~U', $object, $match) && (
+				if (preg_match('~^(.+)\s*(\(.*\))?$~U', $object, $match) && (
 					!grant("REVOKE", $revoke, $match[2], " ON $match[1] FROM $new_user") //! SQL injection
 					|| !grant("GRANT", $grant, $match[2], " ON $match[1] TO $new_user")
 				)) {
@@ -99,7 +99,7 @@ if ($_POST && !$error) {
 				queries("DROP USER $old_user");
 			} elseif (!isset($_GET["grant"])) {
 				foreach ($grants as $object => $revoke) {
-					if (preg_match('~^(.+)(\\(.*\\))?$~U', $object, $match)) {
+					if (preg_match('~^(.+)(\(.*\))?$~U', $object, $match)) {
 						grant("REVOKE", array_keys($revoke), $match[2], " ON $match[1] FROM $new_user");
 					}
 				}
@@ -165,7 +165,7 @@ foreach (array(
 			$name = "'grants[$i][" . h(strtoupper($privilege)) . "]'";
 			$value = $grant[strtoupper($privilege)];
 			if ($context == "Server Admin" && $object != (isset($grants["*.*"]) ? "*.*" : ".*")) {
-				echo "<td>&nbsp;";
+				echo "<td>";
 			} elseif (isset($_GET["grant"])) {
 				echo "<td><select name=$name><option><option value='1'" . ($value ? " selected" : "") . ">" . lang('Grant') . "<option value='0'" . ($value == "0" ? " selected" : "") . ">" . lang('Revoke') . "</select>";
 			} else {
--- a/adminer/variables.inc.php
+++ b/adminer/variables.inc.php
@@ -10,7 +10,7 @@ if (!$variables) {
 	foreach ($variables as $key => $val) {
 		echo "<tr>";
 		echo "<th><code class='jush-" . $jush . ($status ? "status" : "set") . "'>" . h($key) . "</code>";
-		echo "<td>" . nbsp($val);
+		echo "<td>" . h($val);
 	}
 	echo "</table>\n";
 }
--- a/changes.txt
+++ b/changes.txt
@@ -1,7 +1,25 @@
+Adminer 4.6.3 (released 2018-06-28):
+Disallow using password-less databases
+Copy triggers when copying table
+Stop session before connecting
+Simplify running slow queries
+Decrease timeout for running slow queries from 5 seconds to 2 seconds
+Fix displaying info about non-alphabetical objects (bug #599)
+Use secure cookies on HTTP if session.cookie_secure is set
+PDO: Support binary fields download
+MySQL: Disallow LOAD DATA LOCAL INFILE
+MySQL: Use CONVERT() only when searching for non-ASCII (bug #603)
+MySQL: Order database names in MySQL 8 (bug #613)
+PostgreSQL: Fix editing data in views (bug #605, regression from 4.6.0)
+PostgreSQL: Do not cast date/time/number/uuid searches to text (bug #608)
+PostgreSQL: Export false as 0 in PDO (bug #619)
+MS SQL: Support port with sqlsrv
+Editor: Do not check boolean checkboxes with false in PostgreSQL (bug #607)
+
 Adminer 4.6.2 (released 2018-02-20):
 Semi-transparent border on table actions
 Shorten JSON values in select (bug #594)
-Speed up alter table (regression from 4.4.0)
+Speed up alter table form (regression from 4.4.0)
 Store current version without authentication and in Editor
 PostgreSQL: Fix exporting string default values
 PostgreSQL: Fix exporting sequences in PostgreSQL 10
--- a/compile.php
+++ b/compile.php
@@ -36,11 +36,26 @@ function lang_ids($match) {
 }

 function put_file($match) {
-	global $project;
+	global $project, $VERSION;
 	if (basename($match[2]) == '$LANG.inc.php') {
 		return $match[0]; // processed later
 	}
 	$return = file_get_contents(dirname(__FILE__) . "/$project/$match[2]");
+	if (basename($match[2]) == "file.inc.php") {
+		$return = str_replace("\n// caching headers added in compile.php", (preg_match('~-dev$~', $VERSION) ? '' : '
+if ($_SERVER["HTTP_IF_MODIFIED_SINCE"]) {
+	header("HTTP/1.1 304 Not Modified");
+	exit;
+}
+
+header("Expires: " . gmdate("D, d M Y H:i:s", time() + 365*24*60*60) . " GMT");
+header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
+header("Cache-Control: immutable");
+'), $return, $count);
+		if (!$count) {
+			echo "adminer/file.inc.php: Caching headers placeholder not found\n";
+		}
+	}
 	if (basename($match[2]) != "lang.inc.php" || !$_SESSION["lang"]) {
 		if (basename($match[2]) == "lang.inc.php") {
 			$return = str_replace('function lang($idf, $number = null) {', 'function lang($idf, $number = null) {
@@ -57,7 +72,7 @@ function put_file($match) {
 		}
 		$tokens = token_get_all($return); // to find out the last token
 		return "?>\n$return" . (in_array($tokens[count($tokens) - 1][0], array(T_CLOSE_TAG, T_INLINE_HTML), true) ? "<?php" : "");
-	} elseif (preg_match('~\\s*(\\$pos = (.+\n).+;)~sU', $return, $match2)) {
+	} elseif (preg_match('~\s*(\$pos = (.+\n).+;)~sU', $return, $match2)) {
 		// single language lang() is used for plural
 		return "function get_lang() {
 	return '$_SESSION[lang]';
@@ -275,7 +290,7 @@ function php_shrink($input) {
 }

