beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Rename variables to avoid conflict with Adminer 2 sessions and enabled register_globals

Browse source
This commit is contained in:
Jakub Vrana 2010-10-15 10:58:08 +02:00
parent d69e8c4b08
commit 49565e0563
9 changed files with 34 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
adminer/database.inc.php
View file

@ -10,11 +10,11 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
$_GET["db"] = $_POST["name"];
queries_redirect(preg_replace('~db=[^&]*&~', '', ME) . "db=" . urlencode($_POST["name"]), lang('Database has been renamed.'), rename_database($_POST["name"], $_POST["collation"]));
} else {
$dbs = explode("\n", str_replace("\r", "", $_POST["name"]));
$databases = explode("\n", str_replace("\r", "", $_POST["name"]));
$success = true;
$last = "";
foreach ($dbs as $db) {
if (count($dbs) == 1 || $db != "") { // ignore empty lines but always try to create single database
foreach ($databases as $db) {
if (count($databases) == 1 || $db != "") { // ignore empty lines but always try to create single database
if (!create_database($db, $_POST["collation"])) {
$success = false;
}

6
adminer/db.inc.php
View file

@ -76,10 +76,10 @@ if ($_GET["ns"] !== "") {
echo "</table>\n";
if (!information_schema(DB)) {
echo "<p><input type='hidden' name='token' value='$token'>" . ($jush == "sql" ? "<input type='submit' value='" . lang('Analyze') . "'> <input type='submit' name='optimize' value='" . lang('Optimize') . "'> <input type='submit' name='check' value='" . lang('Check') . "'> <input type='submit' name='repair' value='" . lang('Repair') . "'> " : "") . "<input type='submit' name='truncate' value='" . lang('Truncate') . "' onclick=\"return confirm('" . lang('Are you sure?') . " (' + formChecked(this, /tables/) + ')');\"> <input type='submit' name='drop' value='" . lang('Drop') . "' onclick=\"return confirm('" . lang('Are you sure?') . " (' + formChecked(this, /tables|views/) + ')');\">\n";
$dbs = (support("scheme") ? schemas() : get_databases());
if (count($dbs) != 1 && $jush != "sqlite") {
$databases = (support("scheme") ? schemas() : get_databases());
if (count($databases) != 1 && $jush != "sqlite") {
$db = (isset($_POST["target"]) ? $_POST["target"] : (support("scheme") ? $_GET["ns"] : DB));
echo "<p>" . lang('Move to other database') . ($dbs ? ": " . html_select("target", $dbs, $db) : ': <input name="target" value="' . h($db) . '">') . " <input type='submit' name='move' value='" . lang('Move') . "'>\n";
echo "<p>" . lang('Move to other database') . ($databases ? ": " . html_select("target", $databases, $db) : ': <input name="target" value="' . h($db) . '">') . " <input type='submit' name='move' value='" . lang('Move') . "'>\n";
}
}
echo "</form>\n";

6
adminer/drivers/mysql.inc.php
View file

@ -266,7 +266,7 @@ if (!defined("DRIVER")) {
*/
function get_databases($flush = true) {
// SHOW DATABASES can take a very long time so it is cached
$return = &get_session("databases");
$return = &get_session("dbs");
if (!isset($return)) {
if ($flush) {
restart_session();
@ -523,7 +523,7 @@ if (!defined("DRIVER")) {
* @return string
*/
function create_database($db, $collation) {
set_session("databases", null);
set_session("dbs", null);
return queries("CREATE DATABASE " . idf_escape($db) . ($collation ? " COLLATE " . q($collation) : ""));
}
@ -532,7 +532,7 @@ if (!defined("DRIVER")) {
* @return bool
*/
function drop_databases($databases) {
set_session("databases", null);
set_session("dbs", null);
return apply_queries("DROP DATABASE", $databases, 'idf_escape');
}

