beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Protection against big POST data

Browse source 
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@373 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana 2008-03-18 10:29:20 +00:00
parent c54ba01361
commit 4d38c7d963
17 changed files with 46 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
abstraction.inc.php
View file

@ -195,7 +195,7 @@ if (extension_loaded("mysqli")) {
} else { } else {
page_header(lang('No MySQL extension'), null); page_header(lang('No MySQL extension'), null);
echo "<p class='error'>" . lang('None of supported PHP extensions (%s) are available.', 'mysqli, mysql, pdo') . "</p>\n"; echo "<p class='error'>" . lang('None of supported PHP extensions (%s) are available.', 'MySQLi, MySQL, PDO') . "</p>\n";
page_footer("auth"); page_footer("auth");
exit; exit;
} }

4
call.inc.php
View file

@ -13,7 +13,9 @@ foreach ($routine["fields"] as $i => $field) {
} }
} }
if ($_POST) { if ($error) {
echo "<p class='error'>" . htmlspecialchars($error) . "</p>\n";
} elseif ($_POST) {
$call = array(); $call = array();
foreach ($routine["fields"] as $key => $field) { foreach ($routine["fields"] as $key => $field) {
if (in_array($key, $in)) { if (in_array($key, $in)) {

5
create.inc.php
View file

@ -65,14 +65,15 @@ while ($row = $result->fetch_assoc()) {
} }
$result->free(); $result->free();
if ($error) {
echo "<p class='error'>" . lang('Unable to operate table') . ": " . htmlspecialchars($error) . "</p>\n";
}
if ($_POST) { if ($_POST) {
$row = $_POST; $row = $_POST;
ksort($row["fields"]); ksort($row["fields"]);
$row["fields"] = array_values($row["fields"]); $row["fields"] = array_values($row["fields"]);
if ($_POST["add"]) { if ($_POST["add"]) {
array_splice($row["fields"], key($_POST["add"]), 0, array(array())); array_splice($row["fields"], key($_POST["add"]), 0, array(array()));
} elseif (!$_POST["drop_col"]) {
echo "<p class='error'>" . lang('Unable to operate table') . ": " . htmlspecialchars($error) . "</p>\n";
} }
if ($row["auto_increment_col"]) { if ($row["auto_increment_col"]) {
$row["fields"][$row["auto_increment_col"] - 1]["auto_increment"] = true; $row["fields"][$row["auto_increment_col"] - 1]["auto_increment"] = true;

7
database.inc.php
View file

@ -28,12 +28,13 @@ if ($_POST && !$error) {
} }
$error = $mysql->error; $error = $mysql->error;
} }
page_header(strlen($_GET["db"]) ? lang('Alter database') : lang('Create database'), array(), $_GET["db"]); page_header(strlen($_GET["db"]) ? lang('Alter database') : lang('Create database'), array(), $_GET["db"]);
$collations = collations();
if ($_POST) { $collations = collations();
if ($error) {
echo "<p class='error'>" . lang('Unable to operate database') . ": " . htmlspecialchars($error) . "</p>\n"; echo "<p class='error'>" . lang('Unable to operate database') . ": " . htmlspecialchars($error) . "</p>\n";
}
if ($_POST) {
$name = $_POST["name"]; $name = $_POST["name"];
$collate = $_POST["collation"]; $collate = $_POST["collation"];
} else { } else {

4
edit.inc.php
View file

@ -43,8 +43,10 @@ if ($_POST && !$error) {
} }
page_header((isset($_GET["default"]) ? lang('Default values') : ($_GET["where"] ? lang('Edit') : lang('Insert'))), array((isset($_GET["default"]) ? "table" : "select") => $_GET["edit"]), $_GET["edit"]); page_header((isset($_GET["default"]) ? lang('Default values') : ($_GET["where"] ? lang('Edit') : lang('Insert'))), array((isset($_GET["default"]) ? "table" : "select") => $_GET["edit"]), $_GET["edit"]);
if ($_POST) { if ($error) {
echo "<p class='error'>" . lang('Error during saving') . ": " . htmlspecialchars($error) . "</p>\n"; echo "<p class='error'>" . lang('Error during saving') . ": " . htmlspecialchars($error) . "</p>\n";
}
if ($_POST) {
$row = (array) $_POST["fields"]; $row = (array) $_POST["fields"];
foreach ((array) $_POST["null"] as $key => $val) { foreach ((array) $_POST["null"] as $key => $val) {
$row[$key] = null; $row[$key] = null;