 function minify_css($file) {
-	return lzw_compress(preg_replace('~\\s*([:;{},])\\s*~', '\\1', preg_replace('~/\\*.*\\*/~sU', '', $file)));
+	return lzw_compress(preg_replace('~\s*([:;{},])\s*~', '\1', preg_replace('~/\*.*\*/~sU', '', $file)));
 }

 function minify_js($file) {
@@ -337,7 +352,7 @@ if ($_SERVER["argv"][1]) {
 // check function definition in drivers
 $file = file_get_contents(dirname(__FILE__) . "/adminer/drivers/mysql.inc.php");
 $file = preg_replace('~class Min_Driver.*\n\t}~sU', '', $file);
-preg_match_all('~\\bfunction ([^(]+)~', $file, $matches); //! respect context (extension, class)
+preg_match_all('~\bfunction ([^(]+)~', $file, $matches); //! respect context (extension, class)
 $functions = array_combine($matches[1], $matches[0]);
 //! do not warn about functions without declared support()
 unset($functions["__construct"], $functions["__destruct"], $functions["set_charset"]);
@@ -372,12 +387,12 @@ if ($driver) {
 		$file = str_replace("if (isset(\$_GET[\"callf\"])) {\n\t\$_GET[\"call\"] = \$_GET[\"callf\"];\n}\nif (isset(\$_GET[\"function\"])) {\n\t\$_GET[\"procedure\"] = \$_GET[\"function\"];\n}\n", "", $file);
 	}
 }
-$file = preg_replace_callback('~\\b(include|require) "([^"]*)";~', 'put_file', $file);
+$file = preg_replace_callback('~\b(include|require) "([^"]*)";~', 'put_file', $file);
 $file = str_replace('include "../adminer/include/coverage.inc.php";', '', $file);
 if ($driver) {
-	$file = preg_replace('(include "../adminer/drivers/(?!' . preg_quote($driver) . '\.).*\\s*)', '', $file);
+	$file = preg_replace('(include "../adminer/drivers/(?!' . preg_quote($driver) . '\.).*\s*)', '', $file);
 }
-$file = preg_replace_callback('~\\b(include|require) "([^"]*)";~', 'put_file', $file); // bootstrap.inc.php
+$file = preg_replace_callback('~\b(include|require) "([^"]*)";~', 'put_file', $file); // bootstrap.inc.php
 if ($driver) {
 	foreach ($features as $feature) {
 		if (!support($feature)) {
@@ -390,11 +405,11 @@ if ($driver) {
 	$file = preg_replace('(;../externals/jush/modules/jush-(?!textarea\.|txt\.|js\.|' . preg_quote($driver == "mysql" ? "sql" : $driver) . '\.)[^.]+.js)', '', $file);
 }
 if ($project == "editor") {
-	$file = preg_replace('~;../externals/jush/jush.css~', '', $file);
-	$file = preg_replace('~;?../externals/jush/modules/jush[^.]*.js~', '', $file);
+	$file = preg_replace('~;.\.\/externals/jush/jush\.css~', '', $file);
+	$file = preg_replace('~compile_file\(\'\.\./(externals/jush/modules/jush\.js|adminer/static/[^.]+\.gif)[^)]+\)~', "''", $file);
 }
 $file = preg_replace_callback("~lang\\('((?:[^\\\\']+|\\\\.)*)'([,)])~s", 'lang_ids', $file);
-$file = preg_replace_callback('~\\b(include|require) "([^"]*\\$LANG.inc.php)";~', 'put_file_lang', $file);
+$file = preg_replace_callback('~\b(include|require) "([^"]*\$LANG.inc.php)";~', 'put_file_lang', $file);
 $file = str_replace("\r", "", $file);
 if ($_SESSION["lang"]) {
 	// single language version
@@ -403,14 +418,14 @@ if ($_SESSION["lang"]) {
 	$file = str_replace('<?php echo $LANG; ?>', $_SESSION["lang"], $file);
 }
 $file = str_replace('<?php echo script_src("static/editing.js"); ?>' . "\n", "", $file);
-$file = preg_replace('~\\s+echo script_src\\("\\.\\./externals/jush/modules/jush-(textarea|txt|js|\\$jush)\\.js"\\);~', '', $file);
+$file = preg_replace('~\s+echo script_src\("\.\./externals/jush/modules/jush-(textarea|txt|js|\$jush)\.js"\);~', '', $file);
 $file = str_replace('<link rel="stylesheet" type="text/css" href="../externals/jush/jush.css">' . "\n", "", $file);
 $file = preg_replace_callback("~compile_file\\('([^']+)'(?:, '([^']*)')?\\)~", 'compile_file', $file); // integrate static files
-$replace = 'preg_replace("~\\\\\\\\?.*~", "", ME) . "?file=\\1&version=' . $VERSION . ($driver ? '&driver=' . $driver : '') . '"';
-$file = preg_replace('~\\.\\./adminer/static/(default\\.css|favicon\\.ico)~', '<?php echo h(' . $replace . '); ?>', $file);
-$file = preg_replace('~"\\.\\./adminer/static/(functions\\.js)"~', $replace, $file);
-$file = preg_replace('~\\.\\./adminer/static/([^\'"]*)~', '" . h(' . $replace . ') . "', $file);
-$file = preg_replace('~"\\.\\./externals/jush/modules/(jush\\.js)"~', $replace, $file);
+$replace = 'preg_replace("~\\\\\\\\?.*~", "", ME) . "?file=\1&version=' . $VERSION . '"';
+$file = preg_replace('~\.\./adminer/static/(default\.css|favicon\.ico)~', '<?php echo h(' . $replace . '); ?>', $file);
+$file = preg_replace('~"\.\./adminer/static/(functions\.js)"~', $replace, $file);
+$file = preg_replace('~\.\./adminer/static/([^\'"]*)~', '" . h(' . $replace . ') . "', $file);
+$file = preg_replace('~"\.\./externals/jush/modules/(jush\.js)"~', $replace, $file);
 $file = preg_replace("~<\\?php\\s*\\?>\n?|\\?>\n?<\\?php~", '', $file);
 $file = php_shrink($file);

