2007-07-02 05:51:26 +00:00
< ? php
2010-04-21 12:01:32 +00:00
/** Print HTML header
2011-03-23 20:05:04 +00:00
* @ param string used in title , breadcrumb and heading , should be HTML escaped
2010-04-21 12:01:32 +00:00
* @ param string
2013-07-05 08:31:53 +00:00
* @ param mixed array ( " key " => " link " , " key2 " => array ( " link " , " desc " )), null for nothing , false for driver only , true for driver and server
* @ param string used after colon in title and heading , should be HTML escaped
2010-04-21 12:01:32 +00:00
* @ return null
*/
2012-06-30 01:38:24 +00:00
function page_header ( $title , $error = " " , $breadcrumb = array (), $title2 = " " ) {
2014-01-30 17:06:58 +00:00
global $LANG , $VERSION , $adminer , $drivers , $jush ;
2013-06-29 19:41:35 +00:00
page_headers ();
2014-09-14 21:46:54 +00:00
if ( is_ajax () && $error ) {
page_messages ( $error );
exit ;
}
2013-07-05 08:31:53 +00:00
$title_all = $title . ( $title2 != " " ? " : $title2 " : " " );
2011-03-23 20:05:04 +00:00
$title_page = strip_tags ( $title_all . ( SERVER != " " && SERVER != " localhost " ? h ( " - " . SERVER ) : " " ) . " - " . $adminer -> name ());
2012-04-16 05:18:03 +00:00
?>
2012-12-05 21:11:36 +00:00
<! DOCTYPE html >
2010-11-11 09:12:26 +00:00
< html lang = " <?php echo $LANG ; ?> " dir = " <?php echo lang('ltr'); ?> " >
2009-07-11 20:30:40 +00:00
< meta http - equiv = " Content-Type " content = " text/html; charset=utf-8 " >
< meta name = " robots " content = " noindex " >
2010-11-22 17:13:07 +00:00
< title >< ? php echo $title_page ; ?> </title>
2011-02-09 14:28:45 +00:00
< link rel = " stylesheet " type = " text/css " href = " ../adminer/static/default.css " >
2018-01-13 15:25:11 +00:00
< ? php echo script_src ( " ../adminer/static/functions.js " ); ?>
< ? php echo script_src ( " static/editing.js " ); ?>
2011-04-03 15:17:26 +00:00
< ? php if ( $adminer -> head ()) { ?>
2013-02-20 00:31:51 +00:00
< link rel = " shortcut icon " type = " image/x-icon " href = " ../adminer/static/favicon.ico " >
< link rel = " apple-touch-icon " href = " ../adminer/static/favicon.ico " >
2011-04-03 15:17:26 +00:00
< ? php if ( file_exists ( " adminer.css " )) { ?>
2011-03-25 15:03:36 +00:00
< link rel = " stylesheet " type = " text/css " href = " adminer.css " >
< ? php } ?>
2011-04-03 15:17:26 +00:00
< ? php } ?>
2007-07-02 05:51:26 +00:00
2018-01-12 15:51:45 +00:00
< body class = " <?php echo lang('ltr'); ?> nojs " >
2018-01-13 21:17:00 +00:00
< script < ? php echo nonce (); ?> >
2018-01-12 15:51:45 +00:00
mixin ( document . body , { onkeydown : bodyKeydown , onclick : bodyClick < ? php echo ( isset ( $_COOKIE [ " adminer_version " ]) ? " " : " , onload: partial(verifyVersion, ' $VERSION ') " ); ?> });
2012-02-17 20:13:11 +00:00
document . body . className = document . body . className . replace ( / nojs / , ' js' );
2014-09-14 21:46:54 +00:00
var offlineMessage = '<?php echo js_escape(lang(' You are offline . ')); ?>' ;
2011-03-24 00:30:32 +00:00
</ script >
2018-01-12 17:34:19 +00:00
