Protection against big POST data
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@373 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
parent
c54ba01361
commit
4d38c7d963
|
@ -195,7 +195,7 @@ if (extension_loaded("mysqli")) {
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
page_header(lang('No MySQL extension'), null);
|
page_header(lang('No MySQL extension'), null);
|
||||||
echo "<p class='error'>" . lang('None of supported PHP extensions (%s) are available.', 'mysqli, mysql, pdo') . "</p>\n";
|
echo "<p class='error'>" . lang('None of supported PHP extensions (%s) are available.', 'MySQLi, MySQL, PDO') . "</p>\n";
|
||||||
page_footer("auth");
|
page_footer("auth");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
|
@ -13,7 +13,9 @@ foreach ($routine["fields"] as $i => $field) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($_POST) {
|
if ($error) {
|
||||||
|
echo "<p class='error'>" . htmlspecialchars($error) . "</p>\n";
|
||||||
|
} elseif ($_POST) {
|
||||||
$call = array();
|
$call = array();
|
||||||
foreach ($routine["fields"] as $key => $field) {
|
foreach ($routine["fields"] as $key => $field) {
|
||||||
if (in_array($key, $in)) {
|
if (in_array($key, $in)) {
|
||||||
|
|
|
@ -65,14 +65,15 @@ while ($row = $result->fetch_assoc()) {
|
||||||
}
|
}
|
||||||
$result->free();
|
$result->free();
|
||||||
|
|
||||||
|
if ($error) {
|
||||||
|
echo "<p class='error'>" . lang('Unable to operate table') . ": " . htmlspecialchars($error) . "</p>\n";
|
||||||
|
}
|
||||||
if ($_POST) {
|
if ($_POST) {
|
||||||
$row = $_POST;
|
$row = $_POST;
|
||||||
ksort($row["fields"]);
|
ksort($row["fields"]);
|
||||||
$row["fields"] = array_values($row["fields"]);
|
$row["fields"] = array_values($row["fields"]);
|
||||||
if ($_POST["add"]) {
|
if ($_POST["add"]) {
|
||||||
array_splice($row["fields"], key($_POST["add"]), 0, array(array()));
|
array_splice($row["fields"], key($_POST["add"]), 0, array(array()));
|
||||||
} elseif (!$_POST["drop_col"]) {
|
|
||||||
echo "<p class='error'>" . lang('Unable to operate table') . ": " . htmlspecialchars($error) . "</p>\n";
|
|
||||||
}
|
}
|
||||||
if ($row["auto_increment_col"]) {
|
if ($row["auto_increment_col"]) {
|
||||||
$row["fields"][$row["auto_increment_col"] - 1]["auto_increment"] = true;
|
$row["fields"][$row["auto_increment_col"] - 1]["auto_increment"] = true;
|
||||||
|
|
|
@ -28,12 +28,13 @@ if ($_POST && !$error) {
|
||||||
}
|
}
|
||||||
$error = $mysql->error;
|
$error = $mysql->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
page_header(strlen($_GET["db"]) ? lang('Alter database') : lang('Create database'), array(), $_GET["db"]);
|
page_header(strlen($_GET["db"]) ? lang('Alter database') : lang('Create database'), array(), $_GET["db"]);
|
||||||
$collations = collations();
|
|
||||||
|
|
||||||
if ($_POST) {
|
$collations = collations();
|
||||||
|
if ($error) {
|
||||||
echo "<p class='error'>" . lang('Unable to operate database') . ": " . htmlspecialchars($error) . "</p>\n";
|
echo "<p class='error'>" . lang('Unable to operate database') . ": " . htmlspecialchars($error) . "</p>\n";
|
||||||
|
}
|
||||||
|
if ($_POST) {
|
||||||
$name = $_POST["name"];
|
$name = $_POST["name"];
|
||||||
$collate = $_POST["collation"];
|
$collate = $_POST["collation"];
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -43,8 +43,10 @@ if ($_POST && !$error) {
|
||||||
}
|
}
|
||||||
page_header((isset($_GET["default"]) ? lang('Default values') : ($_GET["where"] ? lang('Edit') : lang('Insert'))), array((isset($_GET["default"]) ? "table" : "select") => $_GET["edit"]), $_GET["edit"]);