--- a/designs/haeckel/adminer.css
+++ b/designs/haeckel/adminer.css
@@ -172,7 +172,8 @@ html> body #content form table thead span.column > a.text {
 html>/**/body #content th a[href*="&db="],           /* Databases and Table column */
 html>/**/body #content td a[href*="&view="],         /* Alter view */
 html>/**/body #content td a[href*="&select="],       /* Select view */
-html>/**/body #content table a[href*="&table="] {    /* Show structure */
+html>/**/body #content table a[href*="&table="],     /* Show structure */
+html>/**/body #content table td a[href*="&edit="][href*="&where"] { /* Modify single rows (without icon, after executing SQL) */
 	float: left;
 	width: 100%;
 	height: 17px;
@@ -206,7 +207,7 @@ html>/**/body #content form table thead>tr>td a[href*="&select="] {
 	float: none;
 }
 /* Modify single rows (icon in each row) */
-html>/**/body #content table a[href*="&edit="][href*="&where"] {
+html>/**/body #content table a.edit[href*="&edit="][href*="&where"] {
 	display: inline-block;
 	width: 0px;
 	height: 19px;
--- a/designs/pokorny/adminer.css
+++ b/designs/pokorny/adminer.css
@@ -125,7 +125,6 @@ html>/**/body #tables a[href*="&select="], html>/**/body .tabs a[href*="&select=
    background: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAdVJREFUeNqck8tO21AQhn8bB8ehRe0SUEBOlIsSVFGqqlK3oey6K+9A96wTKU/RFU/AG7CrKhAg7gmKiJKIplFWqItWIQEfuzOT2LmsSo408j+2/5lvjo+1rULhM4AFTLfahuu6i3vF4rdp3F/y+W3DVUrzKNk8BTzPC4IKS3h8Hc0Hz49zr8BeXSml8wu8PsU1uW7EhjpHOmd7wX1fs4e9hnIcTUkBDfs1DzGjS5N1pPOGRR3bLjR6ztoNNJm9ebDXcBxnjMD99YCdzGvJT25v8T6ZFH1QLuNjNiv6++UlESyDvSMEEIKcCZzX6zLvXDiMo0pFZn5hWfhxfS2aF3sCAkUvDwmA1ZUVyS9qNawnEn0aKvQhkxF9WCqBPUIgBSYISnd3QmCZJs6qVekaYZqbmzGCfoGnp2AEnyAdjUpeajTwJh4XfU778S6d7tNQISlA3rFN9AkqzaYQmLOzuKIxuGuYaE4H++F/RvbqVEVXE+cgsbSEFFH0Hh+RtW2sxmLo9npYoy/yNpUajkBeo9ftzkwSVFstIeBVpjH8rhc0xigBe43f9/dmKBTCburv4ISb//VvsYe9mmXbX/VIZHman8ntdH7y0BbFSwrjmX6H4s8/AQYAQChL+KIinhAAAAAASUVORK5CYII=") no-repeat left bottom
 }
 html>/**/body #tables a[href*="&select="] {
-    clear: left;
    display: block;
    float: left;
    height: 18px;
@@ -249,6 +248,9 @@ td, th {
    height: 18px;
    line-height: 18px;
 }
+#tables li {
+    clear: left;
+}
 /*** Links ***/
 a:hover {
    color: #3b82ca
--- a/designs/rmsoft/adminer.css
+++ b/designs/rmsoft/adminer.css
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -71,17 +71,18 @@ class Adminer {
 	}

 	function loginForm() {
-		?>
-<table cellspacing="0">
-<tr><th><?php echo lang('Username'); ?><td><input type="hidden" name="auth[driver]" value="server"><input name="auth[username]" id="username" value="<?php echo h($_GET["username"]); ?>" autocapitalize="off">
-<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
-</table>
-<?php
-		echo script("focus(qs('#username'));");
+		echo "<table cellspacing='0'>\n";
+		echo $this->loginFormField('username', '<tr><th>' . lang('Username') . '<td>', '<input type="hidden" name="auth[driver]" value="server"><input name="auth[username]" id="username" value="' . h($_GET["username"]) . '" autocapitalize="off">' . script("focus(qs('#username'));"));
+		echo $this->loginFormField('password', '<tr><th>' . lang('Password') . '<td>', '<input type="password" name="auth[password]">' . "\n");
+		echo "</table>\n";
 		echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
 		echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
 	}

