beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Don't send incomplete forms

Browse source
This commit is contained in:
Jakub Vrana 2011-03-08 13:43:05 +01:00
parent 071e6a2408
commit 740ae10a3d
20 changed files with 33 additions and 31 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
adminer/call.inc.php
View file

@ -72,6 +72,6 @@ if ($in) {
}
?>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Call'); ?>">
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/create.inc.php
View file

@ -161,9 +161,9 @@ foreach ($engines as $engine) {
<label><input type="checkbox" onclick="columnShow(this.checked, 5);"><?php echo lang('Default values'); ?></label>
<?php echo (support("comment") ? checkbox("", "", $comments, lang('Comment'), "columnShow(this.checked, 6); toggle('Comment'); if (this.checked) this.form['Comment'].focus();") . ' <input id="Comment" name="Comment" value="' . h($row["Comment"]) . '" maxlength="60"' . ($comments ? '' : ' class="hidden"') . '>' : ''); ?>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php if (strlen($_GET["create"])) { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php
if (support("partitioning")) {
$partition_table = ereg('RANGE|LIST', $row["partition_by"]);

2
adminer/database.inc.php
View file

@ -62,7 +62,6 @@ echo ($_POST["add_x"] || strpos($name, "\n")
) . "\n" . ($collations ? html_select("collation", array("" => "(" . lang('collation') . ")") + $collations, $collate) : "");
?>
<script type='text/javascript'>document.getElementById('name').focus();</script>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php
if (DB != "") {
@ -71,4 +70,5 @@ if (DB != "") {
echo "<input type='image' name='add' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'>\n";
}
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

3
adminer/db.inc.php
View file

@ -73,7 +73,7 @@ if ($adminer->homepage()) {
}
echo "</table>\n";
if (!information_schema(DB)) {
echo "<p><input type='hidden' name='token' value='$token'>" . ($jush == "sql" ? "<input type='submit' value='" . lang('Analyze') . "'> <input type='submit' name='optimize' value='" . lang('Optimize') . "'> <input type='submit' name='check' value='" . lang('Check') . "'> <input type='submit' name='repair' value='" . lang('Repair') . "'> " : "") . "<input type='submit' name='truncate' value='" . lang('Truncate') . "'" . confirm("formChecked(this, /tables/)") . "> <input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm("formChecked(this, /tables|views/)", 1) . ">\n"; // 1 - eventStop
echo "<p>" . ($jush == "sql" ? "<input type='submit' value='" . lang('Analyze') . "'> <input type='submit' name='optimize' value='" . lang('Optimize') . "'> <input type='submit' name='check' value='" . lang('Check') . "'> <input type='submit' name='repair' value='" . lang('Repair') . "'> " : "") . "<input type='submit' name='truncate' value='" . lang('Truncate') . "'" . confirm("formChecked(this, /tables/)") . "> <input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm("formChecked(this, /tables|views/)", 1) . ">\n"; // 1 - eventStop
$databases = (support("scheme") ? schemas() : get_databases());
if (count($databases) != 1 && $jush != "sqlite") {
$db = (isset($_POST["target"]) ? $_POST["target"] : (support("scheme") ? $_GET["ns"] : DB));
@ -83,6 +83,7 @@ if ($adminer->homepage()) {
echo (support("copy") ? " <input type='submit' name='copy' value='" . lang('Copy') . "' onclick='eventStop(event);'>" : "");
echo "\n";
}
echo "<input type='hidden' name='token' value='$token'>\n";
}
echo "</form>\n";
}