|
page_header((isset($_GET["default"]) ? lang('Default values') : ($_GET["where"] ? lang('Edit') : lang('Insert'))), array((isset($_GET["default"]) ? "table" : "select") => $_GET["edit"]), $_GET["edit"]);
|
||||||
|
|
||||||
if ($_POST) {
|
if ($error) {
|
||||||
echo "<p class='error'>" . lang('Error during saving') . ": " . htmlspecialchars($error) . "</p>\n";
|
echo "<p class='error'>" . lang('Error during saving') . ": " . htmlspecialchars($error) . "</p>\n";
|
||||||
|
}
|
||||||
|
if ($_POST) {
|
||||||
$row = (array) $_POST["fields"];
|
$row = (array) $_POST["fields"];
|
||||||
foreach ((array) $_POST["null"] as $key => $val) {
|
foreach ((array) $_POST["null"] as $key => $val) {
|
||||||
$row[$key] = null;
|
$row[$key] = null;
|
||||||
|
|
|
@ -51,8 +51,8 @@ function process_input($name, $field) {
|
||||||
return (isset($_GET["default"]) ? "'" . implode(",", array_map(array($mysql, 'escape_string'), (array) $value)) . "'" : array_sum((array) $value));
|
return (isset($_GET["default"]) ? "'" . implode(",", array_map(array($mysql, 'escape_string'), (array) $value)) . "'" : array_sum((array) $value));
|
||||||
} elseif (preg_match('~binary|blob~', $field["type"])) {
|
} elseif (preg_match('~binary|blob~', $field["type"])) {
|
||||||
$file = get_file($name);
|
$file = get_file($name);
|
||||||
if (!is_string($file) && !$field["null"]) {
|
if (!is_string($file) && ($file != UPLOAD_ERR_NO_FILE || !$field["null"])) {
|
||||||
return false; //! report errors, also empty $_POST (too big POST data, not only FILES)
|
return false; //! report errors
|
||||||
}
|
}
|
||||||
return "_binary'" . (is_string($file) ? $mysql->escape_string($file) : "") . "'";
|
return "_binary'" . (is_string($file) ? $mysql->escape_string($file) : "") . "'";
|
||||||
} elseif ($field["type"] == "timestamp" && $value == "CURRENT_TIMESTAMP") {
|
} elseif ($field["type"] == "timestamp" && $value == "CURRENT_TIMESTAMP") {
|
||||||
|
|
|
@ -24,7 +24,6 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["change"] && !$_POST["change-
|
||||||
}
|
}
|
||||||
$error = $mysql->error;
|
$error = $mysql->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
page_header(lang('Foreign key'), array("table" => $_GET["foreign"]), $_GET["foreign"]);
|
page_header(lang('Foreign key'), array("table" => $_GET["foreign"]), $_GET["foreign"]);
|
||||||
|
|
||||||
$tables = array();
|
$tables = array();
|
||||||
|
@ -36,6 +35,9 @@ while ($row = $result->fetch_assoc()) {
|
||||||
}
|
}
|
||||||
$result->free();
|
$result->free();
|
||||||
|
|
||||||
|
if ($error) {
|
||||||
|
echo "<p class='error'>" . lang('Unable to operate foreign keys') . ": " . htmlspecialchars($error) . "</p>\n";
|
||||||
|
}
|
||||||
if ($_POST) {
|
if ($_POST) {
|
||||||
$row = $_POST;
|
$row = $_POST;
|
||||||
ksort($row["source"]);
|
ksort($row["source"]);
|
||||||
|
@ -43,8 +45,6 @@ if ($_POST) {
|
||||||
$row["source"][] = "";
|
$row["source"][] = "";
|
||||||
} elseif ($_POST["change"] || $_POST["change-js"]) {
|
} elseif ($_POST["change"] || $_POST["change-js"]) {
|
||||||
$row["target"] = array();
|
$row["target"] = array();
|
||||||
} else {
|
|
||||||
echo "<p class='error'>" . lang('Unable to operate foreign keys') . ": " . htmlspecialchars($error) . "</p>\n";
|
|
||||||
}
|
}
|
||||||
} elseif (strlen($_GET["name"])) {
|
} elseif (strlen($_GET["name"])) {
|
||||||
$foreign_keys = foreign_keys($_GET["foreign"]);
|
$foreign_keys = foreign_keys($_GET["foreign"]);
|
||||||
|
|
|
@ -204,7 +204,7 @@ function remove_from_uri($param = "") {
|
||||||
function get_file($key) {
|