+	function loginFormField($name, $heading, $value) {
+		return $heading . $value;
+	}
+
 	function login($login, $password) {
 		return true;
 	}
@@ -189,7 +190,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
 	}

 	function selectVal($val, $link, $field, $original) {
-		$return = ($val === null ? "&nbsp;" : $val);
+		$return = $val;
 		$link = h($link);
 		if (preg_match('~blob|bytea~', $field["type"]) && !is_utf8($val)) {
 			$return = lang('%d byte(s)', strlen($original));
@@ -197,7 +198,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
 				$return = "<img src='$link' alt='$return'>";
 			}
 		}
-		if (like_bool($field) && $return != "&nbsp;") { // bool
+		if (like_bool($field) && $return != "") { // bool
 			$return = (preg_match('~^(1|t|true|y|yes|on)$~i', $val) ? lang('yes') : lang('no'));
 		}
 		if ($link) {
@@ -213,7 +214,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5

 	function editVal($val, $field) {
 		if (preg_match('~date|timestamp~', $field["type"]) && $val !== null) {
-			return preg_replace('~^(\\d{2}(\\d+))-(0?(\\d+))-(0?(\\d+))~', lang('$1-$3-$5'), $val);
+			return preg_replace('~^(\d{2}(\d+))-(0?(\d+))-(0?(\d+))~', lang('$1-$3-$5'), $val);
 		}
 		return $val;
 	}
@@ -418,7 +419,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
 				$field = idf_escape($_POST["email_field"]);
 				$subject = $_POST["email_subject"];
 				$message = $_POST["email_message"];
-				preg_match_all('~\\{\\$([a-z0-9_]+)\\}~i', "$subject.$message", $matches); // allows {$name} in subject or message
+				preg_match_all('~\{\$([a-z0-9_]+)\}~i', "$subject.$message", $matches); // allows {$name} in subject or message
 				$rows = get_rows("SELECT DISTINCT $field" . ($matches[1] ? ", " . implode(", ", array_map('idf_escape', array_unique($matches[1]))) : "") . " FROM " . table($_GET["select"])
 					. " WHERE $field IS NOT NULL AND $field != ''"
 					. ($where ? " AND " . implode(" AND ", $where) : "")
@@ -484,7 +485,7 @@ qsl('div').onclick = whisperClick;", "")
 			);
 		}
 		if (like_bool($field)) {
-			return '<input type="checkbox" value="' . h($value ? $value : 1) . '"' . ($value ? ' checked' : '') . "$attrs>";
+			return '<input type="checkbox" value="' . h($value ? $value : 1) . '"' . (preg_match('~^(1|t|true|y|yes|on)$~i', $value) ? ' checked' : '') . "$attrs>";
 		}
 		$hint = "";
 		if (preg_match('~time~', $field["type"])) {
@@ -511,7 +512,7 @@ qsl('div').onclick = whisperClick;", "")
 			return "$function()";
 		}
 		$return = $value;
-		if (preg_match('~date|timestamp~', $field["type"]) && preg_match('(^' . str_replace('\\$1', '(?P<p1>\\d*)', preg_replace('~(\\\\\\$([2-6]))~', '(?P<p\\2>\\d{1,2})', preg_quote(lang('$1-$3-$5')))) . '(.*))', $value, $match)) {
+		if (preg_match('~date|timestamp~', $field["type"]) && preg_match('(^' . str_replace('\$1', '(?P<p1>\d*)', preg_replace('~(\\\\\\$([2-6]))~', '(?P<p\2>\d{1,2})', preg_quote(lang('$1-$3-$5')))) . '(.*))', $value, $match)) {
 			$return = ($match["p1"] != "" ? $match["p1"] : ($match["p2"] != "" ? ($match["p2"] < 70 ? 20 : 19) . $match["p2"] : gmdate("Y"))) . "-$match[p3]$match[p4]-$match[p5]$match[p6]" . end($match);
 		}
 		$return = ($field["type"] == "bit" && preg_match('~^[0-9]+$~', $value) ? $return : q($return));
--- a/editor/include/editing.inc.php
+++ b/editor/include/editing.inc.php
@@ -25,7 +25,7 @@ function send_mail($email, $subject, $message, $from = "", $files = array()) {
 		if (!$val) {
 			$attachments .= "--$boundary$eol"
 				. "Content-Type: " . str_replace("\n", "", $files["type"][$key]) . $eol
-				. "Content-Disposition: attachment; filename=\"" . preg_replace('~["\\n]~', '', $files["name"][$key]) . "\"$eol"
+				. "Content-Disposition: attachment; filename=\"" . preg_replace('~["\n]~', '', $files["name"][$key]) . "\"$eol"
 				. "Content-Transfer-Encoding: base64$eol$eol"
 				. chunk_split(base64_encode(file_get_contents($files["tmp_name"][$key])), 76, $eol) . $eol
 			;
--- a/plugins/dump-alter.php
+++ b/plugins/dump-alter.php
@@ -30,7 +30,7 @@ CREATE PROCEDURE adminer_alter (INOUT alter_command text) BEGIN
 		IF NOT done THEN
 			CASE _table_name";
 		foreach (get_rows($query) as $row) {
-			$comment = q($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]);
+			$comment = q($row["ENGINE"] == "InnoDB" ? preg_replace('~(?:(.+); )?InnoDB free: .*~', '\1', $row["TABLE_COMMENT"]) : $row["TABLE_COMMENT"]);
 			echo "
 			WHEN " . q($row["TABLE_NAME"]) . " THEN
 				" . (isset($row["ENGINE"]) ? "IF _engine != '$row[ENGINE]' OR _table_collation != '$row[TABLE_COLLATION]' OR _table_comment != $comment THEN
--- a/plugins/file-upload.php
+++ b/plugins/file-upload.php
@@ -45,7 +45,7 @@ class AdminerFileUpload {
 	}

