From 6f5c1981a0f5ef58c9161babe66537007f03cb69 Mon Sep 17 00:00:00 2001
From: Jakub Vrana <jakub@vrana.cz>
Date: Mon, 18 Oct 2010 01:20:02 +0200
Subject: [PATCH] CSRF protection of included JavaScript

---
 adminer/db.inc.php              | 2 +-
 adminer/include/connect.inc.php | 2 +-
 adminer/script.inc.php          | 3 +++
 3 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/adminer/db.inc.php b/adminer/db.inc.php
index 20944c96..453e0c25 100644
--- a/adminer/db.inc.php
+++ b/adminer/db.inc.php
@@ -155,6 +155,6 @@ if ($_GET["ns"] !== "") {
 	}
 	
 	page_footer();
-	echo "<script type='text/javascript' src='" . h(ME) . "script=db'></script>\n";
+	echo "<script type='text/javascript' src='" . h(ME . "script=db&token=$token") . "'></script>\n";
 	exit; // page_footer() already called
 }
diff --git a/adminer/include/connect.inc.php b/adminer/include/connect.inc.php
index 231e2f7c..a222dd73 100644
--- a/adminer/include/connect.inc.php
+++ b/adminer/include/connect.inc.php
@@ -43,7 +43,7 @@ function connect_error() {
 		}
 	}
 	page_footer("db");
-	echo "<script type='text/javascript' src='" . h(ME) . "script=connect'></script>\n";
+	echo "<script type='text/javascript' src='" . h(ME . "script=connect&token=$token") . "'></script>\n";
 }
 
 if (isset($_GET["status"])) {
diff --git a/adminer/script.inc.php b/adminer/script.inc.php
index 3d872b46..81d663e9 100644
--- a/adminer/script.inc.php
+++ b/adminer/script.inc.php
@@ -1,5 +1,8 @@
 <?php
 header("Content-Type: text/javascript; charset=utf-8");
+if ($_GET["token"] != $token) { // CSRF protection
+	exit;
+}
 
 if ($_GET["script"] == "db") {
 	$sums = array("Data_length" => 0, "Index_length" => 0, "Data_free" => 0);