Release 4.7.7

The issue described in #372 is the same for the HTTP_X_FORWARDED_FOR comparison. strncasecmp returns 0 when the two strings are equal which is falsey.

adminer/call.inc.php

@@ -48,7 +48,9 @@ if (!$error && $_POST) {
 			if (is_object($result)) {
 				select($result, $connection2);
 			} else {
-				echo "<p class='message'>" . lang('Routine has been called, %d row(s) affected.', $affected) . "\n";
+				echo "<p class='message'>" . lang('Routine has been called, %d row(s) affected.', $affected)
+					. " <span class='time'>" . @date("H:i:s") . "</span>\n" // @ - time zone may be not set
+				;
 			}
 		} while ($connection->next_result());
 		

adminer/create.inc.php

@@ -180,6 +180,7 @@ foreach ($engines as $engine) {
 edit_fields($row["fields"], $collations, "TABLE", $foreign_keys);
 ?>
 </table>
+<?php echo script("editFields();"); ?>
 </div>
 <p>
 <?php echo lang('Auto Increment'); ?>: <input type="number" name="Auto_increment" size="6" value="<?php echo h($row["Auto_increment"]); ?>">
@@ -220,4 +221,3 @@ foreach ($row["partition_names"] as $key => $val) {
 ?>
 <input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
-<?php echo script("qs('#form')['defaults'].onclick();" . (support("comment") ? " editingCommentsClick(qs('#form')['comments']);" : "")); ?>

adminer/drivers/pgsql.inc.php

@@ -711,6 +711,10 @@ AND typelem = 0"
 		$sequences = array();
 
 		$status = table_status($table);
+		if (is_view($status)) {
+			$view = view($table);
+			return rtrim("CREATE VIEW " . idf_escape($table) . " AS $view[select]", ";");
+		}
 		$fields = fields($table);
 		$indexes = indexes($table);
 		ksort($indexes);

adminer/dump.inc.php

@@ -18,8 +18,8 @@ if ($_POST && !$error) {
 		if ($jush == "sql") {
 			echo "SET NAMES utf8;
 SET time_zone = '+00:00';
-" . ($_POST["data_style"] ? "SET foreign_key_checks = 0;
+SET foreign_key_checks = 0;
-SET sql_mode = 'NO_AUTO_VALUE_ON_ZERO';
+" . ($_POST["data_style"] ? "SET sql_mode = 'NO_AUTO_VALUE_ON_ZERO';
 " : "") . "
 ";
 			$connection->query("SET time_zone = '+00:00';");

adminer/include/auth.inc.php

@@ -162,7 +162,7 @@ stop_session(true);
 
 if (isset($_GET["username"]) && is_string(get_password())) {
 	list($host, $port) = explode(":", SERVER, 2);
-	if (is_numeric($port) && $port < 1024) {
+	if (is_numeric($port) && ($port < 1024 || $port > 65535)) {
 		auth_error(lang('Connecting to privileged ports is not allowed.'));
 	}
 	check_invalid_login();

adminer/include/bootstrap.inc.php

@@ -84,7 +84,7 @@ include "../adminer/drivers/mysql.inc.php"; // must be included as last driver
 
 define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
 define("DB", $_GET["db"]); // for the sake of speed and size
-define("ME", str_replace(":", "%3a", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"])) . '?'
+define("ME", str_replace(":", "%3a", preg_replace('~\?.*~', '', relative_uri())) . '?'
 	. (sid() ? SID . '&' : '')
 	. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
 	. (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '')

