Fix XSS if Adminer is accessible at URL /data:
This commit is contained in:
parent
3310e18efa
commit
789ebc07bd
|
@ -84,7 +84,7 @@ include "../adminer/drivers/mysql.inc.php"; // must be included as last driver
|
|||
|
||||
define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
|
||||
define("DB", $_GET["db"]); // for the sake of speed and size
|
||||
define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"]) . '?'
|
||||
define("ME", str_replace(":", "%3a", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"])) . '?'
|
||||
. (sid() ? SID . '&' : '')
|
||||
. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
|
||||
. (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '')
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
Adminer 4.7.4-dev:
|
||||
Fix XSS if Adminer is accessible at URL /data:
|
||||
|
||||
Adminer 4.7.3 (released 2019-08-27):
|
||||
Allow editing foreign keys pointing to tables in other database/schema (bug #694)
|
||||
|
|
Loading…
Reference in a new issue