4
editing.inc.php
View file

@ -51,8 +51,8 @@ function process_input($name, $field) {
return (isset($_GET["default"]) ? "'" . implode(",", array_map(array($mysql, 'escape_string'), (array) $value)) . "'" : array_sum((array) $value)); return (isset($_GET["default"]) ? "'" . implode(",", array_map(array($mysql, 'escape_string'), (array) $value)) . "'" : array_sum((array) $value));
} elseif (preg_match('~binary|blob~', $field["type"])) { } elseif (preg_match('~binary|blob~', $field["type"])) {
$file = get_file($name); $file = get_file($name);
if (!is_string($file) && !$field["null"]) { if (!is_string($file) && ($file != UPLOAD_ERR_NO_FILE || !$field["null"])) {
return false; //! report errors, also empty $_POST (too big POST data, not only FILES) return false; //! report errors
} }
return "_binary'" . (is_string($file) ? $mysql->escape_string($file) : "") . "'"; return "_binary'" . (is_string($file) ? $mysql->escape_string($file) : "") . "'";
} elseif ($field["type"] == "timestamp" && $value == "CURRENT_TIMESTAMP") { } elseif ($field["type"] == "timestamp" && $value == "CURRENT_TIMESTAMP") {

6
foreign.inc.php
View file

@ -24,7 +24,6 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["change"] && !$_POST["change-
} }
$error = $mysql->error; $error = $mysql->error;
} }
page_header(lang('Foreign key'), array("table" => $_GET["foreign"]), $_GET["foreign"]); page_header(lang('Foreign key'), array("table" => $_GET["foreign"]), $_GET["foreign"]);
$tables = array(); $tables = array();
@ -36,6 +35,9 @@ while ($row = $result->fetch_assoc()) {
} }
$result->free(); $result->free();
if ($error) {
echo "<p class='error'>" . lang('Unable to operate foreign keys') . ": " . htmlspecialchars($error) . "</p>\n";
}
if ($_POST) { if ($_POST) {
$row = $_POST; $row = $_POST;
ksort($row["source"]); ksort($row["source"]);
@ -43,8 +45,6 @@ if ($_POST) {
$row["source"][] = ""; $row["source"][] = "";
} elseif ($_POST["change"] || $_POST["change-js"]) { } elseif ($_POST["change"] || $_POST["change-js"]) {
$row["target"] = array(); $row["target"] = array();
} else {
echo "<p class='error'>" . lang('Unable to operate foreign keys') . ": " . htmlspecialchars($error) . "</p>\n";
} }
} elseif (strlen($_GET["name"])) { } elseif (strlen($_GET["name"])) {
$foreign_keys = foreign_keys($_GET["foreign"]); $foreign_keys = foreign_keys($_GET["foreign"]);

2
functions.inc.php
View file

@ -204,7 +204,7 @@ function remove_from_uri($param = "") {
function get_file($key) { function get_file($key) {
if (isset($_POST["files"][$key])) { if (isset($_POST["files"][$key])) {
$length = strlen($_POST["files"][$key]); $length = strlen($_POST["files"][$key]);
return ($length & $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key])); return ($length && $length < 4 ? intval($_POST["files"][$key]) : base64_decode($_POST["files"][$key]));
} }
return (!$_FILES[$key] || $_FILES[$key]["error"] ? $_FILES[$key]["error"] : file_get_contents($_FILES[$key]["tmp_name"])); return (!$_FILES[$key] || $_FILES[$key]["error"] ? $_FILES[$key]["error"] : file_get_contents($_FILES[$key]["tmp_name"]));
} }

