From 1aa3144d052a483491663a1b6d03bddb4bee9ec4 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Wed, 3 Jul 2013 10:34:19 -0700
Subject: [PATCH] Use stricter regexp in URL

---
 adminer/database.inc.php       | 2 +-
 adminer/include/auth.inc.php   | 2 +-
 adminer/include/design.inc.php | 4 ++--
 3 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/adminer/database.inc.php b/adminer/database.inc.php
index 2306144a..caf31583 100644
--- a/adminer/database.inc.php
+++ b/adminer/database.inc.php
@@ -11,7 +11,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
 		// create or rename database
 		if (DB != "") {
 			$_GET["db"] = $name;
-			queries_redirect(preg_replace('~db=[^&]*&~', '', ME) . "db=" . urlencode($name), lang('Database has been renamed.'), rename_database($name, $row["collation"]));
+			queries_redirect(preg_replace('~\bdb=[^&]*&~', '', ME) . "db=" . urlencode($name), lang('Database has been renamed.'), rename_database($name, $row["collation"]));
 		} else {
 			$databases = explode("\n", str_replace("\r", "", $name));
 			$success = true;
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index b713da1f..268f0f69 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -44,7 +44,7 @@ if ($auth) {
 			set_session($key, null);
 		}
 		unset_permanent();
-		redirect(substr(preg_replace('~(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
+		redirect(substr(preg_replace('~\b(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
 	}
 	
 } elseif ($permanent && !$_SESSION["pwds"]) {
diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index 2fe85d33..22ff672f 100644
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -37,9 +37,9 @@ document.body.className = document.body.className.replace(/ nojs/, ' js');
 <div id="content">
 <?php
 	if ($breadcrumb !== null) {
-		$link = substr(preg_replace('~(username|db|ns)=[^&]*&~', '', ME), 0, -1);
+		$link = substr(preg_replace('~\b(username|db|ns)=[^&]*&~', '', ME), 0, -1);
 		echo '<p id="breadcrumb"><a href="' . h($link ? $link : ".") . '">' . $drivers[DRIVER] . '</a> &raquo; ';
-		$link = substr(preg_replace('~(db|ns)=[^&]*&~', '', ME), 0, -1);
+		$link = substr(preg_replace('~\b(db|ns)=[^&]*&~', '', ME), 0, -1);
 		$server = (SERVER != "" ? h(SERVER) : lang('Server'));
 		if ($breadcrumb === false) {
 			echo "$server\n";