From 4d38c7d9635fb008af11dd4ced1ff9193f034693 Mon Sep 17 00:00:00 2001 From: jakubvrana Date: Tue, 18 Mar 2008 10:29:20 +0000 Subject: [PATCH] Protection against big POST data git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@373 7c3ca157-0c34-0410-bff1-cbf682f78f5c --- abstraction.inc.php | 2 +- call.inc.php | 4 +++- create.inc.php | 5 +++-- database.inc.php | 7 ++++--- edit.inc.php | 4 +++- editing.inc.php | 4 ++-- foreign.inc.php | 6 +++--- functions.inc.php | 2 +- index.php | 10 +++++++--- indexes.inc.php | 7 ++++--- lang/cs.inc.php | 1 + procedure.inc.php | 6 +++--- processlist.inc.php | 3 +-- select.inc.php | 4 ++-- sql.inc.php | 5 ++--- trigger.inc.php | 5 +++-- user.inc.php | 5 +++-- 17 files changed, 46 insertions(+), 34 deletions(-) diff --git a/abstraction.inc.php b/abstraction.inc.php index aa56905e..36ac7385 100644 --- a/abstraction.inc.php +++ b/abstraction.inc.php @@ -195,7 +195,7 @@ if (extension_loaded("mysqli")) { } else { page_header(lang('No MySQL extension'), null); - echo "

" . lang('None of supported PHP extensions (%s) are available.', 'mysqli, mysql, pdo') . "

\n"; + echo "

" . lang('None of supported PHP extensions (%s) are available.', 'MySQLi, MySQL, PDO') . "

\n"; page_footer("auth"); exit; } diff --git a/call.inc.php b/call.inc.php index b805e5bc..d56489e3 100644 --- a/call.inc.php +++ b/call.inc.php @@ -13,7 +13,9 @@ foreach ($routine["fields"] as $i => $field) { } } -if ($_POST) { +if ($error) { + echo "

" . htmlspecialchars($error) . "

\n"; +} elseif ($_POST) { $call = array(); foreach ($routine["fields"] as $key => $field) { if (in_array($key, $in)) { diff --git a/create.inc.php b/create.inc.php index ebb430ce..440c37eb 100644 --- a/create.inc.php +++ b/create.inc.php @@ -65,14 +65,15 @@ while ($row = $result->fetch_assoc()) { } $result->free(); +if ($error) { + echo "

" . lang('Unable to operate table') . ": " . htmlspecialchars($error) . "

\n"; +} if ($_POST) { $row = $_POST; ksort($row["fields"]); $row["fields"] = array_values($row["fields"]); if ($_POST["add"]) { array_splice($row["fields"], key($_POST["add"]), 0, array(array())); - } elseif (!$_POST["drop_col"]) { - echo "

" . lang('Unable to operate table') . ": " . htmlspecialchars($error) . "

\n"; } if ($row["auto_increment_col"]) { $row["fields"][$row["auto_increment_col"] - 1]["auto_increment"] = true; diff --git a/database.inc.php b/database.inc.php index b7243fef..353f7d73 100644 --- a/database.inc.php +++ b/database.inc.php @@ -28,12 +28,13 @@ if ($_POST && !$error) { } $error = $mysql->error; } - page_header(strlen($_GET["db"]) ? lang('Alter database') : lang('Create database'), array(), $_GET["db"]); -$collations = collations(); -if ($_POST) { +$collations = collations(); +if ($error) { echo "

" . lang('Unable to operate database') . ": " . htmlspecialchars($error) . "

\n"; +} +if ($_POST) { $name = $_POST["name"]; $collate = $_POST["collation"]; } else { diff --git a/edit.inc.php b/edit.inc.php index 2bace030..c673a26e 100644 --- a/edit.inc.php +++ b/edit.inc.php @@ -43,8 +43,10 @@ if ($_POST && !$error) { } page_header((isset($_GET["default"]) ? lang('Default values') : ($_GET["where"] ? lang('Edit') : lang('Insert'))), array((isset($_GET["default"]) ? "table" : "select") => $_GET["edit"]), $_GET["edit"]); -if ($_POST) { +if ($error) { echo "

" . lang('Error during saving') . ": " . htmlspecialchars($error) . "