10
index.php
View file

@ -1,5 +1,5 @@
<?php <?php
/** phpMinAdmin - MySQL management tool /** phpMinAdmin - Compact MySQL management
* @link http://phpminadmin.sourceforge.net * @link http://phpminadmin.sourceforge.net
* @author Jakub Vrana, http://php.vrana.cz * @author Jakub Vrana, http://php.vrana.cz
* @copyright 2007 Jakub Vrana * @copyright 2007 Jakub Vrana
@ -50,8 +50,13 @@ if (isset($_GET["dump"])) {
include "./privileges.inc.php"; include "./privileges.inc.php";
} else { // uses CSRF token } else { // uses CSRF token
include "./editing.inc.php"; include "./editing.inc.php";
$error = "";
if ($_POST) { if ($_POST) {
$error = (in_array($_POST["token"], (array) $TOKENS) ? "" : lang('Invalid CSRF token. Send the form again.')); if (!in_array($_POST["token"], (array) $TOKENS)) {
$error = lang('Invalid CSRF token. Send the form again.');
}
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
$error = lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.');
} }
$token = ($_POST && !$error ? $_POST["token"] : token()); $token = ($_POST && !$error ? $_POST["token"] : token());
if (isset($_GET["default"])) { if (isset($_GET["default"])) {
@ -90,7 +95,6 @@ if (isset($_GET["dump"])) {
} elseif (isset($_GET["select"])) { } elseif (isset($_GET["select"])) {
include "./select.inc.php"; include "./select.inc.php";
} else { } else {
$TOKENS = array();
page_header(lang('Database') . ": " . htmlspecialchars($_GET["db"]), false); page_header(lang('Database') . ": " . htmlspecialchars($_GET["db"]), false);
echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n"; echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
echo '<p><a href="' . htmlspecialchars($SELF) . 'schema=">' . lang('Database schema') . "</a></p>\n"; echo '<p><a href="' . htmlspecialchars($SELF) . 'schema=">' . lang('Database schema') . "</a></p>\n";

7
indexes.inc.php
View file

@ -40,12 +40,13 @@ if ($_POST && !$error && !$_POST["add"]) {
} }
page_header(lang('Indexes'), array("table" => $_GET["indexes"]), $_GET["indexes"]); page_header(lang('Indexes'), array("table" => $_GET["indexes"]), $_GET["indexes"]);
if ($error) {
echo "<p class='error'>" . lang('Unable to operate indexes') . ": " . htmlspecialchars($error) . "</p>\n";
}
$fields = array_keys(fields($_GET["indexes"])); $fields = array_keys(fields($_GET["indexes"]));
if ($_POST) { if ($_POST) {
$row = $_POST; $row = $_POST;
if (!$_POST["add"]) { if ($_POST["add"]) {
echo "<p class='error'>" . lang('Unable to operate indexes') . ": " . htmlspecialchars($error) . "</p>\n";
} else {
foreach ($row["indexes"] as $key => $index) { foreach ($row["indexes"] as $key => $index) {
if (strlen($index["columns"][count($index["columns"])])) { if (strlen($index["columns"][count($index["columns"])])) {
$row["indexes"][$key]["columns"][] = ""; $row["indexes"][$key]["columns"][] = "";

1
lang/cs.inc.php
View file

@ -167,4 +167,5 @@ $translations = array(
'all' => 'vše', 'all' => 'vše',
'Delete selected' => 'Smazat označené', 'Delete selected' => 'Smazat označené',
'Truncate table' => 'Promazat tabulku', 'Truncate table' => 'Promazat tabulku',
'Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.' => 'Příliš velká POST data. Zmenšete data nebo zvyšte hodnotu konfigurační direktivy "post_max_size".',
); );

6
procedure.inc.php
View file

@ -29,12 +29,14 @@ if ($_POST && !$error && !$_POST["add"] && !$_POST["drop_col"]) {
} }
$error = $mysql->error; $error = $mysql->error;
} }
page_header(strlen($_GET["procedure"]) page_header(strlen($_GET["procedure"])
? (isset($_GET["function"]) ? lang('Alter function') : lang('Alter procedure')) . ": " . htmlspecialchars($_GET["procedure"]) ? (isset($_GET["function"]) ? lang('Alter function') : lang('Alter procedure')) . ": " . htmlspecialchars($_GET["procedure"])
: (isset($_GET["function"]) ? lang('Create function') : lang('Create procedure')) : (isset($_GET["function"]) ? lang('Create function') : lang('Create procedure'))
); );
if ($error) {
echo "<p class='error'>" . lang('Unable to operate routine') . ": " . htmlspecialchars($error) . "</p>\n";
}
$collations = get_vals("SHOW CHARACTER SET"); $collations = get_vals("SHOW CHARACTER SET");
if ($_POST) { if ($_POST) {
$row = $_POST; $row = $_POST;
@ -43,8 +45,6 @@ if ($_POST) {
$row["fields"] = array_values($row["fields"]); $row["fields"] = array_values($row["fields"]);
if ($_POST["add"]) { if ($_POST["add"]) {
array_splice($row["fields"], key($_POST["add"]), 0, array(array())); array_splice($row["fields"], key($_POST["add"]), 0, array(array()));
} elseif (!$_POST["drop_col"]) {
echo "<p class='error'>" . lang('Unable to operate routine') . ": " . htmlspecialchars($error) . "</p>\n";
} }
} elseif (strlen($_GET["procedure"])) { } elseif (strlen($_GET["procedure"])) {
$row = routine($_GET["procedure"], $routine); $row = routine($_GET["procedure"], $routine);

