Direct links from HTTPS to HTTP
This commit is contained in:
parent
9307f1304f
commit
2cec7584f6
|
@ -24,11 +24,12 @@ include "../adminer/include/functions.inc.php";
|
||||||
if (!isset($_SERVER["REQUEST_URI"])) {
|
if (!isset($_SERVER["REQUEST_URI"])) {
|
||||||
$_SERVER["REQUEST_URI"] = $_SERVER["ORIG_PATH_INFO"] . ($_SERVER["QUERY_STRING"] != "" ? "?$_SERVER[QUERY_STRING]" : ""); // IIS 5 compatibility
|
$_SERVER["REQUEST_URI"] = $_SERVER["ORIG_PATH_INFO"] . ($_SERVER["QUERY_STRING"] != "" ? "?$_SERVER[QUERY_STRING]" : ""); // IIS 5 compatibility
|
||||||
}
|
}
|
||||||
|
$HTTPS = $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off");
|
||||||
|
|
||||||
@ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled
|
@ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled
|
||||||
if (!ini_bool("session.auto_start")) {
|
if (!ini_bool("session.auto_start")) {
|
||||||
session_name("adminer_sid"); // use specific session name to get own namespace
|
session_name("adminer_sid"); // use specific session name to get own namespace
|
||||||
$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off"));
|
$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $HTTPS);
|
||||||
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
|
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
|
||||||
$params[] = true; // HttpOnly
|
$params[] = true; // HttpOnly
|
||||||
}
|
}
|
||||||
|
|
|
@ -7,11 +7,11 @@
|
||||||
* @return null
|
* @return null
|
||||||
*/
|
*/
|
||||||
function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
||||||
global $LANG, $VERSION, $adminer, $connection, $drivers;
|
global $LANG, $VERSION, $HTTPS, $adminer, $connection, $drivers;
|
||||||
header("Content-Type: text/html; charset=utf-8");
|
header("Content-Type: text/html; charset=utf-8");
|
||||||
header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox NoScript plugin
|
header("X-Frame-Options: deny"); // ClickJacking protection in IE8, Safari 4, Chrome 2, Firefox NoScript plugin
|
||||||
$title_all = $title . ($title2 != "" ? ": " . h($title2) : "");
|
$title_all = $title . ($title2 != "" ? ": " . h($title2) : "");
|
||||||
$protocol = ($_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off") ? "https" : "http");
|
$protocol = ($HTTPS ? "https" : "http");
|
||||||
?>
|
?>
|
||||||
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
|
||||||
<html lang="<?php echo $LANG; ?>">
|
<html lang="<?php echo $LANG; ?>">
|
||||||
|
|
|
@ -245,13 +245,14 @@ function where_link($i, $column, $value, $operator = "=") {
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
function cookie($name, $value) {
|
function cookie($name, $value) {
|
||||||
|
global $HTTPS;
|
||||||
$params = array(
|
$params = array(
|
||||||
$name,
|
$name,
|
||||||
(ereg("\n", $value) ? "" : $value), // HTTP Response Splitting protection in PHP < 5.1.2
|
(ereg("\n", $value) ? "" : $value), // HTTP Response Splitting protection in PHP < 5.1.2
|
||||||
time() + 2592000, // 2592000 - 30 days
|
time() + 2592000, // 2592000 - 30 days
|
||||||
preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]),
|
preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]),
|
||||||
"",
|
"",
|
||||||
$_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")
|
$HTTPS
|
||||||
);
|
);
|
||||||
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
|
if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
|
||||||
$params[] = true; // HttpOnly
|
$params[] = true; // HttpOnly
|
||||||
|
@ -703,11 +704,11 @@ function is_email($email) {
|
||||||
|
|
||||||
/** Check whether the string is URL address
|
/** Check whether the string is URL address
|
||||||
* @param string
|
* @param string
|
||||||
* @return bool
|
* @return string "http", "https" or ""
|
||||||
*/
|
*/
|
||||||
function is_url($string) {
|
function is_url($string) {
|
||||||
$domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // one domain component
|
$domain = '[a-z0-9]([-a-z0-9]{0,61}[a-z0-9])'; // one domain component //! IDN
|
||||||
return preg_match("~^https?://($domain?\\.)+$domain(:[0-9]+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string); //! restrict path, query and fragment characters
|
return (preg_match("~^(https?)://($domain?\\.)+$domain(:[0-9]+)?(/.*)?(\\?.*)?(#.*)?\$~i", $string, $match) ? strtolower($match[1]) : ""); //! restrict path, query and fragment characters
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Print header for hidden fieldset (close by </div></fieldset>)
|
/** Print header for hidden fieldset (close by </div></fieldset>)
|
||||||
|
|
|
@ -315,11 +315,16 @@ if (!$columns) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!$link && is_email($val)) {
|
if (!$link) {
|
||||||
|
if (is_email($val)) {
|
||||||
$link = "mailto:$val";
|
$link = "mailto:$val";
|
||||||
}
|
}
|
||||||
if (!$link && is_url($row[$key])) {
|
if ($protocol = is_url($row[$key])) {
|
||||||
$link = "http://www.adminer.org/redirect/?url=" . urlencode($row[$key]); // intermediate page to hide Referer, may be changed to rel="noreferrer" in HTML5
|
$link = ($protocol == "http" && $HTTPS
|
||||||
|
? $row[$key] // HTTP links from HTTPS pages don't receive Referer automatically
|
||||||
|
: "$protocol://www.adminer.org/redirect/?url=" . urlencode($row[$key]) // intermediate page to hide Referer, may be changed to rel="noreferrer" in HTML5
|
||||||
|
);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
$id = h("val[$unique_idf][" . bracket_escape($key) . "]");
|
$id = h("val[$unique_idf][" . bracket_escape($key) . "]");
|
||||||
$value = $_POST["val"][$unique_idf][bracket_escape($key)];
|
$value = $_POST["val"][$unique_idf][bracket_escape($key)];
|
||||||
|
|
Loading…
Reference in a new issue