\n"; +} +if ($_POST) { $row = (array) $_POST["fields"]; foreach ((array) $_POST["null"] as $key => $val) { $row[$key] = null; diff --git a/editing.inc.php b/editing.inc.php index 7b2c4c98..66492055 100644 --- a/editing.inc.php +++ b/editing.inc.php @@ -51,8 +51,8 @@ function process_input($name, $field) { return (isset($_GET["default"]) ? "'" . implode(",", array_map(array($mysql, 'escape_string'), (array) $value)) . "'" : array_sum((array) $value)); } elseif (preg_match('~binary|blob~', $field["type"])) { $file = get_file($name); - if (!is_string($file) && !$field["null"]) { - return false; //! report errors, also empty $_POST (too big POST data, not only FILES) + if (!is_string($file) && ($file != UPLOAD_ERR_NO_FILE || !$field["null"])) { + return false; //! report errors } return "_binary'" . (is_string($file) ? $mysql->escape_string($file) : "") . "'"; } elseif ($field["type"] == "timestamp" && $value == "CURRENT_TIMESTAMP") { diff --git a/foreign.inc.php b/foreign.inc.php index ceb4b01b..03ee1072 100644 --- a/foreign.inc.php +++ b/foreign.inc.php @@ -24,7 +24,6 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["change"] && !$_POST["change- } $error = $mysql->error; } - page_header(lang('Foreign key'), array("table" => $_GET["foreign"]), $_GET["foreign"]); $tables = array(); @@ -36,6 +35,9 @@ while ($row = $result->fetch_assoc()) { } $result->free(); +if ($error) { + echo "

" . lang('Unable to operate foreign keys') . ": " . htmlspecialchars($error) . "

\n"; +} if ($_POST) { $row = $_POST; ksort($row["source"]); @@ -43,8 +45,6 @@ if ($_POST) { $row["source"][] = ""; } elseif ($_POST["change"] || $_POST["change-js"]) { $row["target"] = array(); - } else { - echo "

" . lang('Unable to operate foreign keys') . ": " . htmlspecialchars($error) . "

\n"; } } elseif (strlen($_GET["name"])) { $foreign_keys = foreign_keys($_GET["foreign"]); diff --git a/functions.inc.php b/functions.inc.php index 6a5291a9..12c869c7 100644 --- a/functions.inc.php +++ b/functions.inc.php @@ -204,7 +204,7 @@ function remove_from_uri($param = "") { function get_file($key) { if (isset($_POST["files"][$key])) { $length = strlen($_POST["files"][$key]); - return ($length & $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key])); + return ($length && $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key])); } return (!$_FILES[$key] || $_FILES[$key]["error"] ? $_FILES[$key]["error"] : file_get_contents($_FILES[$key]["tmp_name"])); } diff --git a/index.php b/index.php index 27859d9b..4b747c54 100644 --- a/index.php +++ b/index.php @@ -1,5 +1,5 @@ ' . lang('Alter database') . "

\n"; echo '

' . lang('Database schema') . "

\n"; diff --git a/indexes.inc.php b/indexes.inc.php index e1acd43e..4e8ccaf5 100644 --- a/indexes.inc.php +++ b/indexes.inc.php @@ -40,12 +40,13 @@ if ($_POST && !$error && !$_POST["add"]) { } page_header(lang('Indexes'), array("table" => $_GET["indexes"]), $_GET["indexes"]); +if ($error) { + echo "

" . lang('Unable to operate indexes') . ": " . htmlspecialchars($error) . "

\n"; +} $fields = array_keys(fields($_GET["indexes"])); if ($_POST) { $row = $_POST; - if (!$_POST["add"]) { - echo "

" . lang('Unable to operate indexes') . ": " . htmlspecialchars($error) . "

\n"; - } else { + if ($_POST["add"]) { foreach ($row["indexes"] as $key => $index) { if (strlen($index["columns"][count($index["columns"])])) { $row["indexes"][$key]["columns"][] = ""; diff --git a/lang/cs.inc.php b/lang/cs.inc.php index ad82bae8..7fa3723e 100644 --- a/lang/cs.inc.php +++ b/lang/cs.inc.php @@ -167,4 +167,5 @@ $translations = array( 'all' => 'vše', 'Delete selected' => 'Smazat označené', 'Truncate table' => 'Promazat tabulku', + 'Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.' => 'Příliš velká POST data. Zmenšete data nebo zvyšte hodnotu konfigurační direktivy "post_max_size".', ); diff --git a/procedure.inc.php b/procedure.inc.php index f80384e4..e9629ce0 100644 --- a/procedure.inc.php +++ b/procedure.inc.php @@ -29,12 +29,14 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"]) { } $error = $mysql->error; } - page_header(strlen($_GET["procedure"]) ? (isset($_GET["function"]) ? lang('Alter function') : lang('Alter procedure')) . ": " . htmlspecialchars($_GET["procedure"]) : (isset($_GET["function"]) ? lang('Create function') : lang('Create procedure')) ); +if ($error) { + echo "

