From 505b79d82cbf44c708bd4023f5ea279bd38c7724 Mon Sep 17 00:00:00 2001
From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Fri, 6 Jul 2007 18:08:17 +0000
Subject: [PATCH] Prevent CSRF

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@76 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---
 index.php | 66 ++++++++++++++++++++++++++++++++-----------------------
 1 file changed, 39 insertions(+), 27 deletions(-)

diff --git a/index.php b/index.php
index 847d84ba..2e6ecf17 100644
--- a/index.php
+++ b/index.php
@@ -13,41 +13,53 @@ include "./connect.inc.php";
 if (isset($_GET["dump"])) {
 	include "./dump.inc.php";
 } else {
-	if (isset($_GET["sql"])) {
-		include "./sql.inc.php";
-	} elseif (isset($_GET["table"])) {
+	if (isset($_GET["table"])) {
 		include "./table.inc.php";
 	} elseif (isset($_GET["select"])) {
 		include "./select.inc.php";
-	} elseif (isset($_GET["edit"])) {
-		include "./edit.inc.php";
-	} elseif (isset($_GET["create"])) {
-		include "./create.inc.php";
-	} elseif (isset($_GET["indexes"])) {
-		include "./indexes.inc.php";
 	} elseif (isset($_GET["view"])) {
 		include "./view.inc.php";
-	} elseif (isset($_GET["database"])) {
-		include "./database.inc.php";
 	} else {
-		page_header(htmlspecialchars(lang('Database') . ": " . $_GET["db"]));
-		echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
-		if (mysql_get_server_info() >= 5) {
-			$result = mysql_query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . mysql_real_escape_string($_GET["db"]) . "'");
-			if (mysql_num_rows($result)) {
-				echo "<h2>" . lang('Routines') . "</h2>\n";
-				echo "<table border='0' cellspacing='0' cellpadding='2'>\n";
-				while ($row = mysql_fetch_assoc($result)) {
-					echo "<tr valign='top'>";
-					echo "<th>" . htmlspecialchars($row["ROUTINE_TYPE"]) . "</th>";
-					echo "<th>" . htmlspecialchars($row["ROUTINE_NAME"]) . "</th>"; //! parameters from SHOW CREATE {PROCEDURE|FUNCTION}
-					echo "<td><pre>" . htmlspecialchars($row["ROUTINE_DEFINITION"]) . "</pre></td>";
-					echo "</tr>\n";
-					//! call, drop, replace
+		$params = preg_replace('~.*\\?~', '', $_SERVER["REQUEST_URI"]);
+		if ($_POST) {
+			$error = (in_array($_POST["token"], (array) $_SESSION["tokens"][$params]) ? "" : lang('Invalid CSRF token.'));
+		}
+		if ($_POST && !$error) {
+			$token = $_POST["token"];
+		} else {
+			$token = rand(1, 1e6);
+			$_SESSION["tokens"][$params][] = $token;
+		}
+		if (isset($_GET["sql"])) {
+			include "./sql.inc.php";
+		} elseif (isset($_GET["edit"])) {
+			include "./edit.inc.php";
+		} elseif (isset($_GET["create"])) {
+			include "./create.inc.php";
+		} elseif (isset($_GET["indexes"])) {
+			include "./indexes.inc.php";
+		} elseif (isset($_GET["database"])) {
+			include "./database.inc.php";
+		} else {
+			unset($_SESSION["tokens"][$params]);
+			page_header(htmlspecialchars(lang('Database') . ": " . $_GET["db"]));
+			echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
+			if (mysql_get_server_info() >= 5) {
+				$result = mysql_query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . mysql_real_escape_string($_GET["db"]) . "'");
+				if (mysql_num_rows($result)) {
+					echo "<h2>" . lang('Routines') . "</h2>\n";
+					echo "<table border='0' cellspacing='0' cellpadding='2'>\n";
+					while ($row = mysql_fetch_assoc($result)) {
+						echo "<tr valign='top'>";
+						echo "<th>" . htmlspecialchars($row["ROUTINE_TYPE"]) . "</th>";
+						echo "<th>" . htmlspecialchars($row["ROUTINE_NAME"]) . "</th>"; //! parameters from SHOW CREATE {PROCEDURE|FUNCTION}
+						echo "<td><pre>" . htmlspecialchars($row["ROUTINE_DEFINITION"]) . "</pre></td>";
+						echo "</tr>\n";
+					}
+					echo "</table>\n";
 				}
-				echo "</table>\n";
+				mysql_free_result($result);
 			}
-			mysql_free_result($result);
 		}
 	}
 	page_footer();