Prevent CSRF

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@76 7c3ca157-0c34-0410-bff1-cbf682f78f5c

index.php

@@ -13,23 +13,35 @@ include "./connect.inc.php";
 if (isset($_GET["dump"])) {
 	include "./dump.inc.php";
 } else {
-	if (isset($_GET["sql"])) {
+	if (isset($_GET["table"])) {
-		include "./sql.inc.php";
-	} elseif (isset($_GET["table"])) {
 		include "./table.inc.php";
 	} elseif (isset($_GET["select"])) {
 		include "./select.inc.php";
+	} elseif (isset($_GET["view"])) {
+		include "./view.inc.php";
+	} else {
+		$params = preg_replace('~.*\\?~', '', $_SERVER["REQUEST_URI"]);
+		if ($_POST) {
+			$error = (in_array($_POST["token"], (array) $_SESSION["tokens"][$params]) ? "" : lang('Invalid CSRF token.'));
+		}
+		if ($_POST && !$error) {
+			$token = $_POST["token"];
+		} else {
+			$token = rand(1, 1e6);
+			$_SESSION["tokens"][$params][] = $token;
+		}
+		if (isset($_GET["sql"])) {
+			include "./sql.inc.php";
 		} elseif (isset($_GET["edit"])) {
 			include "./edit.inc.php";
 		} elseif (isset($_GET["create"])) {
 			include "./create.inc.php";
 		} elseif (isset($_GET["indexes"])) {
 			include "./indexes.inc.php";
-	} elseif (isset($_GET["view"])) {
-		include "./view.inc.php";
 		} elseif (isset($_GET["database"])) {
 			include "./database.inc.php";
 		} else {
+			unset($_SESSION["tokens"][$params]);
 			page_header(htmlspecialchars(lang('Database') . ": " . $_GET["db"]));
 			echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
 			if (mysql_get_server_info() >= 5) {
@@ -43,12 +55,12 @@ if (isset($_GET["dump"])) {
 						echo "<th>" . htmlspecialchars($row["ROUTINE_NAME"]) . "</th>"; //! parameters from SHOW CREATE {PROCEDURE|FUNCTION}
 						echo "<td><pre>" . htmlspecialchars($row["ROUTINE_DEFINITION"]) . "</pre></td>";
 						echo "</tr>\n";
-					//! call, drop, replace
 					}
 					echo "</table>\n";
 				}
 				mysql_free_result($result);
 			}
 		}
+	}
 	page_footer();
 }