Protection against big POST data

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@373 7c3ca157-0c34-0410-bff1-cbf682f78f5c
2008-03-18 10:29:20 +00:00 · 2008-03-18 10:29:20 +00:00 · 4d38c7d963
parent c54ba01361
commit 4d38c7d963
17 changed files with 46 additions and 34 deletions
--- a/abstraction.inc.php
+++ b/abstraction.inc.php
@ -195,7 +195,7 @@ if (extension_loaded("mysqli")) {

 } else {
 	page_header(lang('No MySQL extension'), null);
-	echo "<p class='error'>" . lang('None of supported PHP extensions (%s) are available.', 'mysqli, mysql, pdo') . "</p>\n";
+	echo "<p class='error'>" . lang('None of supported PHP extensions (%s) are available.', 'MySQLi, MySQL, PDO') . "</p>\n";
 	page_footer("auth");
 	exit;
 }
--- a/call.inc.php
+++ b/call.inc.php
@ -13,7 +13,9 @@ foreach ($routine["fields"] as $i => $field) {
 	}
 }

-if ($_POST) {
+if ($error) {
+	echo "<p class='error'>" . htmlspecialchars($error) . "</p>\n";
+} elseif ($_POST) {
 	$call = array();
 	foreach ($routine["fields"] as $key => $field) {
 		if (in_array($key, $in)) {
--- a/create.inc.php
+++ b/create.inc.php
@ -65,14 +65,15 @@ while ($row = $result->fetch_assoc()) {
 }
 $result->free();

+if ($error) {
+	echo "<p class='error'>" . lang('Unable to operate table') . ": " . htmlspecialchars($error) . "</p>\n";
+}
 if ($_POST) {
 	$row = $_POST;
 	ksort($row["fields"]);
 	$row["fields"] = array_values($row["fields"]);
 	if ($_POST["add"]) {
 		array_splice($row["fields"], key($_POST["add"]), 0, array(array()));
-	} elseif (!$_POST["drop_col"]) {
-		echo "<p class='error'>" . lang('Unable to operate table') . ": " . htmlspecialchars($error) . "</p>\n";
 	}
 	if ($row["auto_increment_col"]) {
 		$row["fields"][$row["auto_increment_col"] - 1]["auto_increment"] = true;
--- a/database.inc.php
+++ b/database.inc.php
@ -28,12 +28,13 @@ if ($_POST && !$error) {
 	}
 	$error = $mysql->error;
 }
-
 page_header(strlen($_GET["db"]) ? lang('Alter database') : lang('Create database'), array(), $_GET["db"]);
-$collations = collations();

-if ($_POST) {
+$collations = collations();
+if ($error) {
 	echo "<p class='error'>" . lang('Unable to operate database') . ": " . htmlspecialchars($error) . "</p>\n";
+}
+if ($_POST) {
 	$name = $_POST["name"];
 	$collate = $_POST["collation"];
 } else {
--- a/edit.inc.php
+++ b/edit.inc.php
@ -43,8 +43,10 @@ if ($_POST && !$error) {
 }
 page_header((isset($_GET["default"]) ? lang('Default values') : ($_GET["where"] ? lang('Edit') : lang('Insert'))), array((isset($_GET["default"]) ? "table" : "select") => $_GET["edit"]), $_GET["edit"]);

-if ($_POST) {
+if ($error) {
 	echo "<p class='error'>" . lang('Error during saving') . ": " . htmlspecialchars($error) . "</p>\n";
+}
+if ($_POST) {
 	$row = (array) $_POST["fields"];
 	foreach ((array) $_POST["null"] as $key => $val) {
 		$row[$key] = null;
--- a/editing.inc.php
+++ b/editing.inc.php
@ -51,8 +51,8 @@ function process_input($name, $field) {
 		return (isset($_GET["default"]) ? "'" . implode(",", array_map(array($mysql, 'escape_string'), (array) $value)) . "'" : array_sum((array) $value));
 	} elseif (preg_match('~binary|blob~', $field["type"])) {
 		$file = get_file($name);
-		if (!is_string($file) && !$field["null"]) {
-			return false; //! report errors, also empty $_POST (too big POST data, not only FILES)
+		if (!is_string($file) && ($file != UPLOAD_ERR_NO_FILE || !$field["null"])) {
+			return false; //! report errors
 		}
 		return "_binary'" . (is_string($file) ? $mysql->escape_string($file) : "") . "'";
 	} elseif ($field["type"] == "timestamp" && $value == "CURRENT_TIMESTAMP") {
--- a/foreign.inc.php
+++ b/foreign.inc.php
@ -24,7 +24,6 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["change"] && !$_POST["change-
 	}
 	$error = $mysql->error;
 }
-
 page_header(lang('Foreign key'), array("table" => $_GET["foreign"]), $_GET["foreign"]);

