Disable session.use_trans_sid to preserve export result
Do not depend on session.use_trans_sid without cookies git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1050 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
parent
e895368453
commit
25cef1ffe1
|
@ -425,7 +425,9 @@ class Adminer {
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
<form action="">
|
<form action="">
|
||||||
<p><?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
|
<p>
|
||||||
|
<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?>
|
||||||
|
<?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
|
||||||
<?php if ($databases) { ?>
|
<?php if ($databases) { ?>
|
||||||
<select name="db" onchange="this.form.submit();"><option value="">(<?php echo lang('database'); ?>)<?php echo optionlist($databases, DB); ?></select>
|
<select name="db" onchange="this.form.submit();"><option value="">(<?php echo lang('database'); ?>)<?php echo optionlist($databases, DB); ?></select>
|
||||||
<?php } else { ?>
|
<?php } else { ?>
|
||||||
|
|
|
@ -1,11 +1,7 @@
|
||||||
<?php
|
<?php
|
||||||
$ignore = array("server", "username", "password");
|
$ignore = array("server", "username", "password");
|
||||||
$session_name = session_name();
|
$session_name = session_name();
|
||||||
if (ini_get("session.use_trans_sid") && isset($_POST[$session_name])) {
|
|
||||||
$ignore[] = $session_name;
|
|
||||||
}
|
|
||||||
if (isset($_POST["server"])) {
|
if (isset($_POST["server"])) {
|
||||||
if (isset($_COOKIE[$session_name]) || isset($_POST[$session_name])) {
|
|
||||||
session_regenerate_id(); // defense against session fixation
|
session_regenerate_id(); // defense against session fixation
|
||||||
$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
|
$_SESSION["usernames"][$_POST["server"]] = $_POST["username"];
|
||||||
$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
|
$_SESSION["passwords"][$_POST["server"]] = $_POST["password"];
|
||||||
|
@ -21,7 +17,6 @@ if (isset($_POST["server"])) {
|
||||||
if ($_POST["token"]) {
|
if ($_POST["token"]) {
|
||||||
$_POST["token"] = $_SESSION["tokens"][$_POST["server"]];
|
$_POST["token"] = $_SESSION["tokens"][$_POST["server"]];
|
||||||
}
|
}
|
||||||
}
|
|
||||||
$_GET["server"] = $_POST["server"];
|
$_GET["server"] = $_POST["server"];
|
||||||
} elseif (isset($_POST["logout"])) {
|
} elseif (isset($_POST["logout"])) {
|
||||||
if ($_POST["token"] != $_SESSION["tokens"][$_GET["server"]]) {
|
if ($_POST["token"] != $_SESSION["tokens"][$_GET["server"]]) {
|
||||||
|
|
|
@ -45,6 +45,7 @@ if (!isset($_SERVER["REQUEST_URI"])) {
|
||||||
|
|
||||||
if (!ini_get("session.auto_start")) {
|
if (!ini_get("session.auto_start")) {
|
||||||
// use specific session name to get own namespace
|
// use specific session name to get own namespace
|
||||||
|
@ini_set("session.use_trans_sid", false); // @ - may be disabled
|
||||||
session_name("adminer_sid");
|
session_name("adminer_sid");
|
||||||
session_set_cookie_params(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])); //! use HttpOnly in PHP 5
|
session_set_cookie_params(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])); //! use HttpOnly in PHP 5
|
||||||
session_start();
|
session_start();
|
||||||
|
@ -70,7 +71,7 @@ set_magic_quotes_runtime(false);
|
||||||
@set_time_limit(0); // @ - can be disabled
|
@set_time_limit(0); // @ - can be disabled
|
||||||
|
|
||||||
define("DB", $_GET["db"]); // for the sake of speed and size
|
define("DB", $_GET["db"]); // for the sake of speed and size
|
||||||
define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (strlen($_GET["server"]) ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (strlen(DB) ? 'db=' . urlencode(DB) . '&' : ''));
|
define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID ? SID . '&' : '') . (strlen($_GET["server"]) ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (strlen(DB) ? 'db=' . urlencode(DB) . '&' : ''));
|
||||||
$on_actions = array("RESTRICT", "CASCADE", "SET NULL", "NO ACTION"); // used in foreign_keys()
|
$on_actions = array("RESTRICT", "CASCADE", "SET NULL", "NO ACTION"); // used in foreign_keys()
|
||||||
|
|
||||||
include "../adminer/include/version.inc.php";
|
include "../adminer/include/version.inc.php";
|
||||||
|
|
|
@ -104,10 +104,6 @@ function redirect($location, $message = null) {
|
||||||
if (isset($message)) {
|
if (isset($message)) {
|
||||||
$_SESSION["messages"][] = $message;
|
$_SESSION["messages"][] = $message;
|
||||||
}
|
}
|
||||||
if (strlen(SID)) {
|
|
||||||
// append SID if session cookies are disabled
|
|
||||||
$location .= (strpos($location, "?") === false ? "?" : "&") . SID;
|
|
||||||
}
|
|
||||||
header("Location: " . (strlen($location) ? $location : "."));
|
header("Location: " . (strlen($location) ? $location : "."));
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
|
@ -6,6 +6,7 @@ $result = $dbh->query("SELECT User, Host FROM mysql.user ORDER BY Host, User");
|
||||||
if (!$result) {
|
if (!$result) {
|
||||||
?>
|
?>
|
||||||
<form action=""><p>
|
<form action=""><p>
|
||||||
|
<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?>
|
||||||
<?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
|
<?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
|
||||||
<?php echo lang('Username'); ?>: <input name="user">
|
<?php echo lang('Username'); ?>: <input name="user">
|
||||||
<?php echo lang('Server'); ?>: <input name="host" value="localhost">
|
<?php echo lang('Server'); ?>: <input name="host" value="localhost">
|
||||||
|
|
Loading…
Reference in a new issue