Display CSRF logout error after connecting
Context: https://sourceforge.net/p/adminer/discussion/960418/thread/74e1d2d4bc/
This commit is contained in:
parent
922e1d96b0
commit
3d88cc2c8e
|
@ -73,18 +73,12 @@ if ($auth) {
|
|||
redirect(auth_url($vendor, $server, $username, $db));
|
||||
}
|
||||
|
||||
} elseif ($_POST["logout"]) {
|
||||
if ($has_token && !verify_token()) {
|
||||
page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
|
||||
page_footer("db");
|
||||
exit;
|
||||
} else {
|
||||
foreach (array("pwds", "db", "dbs", "queries") as $key) {
|
||||
set_session($key, null);
|
||||
}
|
||||
unset_permanent();
|
||||
redirect(substr(preg_replace('~\b(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.') . ' ' . lang('Thanks for using Adminer, consider <a href="https://www.adminer.org/en/donation/">donating</a>.'));
|
||||
} elseif ($_POST["logout"] && (!$has_token || verify_token())) {
|
||||
foreach (array("pwds", "db", "dbs", "queries") as $key) {
|
||||
set_session($key, null);
|
||||
}
|
||||
unset_permanent();
|
||||
redirect(substr(preg_replace('~\b(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.') . ' ' . lang('Thanks for using Adminer, consider <a href="https://www.adminer.org/en/donation/">donating</a>.'));
|
||||
|
||||
} elseif ($permanent && !$_SESSION["pwds"]) {
|
||||
session_regenerate_id();
|
||||
|
@ -176,6 +170,12 @@ if (!is_object($connection) || ($login = $adminer->login($_GET["username"], get_
|
|||
auth_error($error . (preg_match('~^ | $~', get_password()) ? '<br>' . lang('There is a space in the input password which might be the cause.') : ''));
|
||||
}
|
||||
|
||||
if ($_POST["logout"] && $has_token && !verify_token()) {
|
||||
page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
|
||||
page_footer("db");
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($auth && $_POST["token"]) {
|
||||
$_POST["token"] = $token; // reset token after explicit login
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue