From 21c98c49c1aa928542f2831f9b6de35c87fce6a9 Mon Sep 17 00:00:00 2001 From: jakubvrana Date: Mon, 20 Jul 2009 11:59:11 +0000 Subject: [PATCH] Exception to CSRF can be abused in Editor git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@852 7c3ca157-0c34-0410-bff1-cbf682f78f5c --- adminer/dump.inc.php | 2 +- adminer/include/bootstrap.inc.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/adminer/dump.inc.php b/adminer/dump.inc.php index c7e4a52a..a27b0e0b 100644 --- a/adminer/dump.inc.php +++ b/adminer/dump.inc.php @@ -162,7 +162,7 @@ if ($dbh->server_info >= 5) { $db_style[] = 'CREATE+ALTER'; $table_style[] = 'CREATE+ALTER'; } -echo "" . lang('Output') . "$dump_output\n"; +echo "" . lang('Output') . "$dump_output\n"; echo "" . lang('Format') . "$dump_format\n"; echo "" . lang('Database') . "\n"; echo "" . lang('Tables') . "\n"; diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php index 7ca461b2..2941bf1d 100644 --- a/adminer/include/bootstrap.inc.php +++ b/adminer/include/bootstrap.inc.php @@ -99,6 +99,6 @@ include "./include/export.inc.php"; $confirm = " onclick=\"return confirm('" . lang('Are you sure?') . "');\""; $token = $_SESSION["tokens"][$_GET["server"]]; $error = ($_POST - ? ($_POST["token"] == $token || isset($_GET["dump"]) ? "" : lang('Invalid CSRF token. Send the form again.')) + ? ($_POST["token"] == $token ? "" : lang('Invalid CSRF token. Send the form again.')) : ($_SERVER["REQUEST_METHOD"] != "POST" ? "" : lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.')) // posted form with no data means that post_max_size exceeded because Adminer always sends token at least );