Do not attempt logging in without password (bug #676)
This commit is contained in:
parent
0e6f1972e9
commit
15900301ee
|
@ -160,7 +160,7 @@ if (isset($_GET["username"]) && !class_exists("Min_DB")) {
|
|||
|
||||
stop_session(true);
|
||||
|
||||
if (isset($_GET["username"])) {
|
||||
if (isset($_GET["username"]) && is_string(get_password())) {
|
||||
list($host, $port) = explode(":", SERVER, 2);
|
||||
if (is_numeric($port) && $port < 1024) {
|
||||
auth_error(lang('Connecting to privileged ports is not allowed.'));
|
||||
|
|
|
@ -351,7 +351,7 @@ function set_password($vendor, $server, $username, $password) {
|
|||
}
|
||||
|
||||
/** Get password from session
|
||||
* @return string
|
||||
* @return string or null for missing password or false for expired password
|
||||
*/
|
||||
function get_password() {
|
||||
$return = get_session("pwds");
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
Adminer 4.7.2-dev:
|
||||
Do not attempt logging in without password (bug #676)
|
||||
MySQL: Fix creating users and changing password in MySQL 8 (bug #663)
|
||||
|
||||
Adminer 4.7.1 (released 2019-01-24):
|
||||
|
|
Loading…
Reference in a new issue