 	function selectVal($val, &$link, $field, $original) {
-		if ($val != "&nbsp;" && preg_match('~(.*)_path$~', $field["field"], $regs)) {
+		if ($val != "" && preg_match('~(.*)_path$~', $field["field"], $regs)) {
 			$link = "$this->displayPath$_GET[select]/$regs[1]-$val";
 		}
 	}
--- a/plugins/login-otp.php
+++ b/plugins/login-otp.php
@@ -0,0 +1,55 @@
+<?php
+
+/** Require One-Time Password at login
+* You can generate the secret and install it into Google Authenticator e.g. with https://github.com/sonata-project/GoogleAuthenticator
+* @link https://www.adminer.org/plugins/#use
+* @author Jakub Vrana, https://www.vrana.cz/
+* @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
+* @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
+*/
+class AdminerLoginOtp {
+	/** @access protected */
+	var $secret;
+	
+	/** 
+	* @param string decoded secret, e.g. base32_decode("SECRET")
+	*/
+	function __construct($secret) {
+		$this->secret = $secret;
+		if ($_POST["auth"]) {
+			$_SESSION["otp"] = (string) $_POST["auth"]["otp"];
+		}
+	}
+	
+	function loginFormField($name, $heading, $value) {
+		if ($name == 'password') {
+			return $heading . $value
+				. "<tr><th><acronym title='One Time Password' lang='en'>OTP</acronym>"
+				. "<td><input type='number' name='auth[otp]' value='" . h($_SESSION["otp"]) . "' size='6' autocomplete='off'>\n"
+			;
+		}
+	}
+
+	function login($login, $password) {
+		if (isset($_SESSION["otp"])) {
+			$timeSlot = floor(time() / 30);
+			foreach (array(0, -1, 1) as $skew) {
+				if ($_SESSION["otp"] == $this->getOtp($timeSlot + $skew)) {
+					restart_session();
+					unset($_SESSION["otp"]);
+					stop_session();
+					return;
+				}
+			}
+			return 'Invalid OTP.';
+		}
+	}
+	
+	function getOtp($timeSlot) {
+		$data = str_pad(pack('N', $timeSlot), 8, "\0", STR_PAD_LEFT);
+		$hash = hash_hmac('sha1', $data, $this->secret, true);
+		$offset = ord(substr($hash, -1)) & 0xF;
+		$unpacked = unpack('N', substr($hash, $offset, 4));
+		return ($unpacked[1] & 0x7FFFFFFF) % 1e6;
+	}
+}
--- a/plugins/login-password-less.php
+++ b/plugins/login-password-less.php
@@ -1,29 +1,31 @@
 <?php

-/** Enable login for SQLite
+/** Enable login for password-less database
 * @link https://www.adminer.org/plugins/#use
 * @author Jakub Vrana, https://www.vrana.cz/
 * @license https://www.apache.org/licenses/LICENSE-2.0 Apache License, Version 2.0
 * @license https://www.gnu.org/licenses/gpl-2.0.html GNU General Public License, version 2 (one or other)
 */
-class AdminerLoginSqlite {
+class AdminerLoginPasswordLess {
 	/** @access protected */
-	var $login, $password_hash;
+	var $password_hash;
 	
-	/** Set allowed credentials
-	* @param string
+	/** Set allowed password
 	* @param string result of password_hash
 	*/
-	function __construct($login, $password_hash) {
-		$this->login = $login;
+	function __construct($password_hash) {
 		$this->password_hash = $password_hash;
 	}
+
+	function credentials() {
+		$password = get_password();
+		return array(SERVER, $_GET["username"], (password_verify($password, $this->password_hash) ? "" : $password));
+	}
 	
 	function login($login, $password) {
-		if (DRIVER != "sqlite" && DRIVER != "sqlite2") {
+		if ($password != "") {
 			return true;
 		}
-		return $this->login == $login && password_verify($password, $this->password_hash);
 	}

 }
--- a/plugins/login-servers.php
+++ b/plugins/login-servers.php
@@ -8,48 +8,35 @@
 */
 class AdminerLoginServers {
 	/** @access protected */
-	var $servers, $driver;
+	var $servers;
 	
 	/** Set supported servers
-	* @param array array($domain) or array($domain => $description) or array($category => array())
-	* @param string
+	* @param array array($description => array("server" => , "driver" => "server|pgsql|sqlite|..."))
 	*/
-	function __construct($servers, $driver = "server") {
+	function __construct($servers) {
 		$this->servers = $servers;
-		$this->driver = $driver;
+		if ($_POST["auth"]) {
+			$key = $_POST["auth"]["server"];
+			$_POST["auth"]["driver"] = $this->servers[$key]["driver"];
+		}
 	}
 	