12
adminer/edit.inc.php
View file

@ -90,13 +90,7 @@ if ($fields) {
}
?>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="hidden" name="referer" value="<?php echo h(isset($_POST["referer"]) ? $_POST["referer"] : $_SERVER["HTTP_REFERER"]); ?>">
<input type="hidden" name="save" value="1">
<?php
if (isset($_GET["select"])) {
hidden_fields(array("check" => (array) $_POST["check"], "clone" => $_POST["clone"], "all" => $_POST["all"]));
}
if ($fields) {
echo "<input type='submit' value='" . lang('Save') . "'>\n";
if (!isset($_GET["select"])) {
@ -106,5 +100,11 @@ if ($fields) {
echo ($update ? "<input type='submit' name='delete' value='" . lang('Delete') . "' onclick=\"return confirm('" . lang('Are you sure?') . "');\">\n"
: ($_POST ? "" : "<script type='text/javascript'>document.getElementById('form').getElementsByTagName('td')[1].firstChild.focus();</script>\n")
);
if (isset($_GET["select"])) {
hidden_fields(array("check" => (array) $_POST["check"], "clone" => $_POST["clone"], "all" => $_POST["all"]));
}
?>
<input type="hidden" name="referer" value="<?php echo h(isset($_POST["referer"]) ? $_POST["referer"] : $_SERVER["HTTP_REFERER"]); ?>">
<input type="hidden" name="save" value="1">
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/event.inc.php
View file

@ -47,7 +47,7 @@ if ($_POST) {
</table>
<p><?php textarea("EVENT_DEFINITION", $row["EVENT_DEFINITION"]); ?>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php if ($EVENT != "") { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/include/adminer.inc.php
View file

@ -739,8 +739,8 @@ DROP PROCEDURE adminer_alter;
}
}
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" onclick="eventStop(event);">
<input type="hidden" name="token" value="<?php echo $token; ?>">
</p>
</form>
<form action="">

3
adminer/include/connect.inc.php
View file

@ -32,7 +32,7 @@ function connect_error() {
$collations = collations();
echo "<form action='' method='post'>\n";
echo "<table cellspacing='0' onclick='tableClick(event);'>\n";
echo "<thead><tr><td><input type='hidden' name='token' value='$token'>&nbsp;<th>" . lang('Database') . "<td>" . lang('Collation') . "<td>" . lang('Tables') . "</thead>\n";
echo "<thead><tr><td>&nbsp;<th>" . lang('Database') . "<td>" . lang('Collation') . "<td>" . lang('Tables') . "</thead>\n";
foreach ($databases as $db) {
$root = h(ME) . "db=" . urlencode($db);
echo "<tr" . odd() . "><td>" . checkbox("db[]", $db, in_array($db, (array) $_POST["db"]));
@ -43,6 +43,7 @@ function connect_error() {
}
echo "</table>\n";
echo "<p><input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm("formChecked(this, /db/)", 1) . ">\n"; // 1 - eventStop
echo "<input type='hidden' name='token' value='$token'>\n";
echo "<a href='" . h(ME) . "refresh=1' onclick='eventStop(event);'>" . lang('Refresh') . "</a>\n";
echo "</form>\n";
}

2
adminer/indexes.inc.php
View file

@ -94,7 +94,7 @@ foreach ($row["indexes"] as $index) {
?>
</table>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<noscript><p><input type="submit" name="add" value="<?php echo lang('Add next'); ?>"></noscript>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

4
adminer/procedure.inc.php
View file

@ -51,8 +51,8 @@ if (isset($_GET["function"])) {
</table>
<p><?php textarea("definition", $row["definition"]); ?>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php if ($PROCEDURE != "") { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/processlist.inc.php
View file

@ -30,6 +30,6 @@ foreach (get_rows("SHOW FULL PROCESSLIST") as $i => $row) {
</table>
<p><?php echo ($i + 1) . "/" . lang('%d in total', $connection->result("SELECT @@max_connections")); ?>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Kill'); ?>">
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/scheme.inc.php
View file

@ -25,11 +25,11 @@ if ($_POST) {
<form action="" method="post">
<p><input name="name" value="<?php echo h($row["name"]); ?>">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php
if ($_GET["ns"] != "") {
echo "<input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm() . ">\n";
}
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