 $tables = array();
@ -36,6 +35,9 @@ while ($row = $result->fetch_assoc()) {
 }
 $result->free();

+if ($error) {
+	echo "<p class='error'>" . lang('Unable to operate foreign keys') . ": " . htmlspecialchars($error) . "</p>\n";
+}
 if ($_POST) {
 	$row = $_POST;
 	ksort($row["source"]);
@ -43,8 +45,6 @@ if ($_POST) {
 		$row["source"][] = "";
 	} elseif ($_POST["change"] || $_POST["change-js"]) {
 		$row["target"] = array();
-	} else {
-		echo "<p class='error'>" . lang('Unable to operate foreign keys') . ": " . htmlspecialchars($error) . "</p>\n";
 	}
 } elseif (strlen($_GET["name"])) {
 	$foreign_keys = foreign_keys($_GET["foreign"]);
--- a/functions.inc.php
+++ b/functions.inc.php
@ -204,7 +204,7 @@ function remove_from_uri($param = "") {
 function get_file($key) {
 	if (isset($_POST["files"][$key])) {
 		$length = strlen($_POST["files"][$key]);
-		return ($length & $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key]));
+		return ($length && $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key]));
 	}
 	return (!$_FILES[$key] || $_FILES[$key]["error"] ? $_FILES[$key]["error"] : file_get_contents($_FILES[$key]["tmp_name"]));
 }
--- a/index.php
+++ b/index.php
@ -1,5 +1,5 @@
 <?php
-/** phpMinAdmin - MySQL management tool
+/** phpMinAdmin - Compact MySQL management
 * @link http://phpminadmin.sourceforge.net
 * @author Jakub Vrana, http://php.vrana.cz
 * @copyright 2007 Jakub Vrana
@ -50,8 +50,13 @@ if (isset($_GET["dump"])) {
 		include "./privileges.inc.php";
 	} else { // uses CSRF token
 		include "./editing.inc.php";
+		$error = "";
 		if ($_POST) {
-			$error = (in_array($_POST["token"], (array) $TOKENS) ? "" : lang('Invalid CSRF token. Send the form again.'));
+			if (!in_array($_POST["token"], (array) $TOKENS)) {
+				$error = lang('Invalid CSRF token. Send the form again.');
+			}
+		} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
+			$error = lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.');
 		}
 		$token = ($_POST && !$error ? $_POST["token"] : token());
 		if (isset($_GET["default"])) {
@ -90,7 +95,6 @@ if (isset($_GET["dump"])) {
 		} elseif (isset($_GET["select"])) {
 			include "./select.inc.php";
 		} else {
-			$TOKENS = array();
 			page_header(lang('Database') . ": " . htmlspecialchars($_GET["db"]), false);
 			echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
 			echo '<p><a href="' . htmlspecialchars($SELF) . 'schema=">' . lang('Database schema') . "</a></p>\n";
--- a/indexes.inc.php
+++ b/indexes.inc.php
@ -40,12 +40,13 @@ if ($_POST && !$error && !$_POST["add"]) {
 }
 page_header(lang('Indexes'), array("table" => $_GET["indexes"]), $_GET["indexes"]);

+if ($error) {
+	echo "<p class='error'>" . lang('Unable to operate indexes') . ": " . htmlspecialchars($error) . "</p>\n";
+}
 $fields = array_keys(fields($_GET["indexes"]));
 if ($_POST) {
 	$row = $_POST;
-	if (!$_POST["add"]) {
-		echo "<p class='error'>" . lang('Unable to operate indexes') . ": " . htmlspecialchars($error) . "</p>\n";
-	} else {
+	if ($_POST["add"]) {
 		foreach ($row["indexes"] as $key => $index) {
 			if (strlen($index["columns"][count($index["columns"])])) {
 				$row["indexes"][$key]["columns"][] = "";
--- a/lang/cs.inc.php
+++ b/lang/cs.inc.php
@ -167,4 +167,5 @@ $translations = array(
 	'all' => 'vše',
 	'Delete selected' => 'Smazat označené',
 	'Truncate table' => 'Promazat tabulku',
+	'Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.' => 'Příliš velká POST data. Zmenšete data nebo zvyšte hodnotu konfigurační direktivy "post_max_size".',
 );
--- a/procedure.inc.php
+++ b/procedure.inc.php
@ -29,12 +29,14 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"]) {
 	}
 	$error = $mysql->error;
 }
-
 page_header(strlen($_GET["procedure"])
 ? (isset($_GET["function"]) ? lang('Alter function') : lang('Alter procedure')) . ": " . htmlspecialchars($_GET["procedure"])
 : (isset($_GET["function"]) ? lang('Create function') : lang('Create procedure'))
 );

+if ($error) {
+	echo "<p class='error'>" . lang('Unable to operate routine') . ": " . htmlspecialchars($error) . "</p>\n";
+}
 $collations = get_vals("SHOW CHARACTER SET");
 if ($_POST) {
 	$row = $_POST;
@ -43,8 +45,6 @@ if ($_POST) {
 	$row["fields"] = array_values($row["fields"]);
 	if ($_POST["add"]) {
 		array_splice($row["fields"], key($_POST["add"]), 0, array(array()));
-	} elseif (!$_POST["drop_col"]) {
-		echo "<p class='error'>" . lang('Unable to operate routine') . ": " . htmlspecialchars($error) . "</p>\n";
 	}
 } elseif (strlen($_GET["procedure"])) {
 	$row = routine($_GET["procedure"], $routine);
--- a/processlist.inc.php
+++ b/processlist.inc.php
@ -11,10 +11,9 @@ if ($_POST && !$error) {
 	}
 	$error = $mysql->error;
 }
-
 page_header(lang('Process list'));

-if ($_POST) {
+if ($error) {
 	echo "<p class='error'>" . lang('Unable to kill process') . ": " . htmlspecialchars($error) . "</p>\n";
 }
 ?>
--- a/select.inc.php
+++ b/select.inc.php
@ -83,9 +83,9 @@ if ($_POST && !$error) {
 	}
 	$error = $mysql->error;
 }
-
 page_header(lang('Select') . ": " . htmlspecialchars($_GET["select"]));
-if ($_POST) {
+
+if ($error) {
 	echo "<p class='error'>" . lang('Error during deleting') . ": " . htmlspecialchars($error) . "</p>\n";
 }

--- a/sql.inc.php
+++ b/sql.inc.php
@ -3,11 +3,10 @@ if (isset($_POST["query"])) {
 	setcookie("highlight", $_POST["highlight"], strtotime("+1 month"), preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]));
 	$_COOKIE["highlight"] = $_POST["highlight"];
 }
-
 page_header(lang('SQL command'));

-if ($_POST && $error) {
-	echo "<p class='error'>$error</p>\n";
+if ($error) {
+	echo "<p class='error'>" . htmlspecialchars($error) . "</p>\n";
 } elseif ($_POST && is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) {
 	$delimiter = ";";
 	$offset = 0;
--- a/trigger.inc.php
+++ b/trigger.inc.php
@ -19,12 +19,13 @@ if ($_POST && !$error) {
 	}
 	$error = $mysql->error;
 }
-
 page_header(strlen($_GET["name"]) ? lang('Alter trigger') . ": " . htmlspecialchars($_GET["name"]) : lang('Create trigger'), array("table" => $_GET["trigger"]));

+if ($error) {
+	echo "<p class='error'>" . lang('Unable to operate trigger') . ": " . htmlspecialchars($error) . "</p>\n";
+}
 if ($_POST) {
 	$row = $_POST;
-	echo "<p class='error'>" . lang('Unable to operate trigger') . ": " . htmlspecialchars($error) . "</p>\n";
 } elseif (strlen($_GET["name"])) {
 	$result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($_GET["trigger"], "%_")) . "'");
 	while ($row = $result->fetch_assoc()) {
--- a/user.inc.php
+++ b/user.inc.php
@ -117,13 +117,14 @@ if ($_POST && !$error) {
 		$error = $mysql->error;
 	}
 }
-
 page_header((isset($_GET["host"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[user]@$_GET[host]") : lang('Create user')), array("privileges" => lang('Privileges')));

+if ($error) {
+	echo "<p class='error'>" . lang('Unable to operate user') . ": " . htmlspecialchars($error) . "</p>\n";
+}
 if ($_POST) {
 	$row = $_POST;
 	$grants = $new_grants;
-	echo "<p class='error'>" . lang('Unable to operate user') . ": " . htmlspecialchars($error) . "</p>\n";
 } else {
 	$row = $_GET + array("host" => "localhost");
 	$row["pass"] = $old_pass;