adminer/include/editing.inc.php

@@ -177,9 +177,7 @@ if ($foreign_keys) {
 	$structured_types[lang('Foreign keys')] = $foreign_keys;
 }
 echo optionlist(array_merge($extra_types, $structured_types), $type);
-?></select><?php echo on_help("getTarget(event).value", 1); ?>
+?></select><td><input name="<?php echo h($key); ?>[length]" value="<?php echo h($field["length"]); ?>" size="3"<?php echo (!$field["length"] && preg_match('~var(char|binary)$~', $type) ? " class='required'" : ""); //! type="number" with enabled JavaScript ?> aria-labelledby="label-length"><td class="options"><?php
-<?php echo script("mixin(qsl('select'), {onfocus: function () { lastType = selectValue(this); }, onchange: editingTypeChange});", ""); ?>
-<td><input name="<?php echo h($key); ?>[length]" value="<?php echo h($field["length"]); ?>" size="3"<?php echo (!$field["length"] && preg_match('~var(char|binary)$~', $type) ? " class='required'" : ""); //! type="number" with enabled JavaScript ?> aria-labelledby="label-length"><?php echo script("mixin(qsl('input'), {onfocus: editingLengthFocus, oninput: editingLengthChange});", ""); ?><td class="options"><?php
 	echo "<select name='" . h($key) . "[collation]'" . (preg_match('~(char|text|enum|set)$~', $type) ? "" : " class='hidden'") . '><option value="">(' . lang('collation') . ')' . optionlist($collations, $field["collation"]) . '</select>';
 	echo ($unsigned ? "<select name='" . h($key) . "[unsigned]'" . (!$type || preg_match(number_type(), $type) ? "" : " class='hidden'") . '><option>' . optionlist($unsigned, $field["unsigned"]) . '</select>' : '');
 	echo (isset($field['on_update']) ? "<select name='" . h($key) . "[on_update]'" . (preg_match('~timestamp|datetime~', $type) ? "" : " class='hidden'") . '>' . optionlist(array("" => "(" . lang('ON UPDATE') . ")", "CURRENT_TIMESTAMP"), (preg_match('~^CURRENT_TIMESTAMP~i', $field["on_update"]) ? "CURRENT_TIMESTAMP" : $field["on_update"])) . '</select>' : '');
@@ -265,6 +263,8 @@ function type_class($type) {
 function edit_fields($fields, $collations, $type = "TABLE", $foreign_keys = array()) {
 	global $inout;
 	$fields = array_values($fields);
+	$default_class = (($_POST ? $_POST["defaults"] : adminer_setting("defaults")) ? "" : " class='hidden'");
+	$comment_class = (($_POST ? $_POST["comments"] : adminer_setting("comments")) ? "" : " class='hidden'");
 	?>
 <thead><tr>
 <?php if ($type == "PROCEDURE") { ?><td><?php } ?>
@@ -281,8 +281,8 @@ function edit_fields($fields, $collations, $type = "TABLE", $foreign_keys = arra
 	'pgsql' => "datatype.html#DATATYPE-SERIAL",
 	'mssql' => "ms186775.aspx",
 )); ?>
-<td id="label-default"><?php echo lang('Default value'); ?>
+<td id="label-default"<?php echo $default_class; ?>><?php echo lang('Default value'); ?>
-<?php echo (support("comment") ? "<td id='label-comment'>" . lang('Comment') : ""); ?>
+<?php echo (support("comment") ? "<td id='label-comment'$comment_class>" . lang('Comment') : ""); ?>
 <?php } ?>
 <td><?php echo "<input type='image' class='icon' name='add[" . (support("move_col") ? 0 : count($fields)) . "]' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'>" . script("row_count = " . count($fields) . ";"); ?>
 </thead>
@@ -296,13 +296,13 @@ function edit_fields($fields, $collations, $type = "TABLE", $foreign_keys = arra
 		?>
 <tr<?php echo ($display ? "" : " style='display: none;'"); ?>>
 <?php echo ($type == "PROCEDURE" ? "<td>" . html_select("fields[$i][inout]", explode("|", $inout), $field["inout"]) : ""); ?>
-<th><?php if ($display) { ?><input name="fields[<?php echo $i; ?>][field]" value="<?php echo h($field["field"]); ?>" data-maxlength="64" autocapitalize="off" aria-labelledby="label-name"><?php echo script("qsl('input').oninput = function () { editingNameChange.call(this);" . ($field["field"] != "" || count($fields) > 1 ? "" : " editingAddRow.call(this);") . " };", ""); ?><?php } ?>
+<th><?php if ($display) { ?><input name="fields[<?php echo $i; ?>][field]" value="<?php echo h($field["field"]); ?>" data-maxlength="64" autocapitalize="off" aria-labelledby="label-name"><?php } ?>
 <input type="hidden" name="fields[<?php echo $i; ?>][orig]" value="<?php echo h($orig); ?>"><?php edit_type("fields[$i]", $field, $collations, $foreign_keys); ?>
 <?php if ($type == "TABLE") { ?>
 <td><?php echo checkbox("fields[$i][null]", 1, $field["null"], "", "", "block", "label-null"); ?>
-<td><label class="block"><input type="radio" name="auto_increment_col" value="<?php echo $i; ?>"<?php if ($field["auto_increment"]) { ?> checked<?php } ?> aria-labelledby="label-ai"></label><td><?php
+<td><label class="block"><input type="radio" name="auto_increment_col" value="<?php echo $i; ?>"<?php if ($field["auto_increment"]) { ?> checked<?php } ?> aria-labelledby="label-ai"></label><td<?php echo $default_class; ?>><?php
 			echo checkbox("fields[$i][has_default]", 1, $field["has_default"], "", "", "", "label-default"); ?><input name="fields[<?php echo $i; ?>][default]" value="<?php echo h($field["default"]); ?>" aria-labelledby="label-default"><?php
-			echo (support("comment") ? "<td><input name='fields[$i][comment]' value='" . h($field["comment"]) . "' data-maxlength='" . (min_version(5.5) ? 1024 : 255) . "' aria-labelledby='label-comment'>" : "");
+			echo (support("comment") ? "<td$comment_class><input name='fields[$i][comment]' value='" . h($field["comment"]) . "' data-maxlength='" . (min_version(5.5) ? 1024 : 255) . "' aria-labelledby='label-comment'>" : "");
 		}
 		echo "<td>";
 		echo (support("move_col") ?