6
adminer/include/adminer.inc.php
View file

@ -14,7 +14,7 @@ class Adminer {
* @return array ($server, $username, $password)
*/
function credentials() {
return array(SERVER, $_GET["username"], get_session("passwords"));
return array(SERVER, $_GET["username"], get_session("pwds"));
}
/** Get key used for permanent login
@ -386,7 +386,7 @@ document.getElementById('username').focus();
global $jush;
restart_session();
$id = "sql-" . count($_SESSION["messages"]);
$history = &get_session("history");
$history = &get_session("queries");
$history[$_GET["db"]][] = (strlen($query) > 1e6 // not DB - reset in drop database
? ereg_replace('[\x80-\xFF]+$', '', substr($query, 0, 1e6)) . "\n..." // [\x80-\xFF] - valid UTF-8, \n - can end by one-line comment
: $query
@ -498,7 +498,7 @@ document.getElementById('username').focus();
<?php
if ($missing == "auth") {
$first = true;
foreach ((array) $_SESSION["passwords"] as $driver => $servers) {
foreach ((array) $_SESSION["pwds"] as $driver => $servers) {
foreach ($servers as $server => $usernames) {
foreach ($usernames as $username => $password) {
if (isset($password)) {

12
adminer/include/auth.inc.php
View file

@ -22,7 +22,7 @@ if ($_COOKIE["adminer_permanent"]) {
if (isset($_POST["server"])) {
session_regenerate_id(); // defense against session fixation
$_SESSION["passwords"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
$_SESSION["pwds"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
if ($_POST["permanent"]) {
$key = base64_encode($_POST["driver"]) . "-" . base64_encode($_POST["server"]) . "-" . base64_encode($_POST["username"]);
$private = $adminer->permanentLogin();
@ -42,7 +42,7 @@ if (isset($_POST["server"])) {
page_footer("db");
exit;
} else {
foreach (array("passwords", "databases", "history") as $key) {
foreach (array("pwds", "dbs", "queries") as $key) {
set_session($key, null);
}
$key = base64_encode(DRIVER) . "-" . base64_encode(SERVER) . "-" . base64_encode($_GET["username"]);
@ -52,13 +52,13 @@ if (isset($_POST["server"])) {
}
redirect(substr(preg_replace('~(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
}
} elseif ($permanent && !$_SESSION["passwords"]) {
} elseif ($permanent && !$_SESSION["pwds"]) {
session_regenerate_id();
$private = $adminer->permanentLogin(); // try to decode even if not set
foreach ($permanent as $key => $val) {
list(, $cipher) = explode(":", $val);
list($driver, $server, $username) = array_map('base64_decode', explode("-", $key));
$_SESSION["passwords"][$driver][$server][$username] = decrypt_string(base64_decode($cipher), $private);
$_SESSION["pwds"][$driver][$server][$username] = decrypt_string(base64_decode($cipher), $private);
}
}
@ -72,7 +72,7 @@ function auth_error($exception = null) {
if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$token) {
$error = lang('Session expired, please login again.');
} else {
$password = &get_session("passwords");
$password = &get_session("pwds");
if (isset($password)) {
$error = h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.')));
$password = null;
@ -92,7 +92,7 @@ function auth_error($exception = null) {
if (isset($_GET["username"]) && class_exists("Min_DB")) { // doesn't exists with passing wrong driver
$connection = connect();
}
if (is_string($connection) || !$adminer->login($_GET["username"], get_session("passwords"))) {
if (is_string($connection) || !$adminer->login($_GET["username"], get_session("pwds"))) {
auth_error();
exit;
}

4
adminer/include/connect.inc.php
View file

@ -6,7 +6,7 @@ function connect_error() {
page_header(lang('Database') . ": " . h(DB), lang('Invalid database.'), true);
} else {
if ($_POST["db"] && !$error) {
set_session("databases", null);
set_session("dbs", null);
queries_redirect(substr(ME, 0, -1), lang('Databases have been dropped.'), drop_databases($_POST["db"]));
}
@ -56,7 +56,7 @@ if (isset($_GET["status"])) {
}
if (!(DB != "" ? $connection->select_db(DB) : isset($_GET["sql"]) || isset($_GET["dump"]) || isset($_GET["database"]) || isset($_GET["processlist"]) || isset($_GET["privileges"]) || isset($_GET["user"]) || isset($_GET["variables"]))) {
if (DB != "") {
set_session("databases", null);
set_session("dbs", null);
}
connect_error(); // separate function to catch SQLite error
exit;