function get_file($key) {
|
||||||
if (isset($_POST["files"][$key])) {
|
if (isset($_POST["files"][$key])) {
|
||||||
$length = strlen($_POST["files"][$key]);
|
$length = strlen($_POST["files"][$key]);
|
||||||
return ($length & $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key]));
|
return ($length && $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key]));
|
||||||
}
|
}
|
||||||
return (!$_FILES[$key] || $_FILES[$key]["error"] ? $_FILES[$key]["error"] : file_get_contents($_FILES[$key]["tmp_name"]));
|
return (!$_FILES[$key] || $_FILES[$key]["error"] ? $_FILES[$key]["error"] : file_get_contents($_FILES[$key]["tmp_name"]));
|
||||||
}
|
}
|
||||||
|
|
10
index.php
10
index.php
|
@ -1,5 +1,5 @@
|
||||||
<?php
|
<?php
|
||||||
/** phpMinAdmin - MySQL management tool
|
/** phpMinAdmin - Compact MySQL management
|
||||||
* @link http://phpminadmin.sourceforge.net
|
* @link http://phpminadmin.sourceforge.net
|
||||||
* @author Jakub Vrana, http://php.vrana.cz
|
* @author Jakub Vrana, http://php.vrana.cz
|
||||||
* @copyright 2007 Jakub Vrana
|
* @copyright 2007 Jakub Vrana
|
||||||
|
@ -50,8 +50,13 @@ if (isset($_GET["dump"])) {
|
||||||
include "./privileges.inc.php";
|
include "./privileges.inc.php";
|
||||||
} else { // uses CSRF token
|
} else { // uses CSRF token
|
||||||
include "./editing.inc.php";
|
include "./editing.inc.php";
|
||||||
|
$error = "";
|
||||||
if ($_POST) {
|
if ($_POST) {
|
||||||
$error = (in_array($_POST["token"], (array) $TOKENS) ? "" : lang('Invalid CSRF token. Send the form again.'));
|
if (!in_array($_POST["token"], (array) $TOKENS)) {
|
||||||
|
$error = lang('Invalid CSRF token. Send the form again.');
|
||||||
|
}
|
||||||
|
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
|
||||||
|
$error = lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.');
|
||||||
}
|
}
|
||||||
$token = ($_POST && !$error ? $_POST["token"] : token());
|
$token = ($_POST && !$error ? $_POST["token"] : token());
|
||||||
if (isset($_GET["default"])) {
|
if (isset($_GET["default"])) {
|
||||||
|
@ -90,7 +95,6 @@ if (isset($_GET["dump"])) {
|
||||||
} elseif (isset($_GET["select"])) {
|
} elseif (isset($_GET["select"])) {
|
||||||
include "./select.inc.php";
|
include "./select.inc.php";
|
||||||
} else {
|
} else {
|
||||||
$TOKENS = array();
|
|
||||||
page_header(lang('Database') . ": " . htmlspecialchars($_GET["db"]), false);
|
page_header(lang('Database') . ": " . htmlspecialchars($_GET["db"]), false);
|
||||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
|
echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
|
||||||
echo '<p><a href="' . htmlspecialchars($SELF) . 'schema=">' . lang('Database schema') . "</a></p>\n";
|
echo '<p><a href="' . htmlspecialchars($SELF) . 'schema=">' . lang('Database schema') . "</a></p>\n";
|
||||||
|
|
|
@ -40,12 +40,13 @@ if ($_POST && !$error && !$_POST["add"]) {
|
||||||
}
|
}
|
||||||
page_header(lang('Indexes'), array("table" => $_GET["indexes"]), $_GET["indexes"]);
|
page_header(lang('Indexes'), array("table" => $_GET["indexes"]), $_GET["indexes"]);
|
||||||
|
|
||||||
|
if ($error) {
|
||||||
|
echo "<p class='error'>" . lang('Unable to operate indexes') . ": " . htmlspecialchars($error) . "</p>\n";
|
||||||
|
}
|
||||||
$fields = array_keys(fields($_GET["indexes"]));
|
$fields = array_keys(fields($_GET["indexes"]));
|
||||||
if ($_POST) {
|
if ($_POST) {
|
||||||
$row = $_POST;
|
$row = $_POST;
|
||||||
if (!$_POST["add"]) {
|
if ($_POST["add"]) {
|
||||||
echo "<p class='error'>" . lang('Unable to operate indexes') . ": " . htmlspecialchars($error) . "</p>\n";
