diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php index b4dde686..d9325544 100644 --- a/adminer/include/auth.inc.php +++ b/adminer/include/auth.inc.php @@ -82,3 +82,8 @@ if (!$_SESSION["tokens"][$_GET["server"]]) { if (isset($_POST["server"]) && $_POST["token"]) { $_POST["token"] = $_SESSION["tokens"][$_GET["server"]]; } +$token = $_SESSION["tokens"][$_GET["server"]]; ///< @var string CSRF protection +$error = ($_POST ///< @var string + ? ($_POST["token"] == $token ? "" : lang('Invalid CSRF token. Send the form again.')) + : ($_SERVER["REQUEST_METHOD"] != "POST" ? "" : lang('Too big POST data. Reduce the data or increase the %s configuration directive.', '"post_max_size"')) // posted form with no data means that post_max_size exceeded because Adminer always sends token at least +); diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php index f1051649..2fa3bcf1 100644 --- a/adminer/include/bootstrap.inc.php +++ b/adminer/include/bootstrap.inc.php @@ -100,9 +100,3 @@ if (!ini_get("session.use_cookies") || @ini_set("session.use_cookies", false) != $on_actions = array("RESTRICT", "CASCADE", "SET NULL", "NO ACTION"); ///< @var array used in foreign_keys() $confirm = " onclick=\"return confirm('" . lang('Are you sure?') . "');\""; ///< @var string -$token = $_SESSION["tokens"][$_GET["server"]]; ///< @var string CSRF protection -/** @var string */ -$error = ($_POST - ? ($_POST["token"] == $token ? "" : lang('Invalid CSRF token. Send the form again.')) - : ($_SERVER["REQUEST_METHOD"] != "POST" ? "" : lang('Too big POST data. Reduce the data or increase the %s configuration directive.', '"post_max_size"')) // posted form with no data means that post_max_size exceeded because Adminer always sends token at least -); diff --git a/adminer/include/connect.inc.php b/adminer/include/connect.inc.php index dc82806f..7ebdbf93 100644 --- a/adminer/include/connect.inc.php +++ b/adminer/include/connect.inc.php @@ -14,7 +14,7 @@ function connect_error() { queries_redirect(substr(ME, 0, -1), lang('Database has been dropped.'), !$connection->error); } - page_header(lang('Select database'), "", null); + page_header(lang('Select database'), $error, null); echo "

"; foreach (array( 'database' => lang('Create new database'), @@ -35,7 +35,7 @@ function connect_error() { echo " " . lang('Database') . "" . lang('Collation') . "\n"; foreach ($databases as $db) { $root = h(ME) . "db=" . urlencode($db); - echo "" . checkbox("db[]", $db, false); + echo "" . checkbox("db[]", $db, in_array($db, (array) $_POST["db"])); echo "" . h($db) . ""; echo "" . nbsp(db_collation($db, $collations)) . ""; echo "\n";