Send 403 for auth error
This commit is contained in:
parent
7a370e7885
commit
594085c6f5
|
@ -117,9 +117,8 @@ function unset_permanent() {
|
|||
function auth_error($error) {
|
||||
global $adminer, $has_token;
|
||||
$session_name = session_name();
|
||||
if (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_bool("session.use_only_cookies")) {
|
||||
$error = lang('Session support must be enabled.');
|
||||
} elseif (isset($_GET["username"])) {
|
||||
if (isset($_GET["username"])) {
|
||||
header("HTTP/1.1 403 Forbidden"); // 401 requires sending WWW-Authenticate header
|
||||
if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$has_token) {
|
||||
$error = lang('Session expired, please login again.');
|
||||
} else {
|
||||
|
@ -134,6 +133,9 @@ function auth_error($error) {
|
|||
unset_permanent();
|
||||
}
|
||||
}
|
||||
if (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_bool("session.use_only_cookies")) {
|
||||
$error = lang('Session support must be enabled.');
|
||||
}
|
||||
$params = session_get_cookie_params();
|
||||
cookie("adminer_key", ($_COOKIE["adminer_key"] ? $_COOKIE["adminer_key"] : rand_string()), $params["lifetime"]);
|
||||
page_header(lang('Login'), $error, null);
|
||||
|
|
|
@ -5,6 +5,7 @@ Make master key unreadable to others (bug #410)
|
|||
Fix edit by long non-utf8 string
|
||||
Specify encoding for PHP 5.6 with invalid default_charset
|
||||
Fix saving NULL value, bug since Adminer 4.0.3
|
||||
Send 403 for auth error
|
||||
MySQL: Use utf8mb4 if available
|
||||
PostgreSQL: Materialized views
|
||||
Elasticsearch: Use where in select
|
||||
|
|
Loading…
Reference in a new issue