-	function serverName($server) {
-		return h($this->servers[$server]);
+	function credentials() {
+		return array($this->servers[SERVER]["server"], $_GET["username"], get_password());
 	}
 	
 	function login($login, $password) {
-		// check if server is allowed
-		foreach ($this->servers as $key => $val) {
-			$servers = $val;
-			if (!is_array($val)) {
-				$servers = array($key => $val);
-			}
-			foreach ($servers as $k => $v) {
-				if ((is_string($k) ? $k : $v) == SERVER) {
-					return;
-				}
-			}
+		if (!$this->servers[SERVER]) {
+			return false;
 		}
-		return false;
 	}
 	
-	function loginForm() {
-		?>
-<table cellspacing="0">
-<tr><th><?php echo lang('Server'); ?><td><input type="hidden" name="auth[driver]" value="<?php echo $this->driver; ?>"><select name="auth[server]"><?php echo optionlist($this->servers, SERVER); ?></select>
-<tr><th><?php echo lang('Username'); ?><td><input id="username" name="auth[username]" value="<?php echo h($_GET["username"]); ?>">
-<tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]">
-</table>
-<p><input type="submit" value="<?php echo lang('Login'); ?>">
-<?php
-		echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
-		return true;
+	function loginFormField($name, $heading, $value) {
+		if ($name == 'driver') {
+			return '';
+		} elseif ($name == 'server') {
+			return $heading . "<select name='auth[server]'>" . optionlist(array_keys($this->servers), SERVER) . "</select>\n";
+		}
 	}
 	
 }
--- a/plugins/plugin.php
+++ b/plugins/plugin.php
@@ -160,6 +160,11 @@ class AdminerPlugin extends Adminer {
 		return $this->_applyPlugin(__FUNCTION__, $args);
 	}

+	function loginFormField($name, $heading, $value) {
+		$args = func_get_args();
+		return $this->_applyPlugin(__FUNCTION__, $args);
+	}
+
 	function login($login, $password) {
 		$args = func_get_args();
 		return $this->_applyPlugin(__FUNCTION__, $args);
--- a/plugins/table-structure.php
+++ b/plugins/table-structure.php
@@ -21,8 +21,8 @@ class AdminerTableStructure {
 			echo ($field["auto_increment"] ? " <i>" . lang('Auto Increment') . "</i>" : "");
 			echo ($field["collation"] ? " <i>" . h($field["collation"]) . "</i>" : "");
 			echo "<td>" . ($field["null"] ? lang('Yes') : lang('No'));
-			echo "<td>" . (isset($field["default"]) ? h($field["default"]) : "&nbsp;");
-			echo (support("comment") ? "<td>" . nbsp($field["comment"]) : "");
+			echo "<td>" . h($field["default"]);
+			echo (support("comment") ? "<td>" . h($field["comment"]) : "");
 			echo "\n";
 		}
 		echo "</table>\n";
--- a/plugins/tables-filter.php
+++ b/plugins/tables-filter.php
@@ -27,8 +27,17 @@ function tablesFilter(){
 	}
 	var tables = qsa('li', qs('#tables'));
 	for (var i = 0; i < tables.length; i++) {
-		var a = qsa('a', tables[i])[1];
+		var a = null;
 		var text = tables[i].getAttribute('data-table-name');
+		if (text == null) {
+			a = qsa('a', tables[i])[1];
+			text = a.innerHTML.trim();
+
+			tables[i].setAttribute('data-table-name', text);
+			a.setAttribute('data-link', 'main');
+		} else {
+			a = qs('a[data-link="main"]', tables[i]);
+		}
 		if (value == '') {
 			tables[i].className = '';
 			a.innerHTML = text;
@@ -55,22 +64,6 @@ if (sessionStorage){
 }
 </script>
 <p class="jsonly"><input id="filter-field" autocomplete="off"><?php echo script("qs('#filter-field').oninput = tablesFilterInput;"); ?>
-<ul id='tables'>
 <?php
-echo script("mixin(qs('#tables'), {onmouseover: menuOver, onmouseout: menuOut});");
-foreach ($tables as $table => $status) {
-	echo '<li data-table-name="' . h($table) . '"><a href="' . h(ME) . 'select=' . urlencode($table) . '"' . bold($_GET["select"] == $table || $_GET["edit"] == $table, "select") . ">" . lang('select') . "</a> ";
-	$name = h($status["Name"]);
-	echo (support("table") || support("indexes")
-		? '<a href="' . h(ME) . 'table=' . urlencode($table) . '"'
-			. bold(in_array($table, array($_GET["table"], $_GET["create"], $_GET["indexes"], $_GET["foreign"], $_GET["trigger"])), (is_view($status) ? "view" : "structure"))
-			. " title='" . lang('Show structure') . "'>$name</a>"
-		: "<span>$name</span>"
-	) . "\n";
-}
-?>
-</ul>
-<?php
-		return true;
 	}
 }
--- a/plugins/tinymce.php
+++ b/plugins/tinymce.php
@@ -39,7 +39,7 @@ tinyMCE.init({
 	}