|
|
||||||
} else {
|
|
||||||
foreach ($row["indexes"] as $key => $index) {
|
foreach ($row["indexes"] as $key => $index) {
|
||||||
if (strlen($index["columns"][count($index["columns"])])) {
|
if (strlen($index["columns"][count($index["columns"])])) {
|
||||||
$row["indexes"][$key]["columns"][] = "";
|
$row["indexes"][$key]["columns"][] = "";
|
||||||
|
|
|
@ -167,4 +167,5 @@ $translations = array(
|
||||||
'all' => 'vše',
|
'all' => 'vše',
|
||||||
'Delete selected' => 'Smazat označené',
|
'Delete selected' => 'Smazat označené',
|
||||||
'Truncate table' => 'Promazat tabulku',
|
'Truncate table' => 'Promazat tabulku',
|
||||||
|
'Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.' => 'Příliš velká POST data. Zmenšete data nebo zvyšte hodnotu konfigurační direktivy "post_max_size".',
|
||||||
);
|
);
|
||||||
|
|
|
@ -29,12 +29,14 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"]) {
|
||||||
}
|
}
|
||||||
$error = $mysql->error;
|
$error = $mysql->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
page_header(strlen($_GET["procedure"])
|
page_header(strlen($_GET["procedure"])
|
||||||
? (isset($_GET["function"]) ? lang('Alter function') : lang('Alter procedure')) . ": " . htmlspecialchars($_GET["procedure"])
|
? (isset($_GET["function"]) ? lang('Alter function') : lang('Alter procedure')) . ": " . htmlspecialchars($_GET["procedure"])
|
||||||
: (isset($_GET["function"]) ? lang('Create function') : lang('Create procedure'))
|
: (isset($_GET["function"]) ? lang('Create function') : lang('Create procedure'))
|
||||||
);
|
);
|
||||||
|
|
||||||
|
if ($error) {
|
||||||
|
echo "<p class='error'>" . lang('Unable to operate routine') . ": " . htmlspecialchars($error) . "</p>\n";
|
||||||
|
}
|
||||||
$collations = get_vals("SHOW CHARACTER SET");
|
$collations = get_vals("SHOW CHARACTER SET");
|
||||||
if ($_POST) {
|
if ($_POST) {
|
||||||
$row = $_POST;
|
$row = $_POST;
|
||||||
|
@ -43,8 +45,6 @@ if ($_POST) {
|
||||||
$row["fields"] = array_values($row["fields"]);
|
$row["fields"] = array_values($row["fields"]);
|
||||||
if ($_POST["add"]) {
|
if ($_POST["add"]) {
|
||||||
array_splice($row["fields"], key($_POST["add"]), 0, array(array()));
|
array_splice($row["fields"], key($_POST["add"]), 0, array(array()));
|
||||||
} elseif (!$_POST["drop_col"]) {
|
|
||||||
echo "<p class='error'>" . lang('Unable to operate routine') . ": " . htmlspecialchars($error) . "</p>\n";
|
|
||||||
}
|
}
|
||||||
} elseif (strlen($_GET["procedure"])) {
|
} elseif (strlen($_GET["procedure"])) {
|
||||||
$row = routine($_GET["procedure"], $routine);
|
$row = routine($_GET["procedure"], $routine);
|
||||||
|
|
|
@ -11,10 +11,9 @@ if ($_POST && !$error) {
|
||||||
}
|
}
|
||||||
$error = $mysql->error;
|
$error = $mysql->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
page_header(lang('Process list'));
|
page_header(lang('Process list'));
|
||||||
|
|
||||||
if ($_POST) {
|
if ($error) {
|
||||||
echo "<p class='error'>" . lang('Unable to kill process') . ": " . htmlspecialchars($error) . "</p>\n";
|
echo "<p class='error'>" . lang('Unable to kill process') . ": " . htmlspecialchars($error) . "</p>\n";
|
||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -83,9 +83,9 @@ if ($_POST && !$error) {
|
||||||
}
|
}
|
||||||
$error = $mysql->error;
|
$error = $mysql->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
page_header(lang('Select') . ": " . htmlspecialchars($_GET["select"]));
|
page_header(lang('Select') . ": " . htmlspecialchars($_GET["select"]));
|
||||||
if ($_POST) {
|
|
||||||
|
if ($error) {
|
||||||