adminer/include/functions.inc.php

@@ -721,12 +721,19 @@ function format_time($start) {
 	return lang('%.3f s', max(0, microtime(true) - $start));
 }
 
+/** Get relative REQUEST_URI
+* @return string
+*/
+function relative_uri() {
+	return preg_replace('~^[^?]*/([^?]*)~', '\1', $_SERVER["REQUEST_URI"]);
+}
+
 /** Remove parameter from query string
 * @param string
 * @return string
 */
 function remove_from_uri($param = "") {
-	return substr(preg_replace("~(?<=[?&])($param" . (SID ? "" : "|" . session_name()) . ")=[^&]*&~", '', "$_SERVER[REQUEST_URI]&"), 0, -1);
+	return substr(preg_replace("~(?<=[?&])($param" . (SID ? "" : "|" . session_name()) . ")=[^&]*&~", '', relative_uri() . "&"), 0, -1);
 }
 
 /** Generate page number for pagination

adminer/include/version.inc.php

@@ -1,2 +1,2 @@
 <?php
-$VERSION = "4.7.5";
+$VERSION = "4.7.7";

adminer/lang/el.inc.php

@@ -234,7 +234,7 @@ $translations = array(
 	'Sort' => 'Ταξινόμηση',
 	'descending' => 'Φθίνουσα',
 	'Limit' => 'Όριο',
-	'Limit rows' => 'Περιοριμός σειρών',
+	'Limit rows' => 'Περιορισμός σειρών',
 	'Text length' => 'Μήκος κειμένου',
 	'Action' => 'Ενέργεια',
 	'Full table scan' => 'Πλήρης σάρωση πινάκων',