< div id = " help " class = " jush-<?php echo $jush ; ?> jsonly hidden " ></ div >
< ? php echo script ( " mixin(qs('#help'), { onmouseover: function () { helpOpen = 1; }, onmouseout: helpMouseout}); " ); ?>
2013-07-19 17:35:31 +00:00
2007-07-06 08:47:20 +00:00
< div id = " content " >
< ? php
2012-05-14 06:54:07 +00:00
if ( $breadcrumb !== null ) {
2013-07-03 17:34:19 +00:00
$link = substr ( preg_replace ( '~\b(username|db|ns)=[^&]*&~' , '' , ME ), 0 , - 1 );
2011-06-08 12:09:20 +00:00
echo '<p id="breadcrumb"><a href="' . h ( $link ? $link : " . " ) . '">' . $drivers [ DRIVER ] . '</a> » ' ;
2013-07-03 17:34:19 +00:00
$link = substr ( preg_replace ( '~\b(db|ns)=[^&]*&~' , '' , ME ), 0 , - 1 );
2010-11-18 11:17:06 +00:00
$server = ( SERVER != " " ? h ( SERVER ) : lang ( 'Server' ));
if ( $breadcrumb === false ) {
echo " $server\n " ;
} else {
2011-06-08 12:09:20 +00:00
echo " <a href=' " . ( $link ? h ( $link ) : " . " ) . " ' accesskey='1' title='Alt+Shift+1'> $server </a> » " ;
2010-11-18 11:17:06 +00:00
if ( $_GET [ " ns " ] != " " || ( DB != " " && is_array ( $breadcrumb ))) {
echo '<a href="' . h ( $link . " &db= " . urlencode ( DB ) . ( support ( " scheme " ) ? " &ns= " : " " )) . '">' . h ( DB ) . '</a> » ' ;
}
if ( is_array ( $breadcrumb )) {
if ( $_GET [ " ns " ] != " " ) {
echo '<a href="' . h ( substr ( ME , 0 , - 1 )) . '">' . h ( $_GET [ " ns " ]) . '</a> » ' ;
2010-04-21 12:01:32 +00:00
}
2010-11-18 11:17:06 +00:00
foreach ( $breadcrumb as $key => $val ) {
2013-07-05 04:07:52 +00:00
$desc = ( is_array ( $val ) ? $val [ 1 ] : h ( $val ));
2010-11-18 11:17:06 +00:00
if ( $desc != " " ) {
2013-07-05 04:07:52 +00:00
echo " <a href=' " . h ( ME . " $key = " ) . urlencode ( is_array ( $val ) ? $val [ 0 ] : $val ) . " '> $desc </a> » " ;
2010-04-21 12:01:32 +00:00
}
2007-07-26 10:45:49 +00:00
}
}
2010-11-18 11:17:06 +00:00
echo " $title\n " ;
2007-07-26 10:45:49 +00:00
}
}
2010-11-18 11:17:06 +00:00
echo " <h2> $title_all </h2> \n " ;
2014-09-14 21:46:54 +00:00
echo " <div id='ajaxstatus' class='jsonly hidden'></div> \n " ;
2009-11-02 22:09:23 +00:00
restart_session ();
2013-06-29 19:41:35 +00:00
page_messages ( $error );
$databases = & get_session ( " dbs " );
if ( DB != " " && $databases && ! in_array ( DB , $databases , true )) {
$databases = null ;
}
stop_session ();
define ( " PAGE_HEADER " , 1 );
}
/** Send HTTP headers
* @ return null
*/
function page_headers () {
global $adminer ;
header ( " Content-Type: text/html; charset=utf-8 " );
2013-07-23 02:40:03 +00:00
header ( " Cache-Control: no-cache " );
2018-01-09 12:48:51 +00:00
header ( " X-Frame-Options: deny " ); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox 3.6.9
header ( " X-XSS-Protection: 0 " ); // prevents introducing XSS in IE8 by removing safe parts of the page
header ( " X-Content-Type-Options: nosniff " );
header ( " Referrer-Policy: origin-when-cross-origin " );
2018-01-17 10:05:59 +00:00
foreach ( $adminer -> csp () as $csp ) {
$header = array ();
foreach ( $csp as $key => $val ) {