2
adminer/include/design.inc.php
View file

@ -63,7 +63,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
echo "<div class='message'>" . implode("</div>\n<div class='message'>", $_SESSION["messages"]) . "</div>\n";
$_SESSION["messages"] = array();
}
$databases = &get_session("databases");
$databases = &get_session("dbs");
if (DB != "" && $databases && !in_array(DB, $databases, true)) {
$databases = null;
}

16
adminer/sql.inc.php
View file

@ -1,6 +1,6 @@
<?php
restart_session();
$history_all = &get_session("history");
$history_all = &get_session("queries");
$history = &$history_all[DB];
if (!$error && $_POST["clear"]) {
$history = array();
@ -39,7 +39,7 @@ if (!$error && $_POST) {
if (is_object($connection2) && DB != "") {
$connection2->select_db(DB);
}
$queries = 0;
$commands = 0;
$errors = "";
while ($query != "") {
if (!$offset && preg_match('~^\\s*DELIMITER\\s+(.+)~i', $query, $match)) {
@ -58,15 +58,15 @@ if (!$error && $_POST) {
if (!$found || $found == $delimiter) { // end of a query
$empty = false;
$q = substr($query, 0, $match[0][1]);
$queries++;
echo "<pre class='jush-$jush' id='sql-$queries'>" . shorten_utf8(trim($q), 1000) . "</pre>\n";
$commands++;
echo "<pre class='jush-$jush' id='sql-$commands'>" . shorten_utf8(trim($q), 1000) . "</pre>\n";
ob_flush();
flush(); // can take a long time - show the running query
$start = explode(" ", microtime()); // microtime(true) is available since PHP 5
//! don't allow changing of character_set_results, convert encoding of displayed query
if (!$connection->multi_query($q)) {
echo "<p class='error'>" . lang('Error in query') . ": " . error() . "\n";
$errors .= " <a href='#sql-$queries'>$queries</a>";
$errors .= " <a href='#sql-$commands'>$commands</a>";
if ($_POST["error_stops"]) {
break;
}
@ -82,7 +82,7 @@ if (!$error && $_POST) {
select($result, $connection2);
echo "<p>" . ($result->num_rows ? lang('%d row(s)', $result->num_rows) : "") . $time;
if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q)) {
$id = "explain-$queries";
$id = "explain-$commands";
echo ", <a href='#$id' onclick=\"return !toggle('$id');\">EXPLAIN</a>\n";
echo "<div id='$id' class='hidden'>\n";
select(explain($connection2, $q));
@ -91,7 +91,7 @@ if (!$error && $_POST) {
} else {
if (preg_match("~^$space*(CREATE|DROP|ALTER)$space+(DATABASE|SCHEMA)\\b~isU", $q)) {
restart_session();
set_session("databases", null); // clear cache
set_session("dbs", null); // clear cache
session_write_close();
}
echo "<p class='message' title='" . h($connection->info) . "'>" . lang('Query executed OK, %d row(s) affected.', $connection->affected_rows) . "$time\n";
@ -115,7 +115,7 @@ if (!$error && $_POST) {
}
}
}
if ($errors && $queries > 1) {
if ($errors && $commands > 1) {
echo "<p class='error'>" . lang('Error in query') . ": $errors\n";
}
if ($empty) {

10
editor/include/adminer.inc.php
View file

@ -10,7 +10,7 @@ class Adminer {
//! driver, ns
function credentials() {
return array(SERVER, $_GET["username"], get_session("passwords"));
return array(SERVER, $_GET["username"], get_session("pwds"));
}
function permanentLogin() {
@ -19,10 +19,10 @@ class Adminer {
function database() {
global $connection;
$dbs = get_databases(false);
return (!$dbs
$databases = get_databases(false);
return (!$databases
? $connection->result("SELECT SUBSTRING_INDEX(CURRENT_USER, '@', 1)") // username without the database list
: $dbs[(information_schema($dbs[0]) ? 1 : 0)] // first available database
: $databases[(information_schema($databases[0]) ? 1 : 0)] // first available database
);
}
@ -441,7 +441,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
<?php
if ($missing == "auth") {
$first = true;
foreach ((array) $_SESSION["passwords"]["server"][""] as $username => $password) {
foreach ((array) $_SESSION["pwds"]["server"][""] as $username => $password) {
if (isset($password)) {
if ($first) {
echo "<p>\n";