5
adminer/select.inc.php
View file

@ -409,9 +409,10 @@ if (!$columns) {
echo "</div></fieldset>\n";
}
print_fieldset("import", lang('Import'), !$rows);
echo "<input type='hidden' name='token' value='$token'><input type='file' name='csv_file'> ";
echo "<input type='file' name='csv_file'> ";
echo html_select("separator", array("csv" => "CSV,", "csv;" => "CSV;", "tsv" => "TSV"), $adminer_export["format"], 1); // 1 - select
echo " <input type='submit' name='import' value='" . lang('Import') . "'>\n";
echo " <input type='submit' name='import' value='" . lang('Import') . "'>";
echo "<input type='hidden' name='token' value='$token'>\n";
echo "</div></fieldset>\n";
$adminer->selectEmailPrint(array_filter($email_fields, 'strlen'), $columns);

2
adminer/sequence.inc.php
View file

@ -24,11 +24,11 @@ if ($_POST) {
<form action="" method="post">
<p><input name="name" value="<?php echo h($row["name"]); ?>">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php
if ($SEQUENCE != "") {
echo "<input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm() . ">\n";
}
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

7
adminer/sql.inc.php
View file

@ -118,9 +118,8 @@ if (!$error && $_POST) {
$export = ", <a href='#$id' onclick=\"return !toggle('$id');\">" . lang('Export') . "</a><span id='$id' class='hidden'>: "
. html_select("output", $adminer->dumpOutput(), $adminer_export["output"]) . " "
. html_select("format", $dump_format, $adminer_export["format"])
. " <input type='hidden' name='query' value='" . h($q) . "' />"
. " <input type='hidden' name='token' value='$token' />"
. " <input type='submit' name='export' value='" . lang('Export') . "' onclick='eventStop(event);'></span>"
. "<input type='hidden' name='query' value='" . h($q) . "'>"
. " <input type='submit' name='export' value='" . lang('Export') . "' onclick='eventStop(event);'><input type='hidden' name='token' value='$token'></span>"
;
if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) {
$id = "explain-$commands";
@ -179,8 +178,8 @@ echo "<p>" . (ini_bool("file_uploads") ? lang('File upload') . ': <input type="f
?>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Execute'); ?>" title="Ctrl+Enter">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php
echo checkbox("error_stops", 1, $_POST["error_stops"], lang('Stop on error')) . "\n";
echo checkbox("only_errors", 1, $_POST["only_errors"], lang('Show only errors')) . "\n";

4
adminer/trigger.inc.php
View file

@ -37,8 +37,8 @@ if ($_POST) {
<p><?php echo lang('Name'); ?>: <input name="Trigger" value="<?php echo h($row["Trigger"]); ?>" maxlength="64">
<p><?php textarea("Statement", $row["Statement"]); ?>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php if ($_GET["name"] != "") { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/type.inc.php
View file

@ -20,7 +20,6 @@ if ($_POST) {
<form action="" method="post">
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php
if ($TYPE != "") {
echo "<input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm() . ">\n";
@ -30,4 +29,5 @@ if ($TYPE != "") {
echo "<p><input type='submit' value='" . lang('Save') . "'>\n";
}
?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/user.inc.php
View file

@ -162,7 +162,7 @@ foreach (array(
echo "</table>\n";
?>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php if (isset($_GET["host"])) { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
adminer/view.inc.php
View file

@ -28,7 +28,7 @@ if ($_POST) {
<p><?php echo lang('Name'); ?>: <input name="name" value="<?php echo h($row["name"]); ?>" maxlength="64">
<p><?php textarea("select", $row["select"]); ?>
<p>
<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php if ($dropped) { // old view was dropped but new wasn't created ?><input type="hidden" name="dropped" value="1"><?php } ?>
<input type="submit" value="<?php echo lang('Save'); ?>">
<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>

2
editor/include/adminer.inc.php
View file

@ -505,8 +505,8 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
?>
<form action="" method="post">
<p class="logout">
<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" onclick="eventStop(event);">
<input type="hidden" name="token" value="<?php echo $token; ?>">
</p>
</form>
<?php