diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php index b4dde686..d9325544 100644 --- a/adminer/include/auth.inc.php +++ b/adminer/include/auth.inc.php @@ -82,3 +82,8 @@ if (!$_SESSION["tokens"][$_GET["server"]]) { if (isset($_POST["server"]) && $_POST["token"]) { $_POST["token"] = $_SESSION["tokens"][$_GET["server"]]; } +$token = $_SESSION["tokens"][$_GET["server"]]; ///< @var string CSRF protection +$error = ($_POST ///< @var string + ? ($_POST["token"] == $token ? "" : lang('Invalid CSRF token. Send the form again.')) + : ($_SERVER["REQUEST_METHOD"] != "POST" ? "" : lang('Too big POST data. Reduce the data or increase the %s configuration directive.', '"post_max_size"')) // posted form with no data means that post_max_size exceeded because Adminer always sends token at least +); diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php index f1051649..2fa3bcf1 100644 --- a/adminer/include/bootstrap.inc.php +++ b/adminer/include/bootstrap.inc.php @@ -100,9 +100,3 @@ if (!ini_get("session.use_cookies") || @ini_set("session.use_cookies", false) != $on_actions = array("RESTRICT", "CASCADE", "SET NULL", "NO ACTION"); ///< @var array used in foreign_keys() $confirm = " onclick=\"return confirm('" . lang('Are you sure?') . "');\""; ///< @var string -$token = $_SESSION["tokens"][$_GET["server"]]; ///< @var string CSRF protection -/** @var string */ -$error = ($_POST - ? ($_POST["token"] == $token ? "" : lang('Invalid CSRF token. Send the form again.')) - : ($_SERVER["REQUEST_METHOD"] != "POST" ? "" : lang('Too big POST data. Reduce the data or increase the %s configuration directive.', '"post_max_size"')) // posted form with no data means that post_max_size exceeded because Adminer always sends token at least -); diff --git a/adminer/include/connect.inc.php b/adminer/include/connect.inc.php index dc82806f..7ebdbf93 100644 --- a/adminer/include/connect.inc.php +++ b/adminer/include/connect.inc.php @@ -14,7 +14,7 @@ function connect_error() { queries_redirect(substr(ME, 0, -1), lang('Database has been dropped.'), !$connection->error); } - page_header(lang('Select database'), "", null); + page_header(lang('Select database'), $error, null); echo "
";
foreach (array(
'database' => lang('Create new database'),
@@ -35,7 +35,7 @@ function connect_error() {
echo " \n";
foreach ($databases as $db) {
$root = h(ME) . "db=" . urlencode($db);
- echo " " . lang('Database') . " " . lang('Collation') . "