Release 4.7.7

The issue described in #372 is the same for the HTTP_X_FORWARDED_FOR comparison. strncasecmp returns 0 when the two strings are equal which is falsey.

adminer/include/bootstrap.inc.php

@@ -84,7 +84,7 @@ include "../adminer/drivers/mysql.inc.php"; // must be included as last driver
 
 define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
 define("DB", $_GET["db"]); // for the sake of speed and size
-define("ME", str_replace(":", "%3a", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"])) . '?'
+define("ME", str_replace(":", "%3a", preg_replace('~\?.*~', '', relative_uri())) . '?'
 	. (sid() ? SID . '&' : '')
 	. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
 	. (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '')

adminer/include/functions.inc.php

@@ -721,12 +721,19 @@ function format_time($start) {
 	return lang('%.3f s', max(0, microtime(true) - $start));
 }
 
+/** Get relative REQUEST_URI
+* @return string
+*/
+function relative_uri() {
+	return preg_replace('~^[^?]*/([^?]*)~', '\1', $_SERVER["REQUEST_URI"]);
+}
+
 /** Remove parameter from query string
 * @param string
 * @return string
 */
 function remove_from_uri($param = "") {
-	return substr(preg_replace("~(?<=[?&])($param" . (SID ? "" : "|" . session_name()) . ")=[^&]*&~", '', "$_SERVER[REQUEST_URI]&"), 0, -1);
+	return substr(preg_replace("~(?<=[?&])($param" . (SID ? "" : "|" . session_name()) . ")=[^&]*&~", '', relative_uri() . "&"), 0, -1);
 }
 
 /** Generate page number for pagination

adminer/include/version.inc.php

@@ -1,2 +1,2 @@
 <?php
-$VERSION = "4.7.6-dev";
+$VERSION = "4.7.7";

adminer/lang/el.inc.php

@@ -234,7 +234,7 @@ $translations = array(
 	'Sort' => 'Ταξινόμηση',
 	'descending' => 'Φθίνουσα',
 	'Limit' => 'Όριο',
-	'Limit rows' => 'Περιοριμός σειρών',
+	'Limit rows' => 'Περιορισμός σειρών',
 	'Text length' => 'Μήκος κειμένου',
 	'Action' => 'Ενέργεια',
 	'Full table scan' => 'Πλήρης σάρωση πινάκων',

adminer/lang/fi.inc.php

@@ -333,4 +333,18 @@ $translations = array(
 	'Type has been dropped.' => 'Tyyppi poistettiin.',
 	'Type has been created.' => 'Tyyppi luotiin.',
 	'Alter type' => 'Muuta tyyppiä',
+
+	'Thanks for using Adminer, consider <a href="https://www.adminer.org/en/donation/">donating</a>.' => 'Kiitos, kun käytät Admineriä, voit <a href="https://www.adminer.org/en/donation/">tehdä lahjoituksen tästä</a>.',
+	'Drop %s?' => 'Poistetaanko %s?',
+	'overwrite' => 'kirjoittaen päälle',
+	'DB' => 'TK',
+	'ATTACH queries are not supported.' => 'ATTACH-komennolla tehtyjä kyselyjä ei tueta.',
+	'Warnings' => 'Varoitukset',
+	'Adminer does not support accessing a database without a password, <a href="https://www.adminer.org/en/password/"%s>more information</a>.' => 'Adminer ei tue pääsyä tietokantaan ilman salasanaa, katso tarkemmin <a href="https://www.adminer.org/en/password/"%s>täältä</a>.',
+	'The action will be performed after successful login with the same credentials.' => 'Toiminto suoritetaan sen jälkeen, kun on onnistuttu kirjautumaan samoilla käyttäjätunnuksilla uudestaan.',
+	'Connecting to privileged ports is not allowed.' => 'Yhteydet etuoikeutettuihin portteihin eivät ole sallittuja.',
+	'There is a space in the input password which might be the cause.' => 'Syynä voi olla syötetyssä salasanassa oleva välilyönti.',
+	'Unknown error.' => 'Tuntematon virhe.',
+	'Database does not support password.' => 'Tietokanta ei tue salasanaa.',
+	'Disable %s or enable %s or %s extensions.' => 'Poista käytöstä %s tai ota käyttöön laajennus %s tai %s.',
 );

changes.txt

@@ -1,4 +1,7 @@
-Adminer 4.7.6-dev:
+Adminer 4.7.7 (released 2020-05-11):
+Fix open redirect if Adminer is accessible at //adminer.php%2F@
+
+Adminer 4.7.6 (released 2020-01-31):
 Speed up alter table form (regression from 4.4.0)
 Fix clicking on non-input fields in alter table (regression from 4.6.2)
 Display time of procedure execution

plugins/login-ip.php

@@ -29,7 +29,7 @@ class AdminerLoginIp {
 				}
 				if ($_SERVER["HTTP_X_FORWARDED_FOR"]) {
 					foreach ($this->forwarded_for as $forwarded_for) {
-						if (strncasecmp(preg_replace('~.*, *~', '', $_SERVER["HTTP_X_FORWARDED_FOR"]), $forwarded_for, strlen($forwarded_for))) {
+						if (strncasecmp(preg_replace('~.*, *~', '', $_SERVER["HTTP_X_FORWARDED_FOR"]), $forwarded_for, strlen($forwarded_for)) == 0) {
 							return true;
 						}
 					}