" . lang('Unable to operate routine') . ": " . htmlspecialchars($error) . "

\n"; +} $collations = get_vals("SHOW CHARACTER SET"); if ($_POST) { $row = $_POST; @@ -43,8 +45,6 @@ if ($_POST) { $row["fields"] = array_values($row["fields"]); if ($_POST["add"]) { array_splice($row["fields"], key($_POST["add"]), 0, array(array())); - } elseif (!$_POST["drop_col"]) { - echo "

" . lang('Unable to operate routine') . ": " . htmlspecialchars($error) . "

\n"; } } elseif (strlen($_GET["procedure"])) { $row = routine($_GET["procedure"], $routine); diff --git a/processlist.inc.php b/processlist.inc.php index f8dfc170..1cd3dabd 100644 --- a/processlist.inc.php +++ b/processlist.inc.php @@ -11,10 +11,9 @@ if ($_POST && !$error) { } $error = $mysql->error; } - page_header(lang('Process list')); -if ($_POST) { +if ($error) { echo "

" . lang('Unable to kill process') . ": " . htmlspecialchars($error) . "

\n"; } ?> diff --git a/select.inc.php b/select.inc.php index 27671835..1476606c 100644 --- a/select.inc.php +++ b/select.inc.php @@ -83,9 +83,9 @@ if ($_POST && !$error) { } $error = $mysql->error; } - page_header(lang('Select') . ": " . htmlspecialchars($_GET["select"])); -if ($_POST) { + +if ($error) { echo "

" . lang('Error during deleting') . ": " . htmlspecialchars($error) . "

\n"; } diff --git a/sql.inc.php b/sql.inc.php index b6088ae4..d461584c 100644 --- a/sql.inc.php +++ b/sql.inc.php @@ -3,11 +3,10 @@ if (isset($_POST["query"])) { setcookie("highlight", $_POST["highlight"], strtotime("+1 month"), preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])); $_COOKIE["highlight"] = $_POST["highlight"]; } - page_header(lang('SQL command')); -if ($_POST && $error) { - echo "

$error

\n"; +if ($error) { + echo "

" . htmlspecialchars($error) . "

\n"; } elseif ($_POST && is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) { $delimiter = ";"; $offset = 0; diff --git a/trigger.inc.php b/trigger.inc.php index b74b3962..4a72bd5c 100644 --- a/trigger.inc.php +++ b/trigger.inc.php @@ -19,12 +19,13 @@ if ($_POST && !$error) { } $error = $mysql->error; } - page_header(strlen($_GET["name"]) ? lang('Alter trigger') . ": " . htmlspecialchars($_GET["name"]) : lang('Create trigger'), array("table" => $_GET["trigger"])); +if ($error) { + echo "

" . lang('Unable to operate trigger') . ": " . htmlspecialchars($error) . "

\n"; +} if ($_POST) { $row = $_POST; - echo "

" . lang('Unable to operate trigger') . ": " . htmlspecialchars($error) . "

\n"; } elseif (strlen($_GET["name"])) { $result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($_GET["trigger"], "%_")) . "'"); while ($row = $result->fetch_assoc()) { diff --git a/user.inc.php b/user.inc.php index 6bd8c784..e74d1e70 100644 --- a/user.inc.php +++ b/user.inc.php @@ -117,13 +117,14 @@ if ($_POST && !$error) { $error = $mysql->error; } } - page_header((isset($_GET["host"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[user]@$_GET[host]") : lang('Create user')), array("privileges" => lang('Privileges'))); +if ($error) { + echo "

" . lang('Unable to operate user') . ": " . htmlspecialchars($error) . "

\n"; +} if ($_POST) { $row = $_POST; $grants = $new_grants; - echo "

" . lang('Unable to operate user') . ": " . htmlspecialchars($error) . "

\n"; } else { $row = $_GET + array("host" => "localhost"); $row["pass"] = $old_pass;