From 3e9b1ba19f2ffd4f9c70a84b7dde052cf20a917e Mon Sep 17 00:00:00 2001 From: jakubvrana Date: Sat, 21 Nov 2009 09:08:52 +0000 Subject: [PATCH] Don't store files in hidden fields git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1250 7c3ca157-0c34-0410-bff1-cbf682f78f5c --- adminer/include/auth.inc.php | 3 --- adminer/include/functions.inc.php | 14 ++------------ 2 files changed, 2 insertions(+), 15 deletions(-) diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php index ff35f694..a5c7d7b6 100644 --- a/adminer/include/auth.inc.php +++ b/adminer/include/auth.inc.php @@ -41,9 +41,6 @@ function auth_error($exception = null) { $adminer->loginForm($username); echo "

\n"; hidden_fields($_POST, array("server", "username", "password")); // expired session - foreach ($_FILES as $key => $val) { - echo ''; - } echo "\n\n"; page_footer("auth"); } diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php index 60f57800..c9b5a1b7 100644 --- a/adminer/include/functions.inc.php +++ b/adminer/include/functions.inc.php @@ -296,22 +296,12 @@ function pagination($page) { return " " . ($page == $_GET["page"] ? $page + 1 : '' . ($page + 1) . ""); } -/** Get file contents from $_FILES or $_POST["files"] +/** Get file contents from $_FILES * @param string * @param bool -* @return string +* @return mixed int for error, string otherwise */ function get_file($key, $decompress = false) { - // returns int for error, string otherwise - $file = $_POST["files"][$key]; - if (isset($file)) { - // get the file from hidden field if the user was logged out - $length = strlen($file); - if ($length && $length < 4) { - return intval($file); - } - return base64_decode($file); - } $file = $_FILES[$key]; if (!$file || $file["error"]) { return $file["error"];