$header [] = " $key $val " ;
}
header ( " Content-Security-Policy: " . implode ( " ; " , $header ));
2018-01-13 13:21:54 +00:00
}
2018-01-09 12:48:51 +00:00
$adminer -> headers ();
2013-06-29 19:41:35 +00:00
}
2018-01-09 17:53:17 +00:00
/** Get Content Security Policy headers
2018-01-17 10:05:59 +00:00
* @ return array of arrays with directive name in key , allowed sources in value
2018-01-09 17:53:17 +00:00
*/
function csp () {
return array (
2018-01-17 10:05:59 +00:00
array (
" script-src " => " 'self' 'unsafe-inline' 'nonce- " . get_nonce () . " ' 'strict-dynamic' " , // 'self' is a fallback for browsers not supporting 'strict-dynamic', 'unsafe-inline' is a fallback for browsers not supporting 'nonce-'
" connect-src " => " 'self' " ,
" frame-src " => " https://www.adminer.org " ,
2018-01-19 10:05:26 +00:00
" object-src " => " 'none' " ,
" base-uri " => " 'none' " ,
2018-01-17 10:05:59 +00:00
" form-action " => " 'self' " ,
),
2018-01-09 17:53:17 +00:00
);
}
2018-01-13 21:17:00 +00:00
/** Get a CSP nonce
* @ return string Base64 value
*/
function get_nonce () {
static $nonce ;
if ( ! $nonce ) {
$nonce = base64_encode ( rand_string ());
}
return $nonce ;
}
2013-06-29 19:41:35 +00:00
/** Print flash and error messages
* @ param string
* @ return null
*/
function page_messages ( $error ) {
2011-02-03 09:15:52 +00:00
$uri = preg_replace ( '~^[^?]*~' , '' , $_SERVER [ " REQUEST_URI " ]);
2011-01-30 19:37:22 +00:00
$messages = $_SESSION [ " messages " ][ $uri ];
if ( $messages ) {
2018-01-13 22:42:48 +00:00
echo " <div class='message'> " . implode ( " </div> \n <div class='message'> " , $messages ) . " </div> " . script ( " messagesPrint(); " );
2011-01-30 19:37:22 +00:00
unset ( $_SESSION [ " messages " ][ $uri ]);
2007-07-06 08:47:20 +00:00
}
2008-04-10 14:37:10 +00:00
if ( $error ) {
2009-06-15 11:57:40 +00:00
echo " <div class='error'> $error </div> \n " ;
2008-04-10 14:37:10 +00:00
}
2007-07-06 08:47:20 +00:00
}
2010-04-21 12:01:32 +00:00
/** Print HTML footer
2010-10-18 00:15:58 +00:00
* @ param string " auth " , " db " , " ns "
2010-04-21 12:01:32 +00:00
* @ return null
*/
function page_footer ( $missing = " " ) {
2013-07-09 06:34:17 +00:00
global $adminer , $token ;
2012-04-16 05:18:03 +00:00
?>
2010-10-16 23:51:56 +00:00
</ div >
2007-07-06 08:47:20 +00:00
2007-08-09 16:47:06 +00:00
< ? php switch_lang (); ?>
2013-10-25 02:12:53 +00:00
< ? php if ( $missing != " auth " ) { ?>
2013-07-09 06:34:17 +00:00
< form action = " " method = " post " >
< p class = " logout " >
< input type = " submit " name = " logout " value = " <?php echo lang('Logout'); ?> " id = " logout " >
< input type = " hidden " name = " token " value = " <?php echo $token ; ?> " >
</ p >
</ form >
2013-10-25 02:12:53 +00:00
< ? php } ?>
2007-07-02 05:51:26 +00:00
< div id = " menu " >
2009-07-27 11:25:37 +00:00
< ? php $adminer -> navigation ( $missing ); ?>
2007-07-02 05:51:26 +00:00
</ div >
< ? php
2018-01-12 14:27:44 +00:00
echo script ( " setupSubmitHighlight(document); " );
2007-07-02 05:51:26 +00:00
}