echo "<p class='error'>" . lang('Error during deleting') . ": " . htmlspecialchars($error) . "</p>\n";
|
echo "<p class='error'>" . lang('Error during deleting') . ": " . htmlspecialchars($error) . "</p>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,11 +3,10 @@ if (isset($_POST["query"])) {
|
||||||
setcookie("highlight", $_POST["highlight"], strtotime("+1 month"), preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]));
|
setcookie("highlight", $_POST["highlight"], strtotime("+1 month"), preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]));
|
||||||
$_COOKIE["highlight"] = $_POST["highlight"];
|
$_COOKIE["highlight"] = $_POST["highlight"];
|
||||||
}
|
}
|
||||||
|
|
||||||
page_header(lang('SQL command'));
|
page_header(lang('SQL command'));
|
||||||
|
|
||||||
if ($_POST && $error) {
|
if ($error) {
|
||||||
echo "<p class='error'>$error</p>\n";
|
echo "<p class='error'>" . htmlspecialchars($error) . "</p>\n";
|
||||||
} elseif ($_POST && is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) {
|
} elseif ($_POST && is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) {
|
||||||
$delimiter = ";";
|
$delimiter = ";";
|
||||||
$offset = 0;
|
$offset = 0;
|
||||||
|
|
|
@ -19,12 +19,13 @@ if ($_POST && !$error) {
|
||||||
}
|
}
|
||||||
$error = $mysql->error;
|
$error = $mysql->error;
|
||||||
}
|
}
|
||||||
|
|
||||||
page_header(strlen($_GET["name"]) ? lang('Alter trigger') . ": " . htmlspecialchars($_GET["name"]) : lang('Create trigger'), array("table" => $_GET["trigger"]));
|
page_header(strlen($_GET["name"]) ? lang('Alter trigger') . ": " . htmlspecialchars($_GET["name"]) : lang('Create trigger'), array("table" => $_GET["trigger"]));
|
||||||
|
|
||||||
|
if ($error) {
|
||||||
|
echo "<p class='error'>" . lang('Unable to operate trigger') . ": " . htmlspecialchars($error) . "</p>\n";
|
||||||
|
}
|
||||||
if ($_POST) {
|
if ($_POST) {
|
||||||
$row = $_POST;
|
$row = $_POST;
|
||||||
echo "<p class='error'>" . lang('Unable to operate trigger') . ": " . htmlspecialchars($error) . "</p>\n";
|
|
||||||
} elseif (strlen($_GET["name"])) {
|
} elseif (strlen($_GET["name"])) {
|
||||||
$result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($_GET["trigger"], "%_")) . "'");
|
$result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($_GET["trigger"], "%_")) . "'");
|
||||||
while ($row = $result->fetch_assoc()) {
|
while ($row = $result->fetch_assoc()) {
|
||||||
|
|
|
@ -117,13 +117,14 @@ if ($_POST && !$error) {
|
||||||
$error = $mysql->error;
|
$error = $mysql->error;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
page_header((isset($_GET["host"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[user]@$_GET[host]") : lang('Create user')), array("privileges" => lang('Privileges')));
|
page_header((isset($_GET["host"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[user]@$_GET[host]") : lang('Create user')), array("privileges" => lang('Privileges')));
|
||||||
|
|
||||||
|
if ($error) {
|
||||||
|
echo "<p class='error'>" . lang('Unable to operate user') . ": " . htmlspecialchars($error) . "</p>\n";
|
||||||
|
}
|
||||||
if ($_POST) {
|
if ($_POST) {
|
||||||
$row = $_POST;
|
$row = $_POST;
|
||||||
$grants = $new_grants;
|
$grants = $new_grants;
|
||||||
echo "<p class='error'>" . lang('Unable to operate user') . ": " . htmlspecialchars($error) . "</p>\n";
|
|
||||||
} else {
|
} else {
|
||||||
$row = $_GET + array("host" => "localhost");
|
$row = $_GET + array("host" => "localhost");
|
||||||
$row["pass"] = $old_pass;
|
$row["pass"] = $old_pass;
|
||||||
|
|
Loading…
Reference in a new issue