Don't execute external JavaScript when verifying version
This commit is contained in:
Jakub Vrana
parent
372a0e22a7
commit
61cdde0797
|
|
@ -7,7 +7,7 @@
|
|||
* @return null
|
||||
*/
|
||||
function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
||||
global $LANG, $adminer, $connection, $drivers, $jush;
|
||||
global $LANG, $VERSION, $adminer, $connection, $drivers, $jush;
|
||||
page_headers();
|
||||
$title_all = $title . ($title2 != "" ? ": $title2" : "");
|
||||
$title_page = strip_tags($title_all . (SERVER != "" && SERVER != "localhost" ? h(" - " . SERVER) : "") . " - " . $adminer->name());
|
||||
|
|
@ -29,7 +29,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
|||
<?php } ?>
|
||||
<?php } ?>
|
||||
|
||||
<body class="<?php echo lang('ltr'); ?> nojs" onkeydown="bodyKeydown(event);" onclick="bodyClick(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion();"); ?>">
|
||||
<body class="<?php echo lang('ltr'); ?> nojs" onkeydown="bodyKeydown(event);" onclick="bodyClick(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion('$VERSION');"); ?>">
|
||||
<script type="text/javascript">
|
||||
document.body.className = document.body.className.replace(/ nojs/, ' js');
|
||||
</script>
|
||||
|
|
|
|||
|
|
@ -30,12 +30,29 @@ function cookie(assign, days) {
|
|||
}
|
||||
|
||||
/** Verify current Adminer version
|
||||
* @param string
|
||||
*/
|
||||
function verifyVersion() {
|
||||
function verifyVersion(current) {
|
||||
cookie('adminer_version=0', 1);
|
||||
var script = document.createElement('script');
|
||||
script.src = location.protocol + '//www.adminer.org/version.php';
|
||||
document.body.appendChild(script);
|
||||
var iframe = document.createElement('iframe');
|
||||
iframe.src = location.protocol + '//www.adminer.org/version/?current=' + current;
|
||||
iframe.frameBorder = 0;
|
||||
iframe.marginHeight = 0;
|
||||
iframe.scrolling = 'no';
|
||||
iframe.style.width = '7ex';
|
||||
iframe.style.height = '1.25em';
|
||||
if (window.postMessage && window.addEventListener) {
|
||||
iframe.style.display = 'none';
|
||||
addEventListener('message', function (event) {
|
||||
if (event.origin == location.protocol + '//www.adminer.org') {
|
||||
var match = /version=(.+)/.exec(event.data);
|
||||
if (match) {
|
||||
cookie('adminer_version=' + match[1], 1);
|
||||
}
|
||||
}
|
||||
}, false);
|
||||
}
|
||||
document.getElementById('version').appendChild(iframe);
|
||||
}
|
||||
|
||||
/** Get value of select
|
||||
|
|
|
|||
|
|
@ -16,6 +16,7 @@ Encrypt passwords stored in session by a key stored in cookie
|
|||
Don't append newlines to uploaded files, bug since Adminer 3.7.0
|
||||
Don't display SQL edit form on Ctrl+click on the select query, introduced in Adminer 3.6.4
|
||||
Use MD5 for editing long keys only in supported drivers, bug since Adminer 3.6.4
|
||||
Don't execute external JavaScript when verifying version
|
||||
Protect CSRF token against BREACH
|
||||
SQLite: Allow editing primary key
|
||||
SQLite: Allow editing foreign keys
|
||||
|
|
|
|||
Loading…
Reference in a new issue