adminer/lang/fi.inc.php

@@ -333,4 +333,18 @@ $translations = array(
 	'Type has been dropped.' => 'Tyyppi poistettiin.',
 	'Type has been created.' => 'Tyyppi luotiin.',
 	'Alter type' => 'Muuta tyyppiä',
+
+	'Thanks for using Adminer, consider <a href="https://www.adminer.org/en/donation/">donating</a>.' => 'Kiitos, kun käytät Admineriä, voit <a href="https://www.adminer.org/en/donation/">tehdä lahjoituksen tästä</a>.',
+	'Drop %s?' => 'Poistetaanko %s?',
+	'overwrite' => 'kirjoittaen päälle',
+	'DB' => 'TK',
+	'ATTACH queries are not supported.' => 'ATTACH-komennolla tehtyjä kyselyjä ei tueta.',
+	'Warnings' => 'Varoitukset',
+	'Adminer does not support accessing a database without a password, <a href="https://www.adminer.org/en/password/"%s>more information</a>.' => 'Adminer ei tue pääsyä tietokantaan ilman salasanaa, katso tarkemmin <a href="https://www.adminer.org/en/password/"%s>täältä</a>.',
+	'The action will be performed after successful login with the same credentials.' => 'Toiminto suoritetaan sen jälkeen, kun on onnistuttu kirjautumaan samoilla käyttäjätunnuksilla uudestaan.',
+	'Connecting to privileged ports is not allowed.' => 'Yhteydet etuoikeutettuihin portteihin eivät ole sallittuja.',
+	'There is a space in the input password which might be the cause.' => 'Syynä voi olla syötetyssä salasanassa oleva välilyönti.',
+	'Unknown error.' => 'Tuntematon virhe.',
+	'Database does not support password.' => 'Tietokanta ei tue salasanaa.',
+	'Disable %s or enable %s or %s extensions.' => 'Poista käytöstä %s tai ota käyttöön laajennus %s tai %s.',
 );

adminer/procedure.inc.php

@@ -48,6 +48,7 @@ if (isset($_GET["function"])) {
 }
 ?>
 </table>
+<?php echo script("editFields();"); ?>
 </div>
 <p><?php textarea("definition", $row["definition"]); ?>
 <p>

adminer/static/editing.js

@@ -207,6 +207,33 @@ function idfEscape(s) {
 
 
 
+/** Set up event handlers for edit_fields().
+*/
+function editFields() {
+	var els = qsa('[name$="[field]"]');
+	for (var i = 0; i < els.length; i++) {
+		els[i].oninput = function () {
+			editingNameChange.call(this);
+			if (!this.defaultValue) {
+				editingAddRow.call(this);
+			}
+		}
+	}
+	els = qsa('[name$="[length]"]');
+	for (var i = 0; i < els.length; i++) {
+		mixin(els[i], {onfocus: editingLengthFocus, oninput: editingLengthChange});
+	}
+	els = qsa('[name$="[type]"]');
+	for (var i = 0; i < els.length; i++) {
+		mixin(els[i], {
+			onfocus: function () { lastType = selectValue(this); },
+			onchange: editingTypeChange,
+			onmouseover: function (event) { helpMouseover.call(this, event, getTarget(event).value, 1) },
+			onmouseout: helpMouseout
+		});
+	}
+}
+
 /** Handle clicks on fields editing
 * @param MouseEvent
 * @return boolean false to cancel action
@@ -214,7 +241,7 @@ function idfEscape(s) {
 function editingClick(event) {
 	var el = getTarget(event);
 	if (!isTag(el, 'input')) {
-		el = parentTag(target, 'label');
+		el = parentTag(el, 'label');
 		el = el && qs('input', el);
 	}
 	if (el) {
@@ -289,7 +316,7 @@ function editingNameChange() {
 }
 
