Disable session.use_trans_sid to preserve export result
Do not depend on session.use_trans_sid without cookies git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1050 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
parent
e895368453
commit
25cef1ffe1
|
|
@ -425,7 +425,9 @@ class Adminer {
|
|||
</p>
|
||||
</form>
|
||||
<form action="">
|
||||
<p><?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
|
||||
<p>
|
||||
<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?>
|
||||
<?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
|
||||
<?php if ($databases) { ?>
|
||||
<select name="db" onchange="this.form.submit();"><option value="">(<?php echo lang('database'); ?>)<?php echo optionlist($databases, DB); ?></select>
|
||||
<?php } else { ?>
|
||||
|
|
|
|||
|
|
@ -1,26 +1,21 @@
|
|||
<?php
|
||||
$ignore = array("server", "username", "password");
|
||||
$session_name = session_name();
|
||||
if (ini_get("session.use_trans_sid") && isset($_POST[$session_name])) {
|
||||
$ignore[] = $session_name;
|
||||
}
|
||||
if (isset($_POST["server"])) {
|
||||
if (isset($_COOKIE[$session_name]) || isset($_POST[$session_name])) {
|
||||
session_regenerate_id(); // defense against session fixation
|
||||
$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
|
||||
$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
|
||||
$_SESSION["tokens"][$_POST["server"]] = rand(1, 1e6); // defense against cross-site request forgery
|
||||
if (count($_POST) == count($ignore)) {
|
||||
$location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri() : preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : ''));
|
||||
if (!isset($_COOKIE[$session_name])) {
|
||||
$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
|
||||
}
|
||||
header("Location: " . (strlen($location) ? $location : "."));
|
||||
exit;
|
||||
}
|
||||
if ($_POST["token"]) {
|
||||
$_POST["token"] = $_SESSION["tokens"][$_POST["server"]];
|
||||
session_regenerate_id(); // defense against session fixation
|
||||
$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
|
||||
$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
|
||||
$_SESSION["tokens"][$_POST["server"]] = rand(1, 1e6); // defense against cross-site request forgery
|
||||
if (count($_POST) == count($ignore)) {
|
||||
$location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri() : preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . (strlen($_POST["server"]) ? '?server=' . urlencode($_POST["server"]) : ''));
|
||||
if (!isset($_COOKIE[$session_name])) {
|
||||
$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
|
||||
}
|
||||
header("Location: " . (strlen($location) ? $location : "."));
|
||||
exit;
|
||||
}
|
||||
if ($_POST["token"]) {
|
||||
$_POST["token"] = $_SESSION["tokens"][$_POST["server"]];
|
||||
}
|
||||
$_GET["server"] = $_POST["server"];
|
||||
} elseif (isset($_POST["logout"])) {
|
||||
|
|
|
|||
|
|
@ -45,6 +45,7 @@ if (!isset($_SERVER["REQUEST_URI"])) {
|
|||
|
||||
if (!ini_get("session.auto_start")) {
|
||||
// use specific session name to get own namespace
|
||||
@ini_set("session.use_trans_sid", false); // @ - may be disabled
|
||||
session_name("adminer_sid");
|
||||
session_set_cookie_params(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])); //! use HttpOnly in PHP 5
|
||||
session_start();
|
||||
|
|
@ -70,7 +71,7 @@ set_magic_quotes_runtime(false);
|
|||
@set_time_limit(0); // @ - can be disabled
|
||||
|
||||
define("DB", $_GET["db"]); // for the sake of speed and size
|
||||
define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (strlen($_GET["server"]) ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (strlen(DB) ? 'db=' . urlencode(DB) . '&' : ''));
|
||||
define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID ? SID . '&' : '') . (strlen($_GET["server"]) ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (strlen(DB) ? 'db=' . urlencode(DB) . '&' : ''));
|
||||
$on_actions = array("RESTRICT", "CASCADE", "SET NULL", "NO ACTION"); // used in foreign_keys()
|
||||
|
||||
include "../adminer/include/version.inc.php";
|
||||
|
|
|
|||
|
|
@ -104,10 +104,6 @@ function redirect($location, $message = null) {
|
|||
if (isset($message)) {
|
||||
$_SESSION["messages"][] = $message;
|
||||
}
|
||||
if (strlen(SID)) {
|
||||
// append SID if session cookies are disabled
|
||||
$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
|
||||
}
|
||||
header("Location: " . (strlen($location) ? $location : "."));
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,6 +6,7 @@ $result = $dbh->query("SELECT User, Host FROM mysql.user ORDER BY Host, User");
|
|||
if (!$result) {
|
||||
?>
|
||||
<form action=""><p>
|
||||
<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?>
|
||||
<?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
|
||||
<?php echo lang('Username'); ?>: <input name="user">
|
||||
<?php echo lang('Server'); ?>: <input name="host" value="localhost">
|
||||
|
|
|
|||
Loading…
Reference in a new issue