Don't execute external JavaScript when verifying version
This commit is contained in:
parent
372a0e22a7
commit
61cdde0797
|
@ -7,7 +7,7 @@
|
||||||
* @return null
|
* @return null
|
||||||
*/
|
*/
|
||||||
function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
||||||
global $LANG, $adminer, $connection, $drivers, $jush;
|
global $LANG, $VERSION, $adminer, $connection, $drivers, $jush;
|
||||||
page_headers();
|
page_headers();
|
||||||
$title_all = $title . ($title2 != "" ? ": $title2" : "");
|
$title_all = $title . ($title2 != "" ? ": $title2" : "");
|
||||||
$title_page = strip_tags($title_all . (SERVER != "" && SERVER != "localhost" ? h(" - " . SERVER) : "") . " - " . $adminer->name());
|
$title_page = strip_tags($title_all . (SERVER != "" && SERVER != "localhost" ? h(" - " . SERVER) : "") . " - " . $adminer->name());
|
||||||
|
@ -29,7 +29,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
<body class="<?php echo lang('ltr'); ?> nojs" onkeydown="bodyKeydown(event);" onclick="bodyClick(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion();"); ?>">
|
<body class="<?php echo lang('ltr'); ?> nojs" onkeydown="bodyKeydown(event);" onclick="bodyClick(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion('$VERSION');"); ?>">
|
||||||
<script type="text/javascript">
|
<script type="text/javascript">
|
||||||
document.body.className = document.body.className.replace(/ nojs/, ' js');
|
document.body.className = document.body.className.replace(/ nojs/, ' js');
|
||||||
</script>
|
</script>
|
||||||
|
|
|
@ -30,12 +30,29 @@ function cookie(assign, days) {
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Verify current Adminer version
|
/** Verify current Adminer version
|
||||||
|
* @param string
|
||||||
*/
|
*/
|
||||||
function verifyVersion() {
|
function verifyVersion(current) {
|
||||||
cookie('adminer_version=0', 1);
|
cookie('adminer_version=0', 1);
|
||||||
var script = document.createElement('script');
|
var iframe = document.createElement('iframe');
|
||||||
script.src = location.protocol + '//www.adminer.org/version.php';
|
iframe.src = location.protocol + '//www.adminer.org/version/?current=' + current;
|
||||||
document.body.appendChild(script);
|
iframe.frameBorder = 0;
|
||||||
|
iframe.marginHeight = 0;
|
||||||
|
iframe.scrolling = 'no';
|
||||||
|
iframe.style.width = '7ex';
|
||||||
|
iframe.style.height = '1.25em';
|
||||||
|
if (window.postMessage && window.addEventListener) {
|
||||||
|
iframe.style.display = 'none';
|
||||||
|
addEventListener('message', function (event) {
|
||||||
|
if (event.origin == location.protocol + '//www.adminer.org') {
|
||||||
|
var match = /version=(.+)/.exec(event.data);
|
||||||
|
if (match) {
|
||||||
|
cookie('adminer_version=' + match[1], 1);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}, false);
|
||||||
|
}
|
||||||
|
document.getElementById('version').appendChild(iframe);
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Get value of select
|
/** Get value of select
|
||||||
|
|
|
@ -16,6 +16,7 @@ Encrypt passwords stored in session by a key stored in cookie
|
||||||
Don't append newlines to uploaded files, bug since Adminer 3.7.0
|
Don't append newlines to uploaded files, bug since Adminer 3.7.0
|
||||||
Don't display SQL edit form on Ctrl+click on the select query, introduced in Adminer 3.6.4
|
Don't display SQL edit form on Ctrl+click on the select query, introduced in Adminer 3.6.4
|
||||||
Use MD5 for editing long keys only in supported drivers, bug since Adminer 3.6.4
|
Use MD5 for editing long keys only in supported drivers, bug since Adminer 3.6.4
|
||||||
|
Don't execute external JavaScript when verifying version
|
||||||
Protect CSRF token against BREACH
|
Protect CSRF token against BREACH
|
||||||
SQLite: Allow editing primary key
|
SQLite: Allow editing primary key
|
||||||
SQLite: Allow editing foreign keys
|
SQLite: Allow editing foreign keys
|
||||||
|
|
Loading…
Reference in a new issue