 /** Add table row for next field
-* @param boolean
+* @param [boolean]
 * @return boolean false
 * @this HTMLInputElement
 */

adminer/static/functions.js

@@ -444,7 +444,8 @@ function selectSearch(name) {
 	var divs = qsa('div', el);
 	for (var i=0; i < divs.length; i++) {
 		var div = divs[i];
-		if (isTag(div.firstChild, 'select') && selectValue(div.firstChild) == name) {
+		var el = qs('[name$="[col]"]', div);
+		if (el && selectValue(el) == name) {
 			break;
 		}
 	}

changes.txt

@@ -1,3 +1,15 @@
+Adminer 4.7.7 (released 2020-05-11):
+Fix open redirect if Adminer is accessible at //adminer.php%2F@
+
+Adminer 4.7.6 (released 2020-01-31):
+Speed up alter table form (regression from 4.4.0)
+Fix clicking on non-input fields in alter table (regression from 4.6.2)
+Display time of procedure execution
+Disallow connecting to ports > 65535 (bug #730)
+MySQL: Always set foreign_key_checks in export
+PostgreSQL: Support exporting views
+Editor: Fix focusing foreign key search in select
+
 Adminer 4.7.5 (released 2019-11-13):
 Add id="" to cells with failed inline edit (bug #708)
 PostgreSQL: Fix getting default value in PostgreSQL 12 (bug #719)
@@ -681,7 +693,7 @@ Print ALTER export instead of executing it
 Click on row selects it
 Fix Editor date format
 Fix long SQL query crash (bug #2839231)
-Speedup of simple alter table
+Speed up simple alter table
 Traditional Chinese translation
 
 Adminer 2.0.0 (released 2009-08-06):

editor/sqlite.php

@@ -0,0 +1,21 @@
+<?php
+function adminer_object() {
+	include_once "../plugins/plugin.php";
+	include_once "../plugins/login-password-less.php";
+	
+	class AdminerCustomization extends AdminerPlugin {
+		function loginFormField($name, $heading, $value) {
+			return parent::loginFormField($name, $heading, str_replace('value="server"', 'value="sqlite"', $value));
+		}
+		function database() {
+			return "PATH_TO_YOUR_SQLITE_HERE";
+		}
+	}
+	
+	return new AdminerCustomization(array(
+		// TODO: inline the result of password_hash() so that the password is not visible in source codes
+		new AdminerLoginPasswordLess(password_hash("YOUR_PASSWORD_HERE", PASSWORD_DEFAULT)),
+	));
+}
+
+include "./index.php";

plugins/login-ip.php

@@ -23,13 +23,13 @@ class AdminerLoginIp {
 
 	function login($login, $password) {
 		foreach ($this->ips as $ip) {
-			if (strncasecmp($_SERVER["REMOTE_ADDR"], $ip, strlen($ip))) {
+			if (strncasecmp($_SERVER["REMOTE_ADDR"], $ip, strlen($ip)) == 0) {
 				if (!$this->forwarded_for) {
 					return true;
 				}
 				if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {
 					foreach ($this->forwarded_for as $forwarded_for) {
-						if (strncasecmp(preg_replace('~.*, *~', '', $_SERVER["HTTP_X_FORWARDED_FOR"]), $forwarded_for, strlen($forwarded_for))) {
+						if (strncasecmp(preg_replace('~.*, *~', '', $_SERVER["HTTP_X_FORWARDED_FOR"]), $forwarded_for, strlen($forwarded_for)) == 0) {
 							return true;
 						}
 					}

readme.txt

@@ -12,6 +12,7 @@ editor/example.php - Example customization
 plugins/readme.txt - Plugins for Adminer and Adminer Editor
 adminer/plugin.php - Plugin demo
 adminer/sqlite.php - Development version of Adminer with SQLite allowed
+editor/sqlite.php - Development version of Editor with SQLite allowed
 adminer/designs.php - Development version of Adminer with adminer.css switcher
 compile.php - Create a single file version
 lang.php - Update translations