 	function selectVal(&$val, $link, $field, $original) {
-		if (preg_match("~_html~", $field["field"]) && $val != '&nbsp;') {
+		if (preg_match("~_html~", $field["field"]) && $val != '') {
 			$shortened = (substr($val, -10) == "<i>...</i>");
 			if ($shortened) {
 				$val = substr($val, 0, -10);
@@ -52,7 +52,7 @@ tinyMCE.init({
 			if (class_exists('DOMDocument')) { // close all opened tags
 				$dom = new DOMDocument;
 				if (@$dom->loadHTML("<meta http-equiv='Content-Type' content='text/html; charset=utf-8'></head>$val")) { // @ - $val can contain errors
-					$val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\\1', $dom->saveHTML());
+					$val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\1', $dom->saveHTML());
 				}
 			}
 		}
--- a/plugins/wymeditor.php
+++ b/plugins/wymeditor.php
@@ -28,7 +28,7 @@ class AdminerWymeditor {

 	function selectVal(&$val, $link, $field, $original) {
 		// copied from tinymce.php
-		if (preg_match("~_html~", $field["field"]) && $val != '&nbsp;') {
+		if (preg_match("~_html~", $field["field"]) && $val != '') {
 			$shortened = (substr($val, -10) == "<i>...</i>");
 			if ($shortened) {
 				$val = substr($val, 0, -10);
@@ -41,7 +41,7 @@ class AdminerWymeditor {
 			if (class_exists('DOMDocument')) { // close all opened tags
 				$dom = new DOMDocument;
 				if (@$dom->loadHTML("<meta http-equiv='Content-Type' content='text/html; charset=utf-8'></head>$val")) { // @ - $val can contain errors
-					$val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\\1', $dom->saveHTML());
+					$val = preg_replace('~.*<body[^>]*>(.*)</body>.*~is', '\1', $dom->saveHTML());
 				}
 			}
 		}
Author	SHA1	Message	Date
Jakub Vrana	3d84dcf859	Release 4.6.3	2018-06-28 21:58:29 +02:00
Jakub Vrana	4b9d88545e	Fix typo	2018-06-28 20:35:19 +02:00
Jakub Vrana	26a39ac243	Revert "PgSQL search operator "SQL" added" This reverts commit `af7ac6f06a`.	2018-06-27 22:23:56 +02:00
Jakub Vrana	3676b7fb71	Add TODO	2018-06-27 08:55:19 +02:00
Jakub Vrana	c564a8ef50	MySQL: Disallow LOAD DATA LOCAL INFILE	2018-06-26 08:53:12 +02:00
Jakub Vrana	2780eb01f5	PostgreSQL: Export false as 0 in PDO (bug #619 )	2018-06-09 12:45:17 +02:00
Gintautas Miselis	b98d0bcc55	mssql: ignore serverproperty error This change allows connection to Sybase ASE 15	2018-06-09 12:25:24 +02:00
Jakub Vrana	e856e28892	Add spaces	2018-06-09 12:24:18 +02:00
Petr Sedlacek	8f269d66b0	Fix table list in sidebar in designs/pokorny (#278 )	2018-06-09 12:23:15 +02:00
Peter Knut	3de94b67ca	Allow AdminerTablesFilter plugin to be used with third-party table list plugins (#275 )	2018-05-13 09:49:09 +02:00
Jakub Vrana	a9a7488454	Recommend inlining the hash	2018-05-07 12:23:13 +02:00
Jakub Vrana	36f13031f7	Improve error message	2018-05-07 12:22:52 +02:00
Jakub Vrana	6f25b1b5cf	Escape \ in enum edit	2018-05-06 19:21:58 +02:00
Jakub Vrana	659c34f7c5	Improve enum parsing	2018-05-06 19:21:58 +02:00
Jakub Vrana	11f24a52e4	Order database names in MySQL 8(bug #613 )	2018-05-06 18:11:03 +02:00
Franklin Tse	3c3d861f41	Respect 'session.cookie_secure' if it is On	2018-05-06 17:49:39 +02:00
Jakub Vrana	7b60b03e6a	Copy triggers when copying table	2018-05-06 17:36:52 +02:00
Jakub Vrana	84c65fcca6	MS SQL: Support port with sqlsrc	2018-05-06 11:46:36 +02:00
Jakub Vrana	733fe9e430	PostgreSQL: Do not cast uuid searches to text (bug #608 )	2018-05-06 11:41:59 +02:00
Jakub Vrana	5c3fb875e1	Editor: Do not check boolean checkboxes with false in PostgreSQL (bug #607 )	2018-05-06 11:26:43 +02:00
Jakub Vrana	60d1b7b3b4	Disallow using password-less databases	2018-05-04 16:52:41 +02:00
Jakub Vrana	db11fa4c1a	MongoDB: Consolidate code	2018-05-04 16:39:21 +02:00
Jakub Vrana	c3cfc0e69b	MongoDB: Consolidate code	2018-05-04 16:38:24 +02:00
Jakub Vrana	5f4d407f2e	MongoDB: Consolidate code	2018-05-04 16:37:36 +02:00
Jakub Vrana	70afe70b72	MongoDB: Report version	2018-05-04 15:37:29 +02:00
Jakub Vrana	75f43a4454	Document that Elasticsearch requires allow_url_fopen	2018-05-04 15:26:57 +02:00
