beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Do not attempt logging in without password (bug #676)

Browse source
This commit is contained in:
Jakub Vrana 2019-05-14 09:07:51 +02:00
parent 0e6f1972e9
commit 15900301ee
3 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
adminer/include/auth.inc.php
View file

@ -160,7 +160,7 @@ if (isset($_GET["username"]) && !class_exists("Min_DB")) {
stop_session(true);
if (isset($_GET["username"])) {
if (isset($_GET["username"]) && is_string(get_password())) {
list($host, $port) = explode(":", SERVER, 2);
if (is_numeric($port) && $port < 1024) {
auth_error(lang('Connecting to privileged ports is not allowed.'));

2
adminer/include/functions.inc.php
View file

@ -351,7 +351,7 @@ function set_password($vendor, $server, $username, $password) {
}
/** Get password from session
* @return string
* @return string or null for missing password or false for expired password
*/
function get_password() {
$return = get_session("pwds");

1
changes.txt
View file

@ -1,4 +1,5 @@
Adminer 4.7.2-dev:
Do not attempt logging in without password (bug #676)
MySQL: Fix creating users and changing password in MySQL 8 (bug #663)
Adminer 4.7.1 (released 2019-01-24):