3
processlist.inc.php
View file

@ -11,10 +11,9 @@ if ($_POST && !$error) {
} }
$error = $mysql->error; $error = $mysql->error;
} }
page_header(lang('Process list')); page_header(lang('Process list'));
if ($_POST) { if ($error) {
echo "<p class='error'>" . lang('Unable to kill process') . ": " . htmlspecialchars($error) . "</p>\n"; echo "<p class='error'>" . lang('Unable to kill process') . ": " . htmlspecialchars($error) . "</p>\n";
} }
?> ?>

4
select.inc.php
View file

@ -83,9 +83,9 @@ if ($_POST && !$error) {
} }
$error = $mysql->error; $error = $mysql->error;
} }
page_header(lang('Select') . ": " . htmlspecialchars($_GET["select"])); page_header(lang('Select') . ": " . htmlspecialchars($_GET["select"]));
if ($_POST) {
if ($error) {
echo "<p class='error'>" . lang('Error during deleting') . ": " . htmlspecialchars($error) . "</p>\n"; echo "<p class='error'>" . lang('Error during deleting') . ": " . htmlspecialchars($error) . "</p>\n";
} }

5
sql.inc.php
View file

@ -3,11 +3,10 @@ if (isset($_POST["query"])) {
setcookie("highlight", $_POST["highlight"], strtotime("+1 month"), preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"])); setcookie("highlight", $_POST["highlight"], strtotime("+1 month"), preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]));
$_COOKIE["highlight"] = $_POST["highlight"]; $_COOKIE["highlight"] = $_POST["highlight"];
} }
page_header(lang('SQL command')); page_header(lang('SQL command'));
if ($_POST && $error) { if ($error) {
echo "<p class='error'>$error</p>\n"; echo "<p class='error'>" . htmlspecialchars($error) . "</p>\n";
} elseif ($_POST && is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) { } elseif ($_POST && is_string($query = (isset($_POST["query"]) ? $_POST["query"] : get_file("sql_file")))) {
$delimiter = ";"; $delimiter = ";";
$offset = 0; $offset = 0;

5
trigger.inc.php
View file

@ -19,12 +19,13 @@ if ($_POST && !$error) {
} }
$error = $mysql->error; $error = $mysql->error;
} }
page_header(strlen($_GET["name"]) ? lang('Alter trigger') . ": " . htmlspecialchars($_GET["name"]) : lang('Create trigger'), array("table" => $_GET["trigger"])); page_header(strlen($_GET["name"]) ? lang('Alter trigger') . ": " . htmlspecialchars($_GET["name"]) : lang('Create trigger'), array("table" => $_GET["trigger"]));
if ($error) {
echo "<p class='error'>" . lang('Unable to operate trigger') . ": " . htmlspecialchars($error) . "</p>\n";
}
if ($_POST) { if ($_POST) {
$row = $_POST; $row = $_POST;
echo "<p class='error'>" . lang('Unable to operate trigger') . ": " . htmlspecialchars($error) . "</p>\n";
} elseif (strlen($_GET["name"])) { } elseif (strlen($_GET["name"])) {
$result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($_GET["trigger"], "%_")) . "'"); $result = $mysql->query("SHOW TRIGGERS LIKE '" . $mysql->escape_string(addcslashes($_GET["trigger"], "%_")) . "'");
while ($row = $result->fetch_assoc()) { while ($row = $result->fetch_assoc()) {

5
user.inc.php
View file

@ -117,13 +117,14 @@ if ($_POST && !$error) {
$error = $mysql->error; $error = $mysql->error;
} }
} }
page_header((isset($_GET["host"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[user]@$_GET[host]") : lang('Create user')), array("privileges" => lang('Privileges'))); page_header((isset($_GET["host"]) ? lang('Username') . ": " . htmlspecialchars("$_GET[user]@$_GET[host]") : lang('Create user')), array("privileges" => lang('Privileges')));
if ($error) {
echo "<p class='error'>" . lang('Unable to operate user') . ": " . htmlspecialchars($error) . "</p>\n";
}
if ($_POST) { if ($_POST) {
$row = $_POST; $row = $_POST;
$grants = $new_grants; $grants = $new_grants;
echo "<p class='error'>" . lang('Unable to operate user') . ": " . htmlspecialchars($error) . "</p>\n";
} else { } else {
$row = $_GET + array("host" => "localhost"); $row = $_GET + array("host" => "localhost");
$row["pass"] = $old_pass; $row["pass"] = $old_pass;