Logout by POST
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@387 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
parent
eff527b3d8
commit
0cb0f51ab0
|
@ -22,13 +22,19 @@ if (isset($_POST["server"])) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$_GET["server"] = $_POST["server"];
|
$_GET["server"] = $_POST["server"];
|
||||||
} elseif (isset($_GET["logout"])) {
|
} elseif (isset($_POST["logout"])) {
|
||||||
|
if ($_POST["token"] != $_SESSION["tokens"][$_GET["server"]]["?logout"]) {
|
||||||
|
page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
|
||||||
|
page_footer("db");
|
||||||
|
exit;
|
||||||
|
} else {
|
||||||
unset($_SESSION["usernames"][$_GET["server"]]);
|
unset($_SESSION["usernames"][$_GET["server"]]);
|
||||||
unset($_SESSION["passwords"][$_GET["server"]]);
|
unset($_SESSION["passwords"][$_GET["server"]]);
|
||||||
unset($_SESSION["databases"][$_GET["server"]]);
|
unset($_SESSION["databases"][$_GET["server"]]);
|
||||||
$_SESSION["tokens"][$_GET["server"]] = array();
|
$_SESSION["tokens"][$_GET["server"]] = array();
|
||||||
redirect(substr($SELF, 0, -1), lang('Logout successful.'));
|
redirect(substr($SELF, 0, -1), lang('Logout successful.'));
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function auth_error() {
|
function auth_error() {
|
||||||
global $ignore;
|
global $ignore;
|
||||||
|
|
|
@ -60,11 +60,19 @@ function page_footer($missing = false) {
|
||||||
<div id="menu">
|
<div id="menu">
|
||||||
<h1><a href="http://phpminadmin.sourceforge.net"><?php echo lang('phpMinAdmin'); ?></a></h1>
|
<h1><a href="http://phpminadmin.sourceforge.net"><?php echo lang('phpMinAdmin'); ?></a></h1>
|
||||||
<?php if ($missing != "auth") { ?>
|
<?php if ($missing != "auth") { ?>
|
||||||
|
<form action="" method="post">
|
||||||
<p>
|
<p>
|
||||||
<a href="<?php echo htmlspecialchars($SELF); ?>sql="><?php echo lang('SQL command'); ?></a>
|
<a href="<?php echo htmlspecialchars($SELF); ?>sql="><?php echo lang('SQL command'); ?></a>
|
||||||
<a href="<?php echo htmlspecialchars($SELF); ?>dump=<?php echo urlencode($_GET["table"]); ?>"><?php echo lang('Dump'); ?></a>
|
<a href="<?php echo htmlspecialchars($SELF); ?>dump=<?php echo urlencode($_GET["table"]); ?>"><?php echo lang('Dump'); ?></a>
|
||||||
<a href="<?php echo htmlspecialchars(preg_replace('~db=[^&]*&~', '', $SELF)); ?>logout="><?php echo lang('Logout'); ?></a>
|
<input type="hidden" name="token" value="<?php
|
||||||
|
if (!$_SESSION["tokens"][$_GET["server"]]["?logout"]) {
|
||||||
|
$_SESSION["tokens"][$_GET["server"]]["?logout"] = rand(1, 1e6);
|
||||||
|
}
|
||||||
|
echo $_SESSION["tokens"][$_GET["server"]]["?logout"];
|
||||||
|
?>" />
|
||||||
|
<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" />
|
||||||
</p>
|
</p>
|
||||||
|
</form>
|
||||||
<form action="">
|
<form action="">
|
||||||
<p><?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo htmlspecialchars($_GET["server"]); ?>" /><?php } ?>
|
<p><?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo htmlspecialchars($_GET["server"]); ?>" /><?php } ?>
|
||||||
<select name="db" onchange="this.form.submit();"><option value="">(<?php echo lang('database'); ?>)</option>
|
<select name="db" onchange="this.form.submit();"><option value="">(<?php echo lang('database'); ?>)</option>
|
||||||
|
|
Loading…
Reference in a new issue