Matěj Humpál	78f4513d9d	PostgreSQL: Do not cast boolean to text on search (#264 )	2018-03-18 14:34:54 +01:00
Jakub Vrana	89c66ccabe	PostgreSQL: Do not cast number searches to text	2018-03-13 14:09:53 +01:00
Jakub Vrana	6ba77b7899	PostgreSQL: Fix editing data in views (bug #605 )	2018-03-11 16:41:04 +01:00
Jakub Vrana	d271d0b481	Elasticsearch: Fix PHP warning	2018-03-11 16:07:54 +01:00
Sartor	af7ac6f06a	PgSQL search operator "SQL" added	2018-03-11 15:48:42 +01:00
Jakub Vrana	19034c35fe	PostgreSQL: Fix slow query	2018-03-10 17:16:07 +01:00
Jakub Vrana	88438cd607	Update JUSH	2018-03-10 17:15:55 +01:00
Jakub Vrana	34c792bb59	Display that *.gz files are supported in file upload	2018-03-09 18:21:44 +01:00
Jakub Vrana	6ed94f1f6d	Save bytes	2018-03-09 18:19:14 +01:00
Jakub Vrana	8c4726bb61	Stay on import page when switching database	2018-03-09 18:19:14 +01:00
Jakub Vrana	8ab2c7e03b	Decrease timeout for running slow queries from 5 seconds to 2 seconds	2018-03-09 18:19:14 +01:00
Jakub Vrana	665fafb297	Simplify running slow queries	2018-03-09 18:19:14 +01:00
Jakub Vrana	67c2a91c67	Remove unused argument	2018-03-09 18:19:14 +01:00
Jakub Vrana	78b8707bd0	Update JUSH	2018-03-09 18:19:14 +01:00
Jakub Vrana	7c15940be8	Use JUSH from GitHub	2018-03-02 09:38:58 +01:00
Jakub Vrana	8c5603a822	Clarify changelog	2018-03-01 13:08:58 +01:00
Jakub Vrana	4e7c31a589	Display missing database in navigation	2018-03-01 12:09:10 +01:00
David Sinquin	cf9cad66e2	MongoDB driver: Add create_database methods. MongoDB databases are created on the fly when some data is written in the database, so this method does not need to do anything.	2018-03-01 11:48:02 +01:00
Jakub Vrana	26a3967cf9	Fix comment	2018-03-01 11:46:23 +01:00
Pero Brbora	6c63c2f91e	Add $driver to global variables	2018-03-01 11:46:12 +01:00
Pero Brbora	acee5c0011	Add $driver to global variables	2018-03-01 11:30:13 +01:00
Jakub Vrana	36b75b4203	Use $adminer->operators	2018-03-01 11:29:04 +01:00
Jakub Vrana	4a24ee7672	PostgreSQL: Do not cast time search	2018-03-01 11:23:01 +01:00
Matěj Humpál	e21ddd9767	Do not cast date/timestamp exact searches in PostgreSQL to text	2018-03-01 11:21:50 +01:00
Matěj Humpál	f844fc499e	Do not cast date/timestamp exact searches in PostgreSQL to text	2018-03-01 11:06:12 +01:00
Jakub Vrana	52d7c38ef1	MySQL: Use CONVERT() only when searching for non-ASCII (bug #603 )	2018-03-01 11:01:35 +01:00
Jakub Vrana	53dd78f5af	Remove optional submodule	2018-03-01 09:54:20 +01:00
Róbert Mesároš	ea1dad584b	Update adminer-design (rmsoft) to version 4.6.2.1	2018-02-23 08:12:11 +01:00
Jakub Vrana	910bb39424	Wrap lines	2018-02-23 08:09:21 +01:00
Jakub Vrana	14db884471	Fix displaying info about non-alphabetical objects (bug #599 )	2018-02-22 16:47:30 +01:00
Jakub Vrana	3410836c12	Allow connecting to different drivers in login-servers	2018-02-22 12:38:22 +01:00
Jakub Vrana	cd503f6a0d	Wrap long line	2018-02-22 11:39:09 +01:00
Jakub Vrana	00721402e0	Add login-otp plugin	2018-02-22 11:36:11 +01:00
Jakub Vrana	4355aaa96f	Update translation	2018-02-21 21:36:55 +01:00
Jakub Vrana	b1cdc7902b	Comment	2018-02-21 00:28:59 +01:00
Jakub Vrana	3f4f3454f8	Centralize stopping session	2018-02-20 23:14:36 +01:00
Jakub Vrana	846435aef8	Stop session before connecting (thanks to Kareem Zidane)	2018-02-20 23:11:05 +01:00
Jakub Vrana	d7982e0b29	Update design (thanks to Jan)	2018-02-20 22:44:10 +01:00
Jakub Vrana	7b35ebd82e	PDO: Support binary fields download	2018-02-20 22:40:20 +01:00
Jakub Vrana	5b359263eb	Don't try to check missing checkboxes	2018-02-20 22:09:47 +01:00
Jakub Vrana	6ebbd8c719	Use file caching only in non-dev	2018-02-20 22:08:52 +01:00
Jakub Vrana	8bb51bec36	Editor: Delete images from compiled version	2018-02-20 16:53:53 +01:00
Jakub Vrana	fc5ddddf92	Remove driver from file URLs (stored in path)	2018-02-20 16:40:14 +01:00
Jakub Vrana	d3a429314a	Fix image in compiled version	2018-02-20 16:35:34 +01:00
Jakub Vrana	b4392b3f91	Use single \ in ' strings	2018-02-20 16:27:40 +01:00
Jakub Vrana	2021ea8fd7	is not needed with border-collapse	2018-02-20 16:02:25 +01:00