Fix XSS if Adminer is accessible at URL /data:
This commit is contained in:
parent
3310e18efa
commit
789ebc07bd
|
@ -84,7 +84,7 @@ include "../adminer/drivers/mysql.inc.php"; // must be included as last driver
|
||||||
|
|
||||||
define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
|
define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
|
||||||
define("DB", $_GET["db"]); // for the sake of speed and size
|
define("DB", $_GET["db"]); // for the sake of speed and size
|
||||||
define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"]) . '?'
|
define("ME", str_replace(":", "%3a", preg_replace('~^[^?]*/([^?]*).*~', '\1', $_SERVER["REQUEST_URI"])) . '?'
|
||||||
. (sid() ? SID . '&' : '')
|
. (sid() ? SID . '&' : '')
|
||||||
. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
|
. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')
|
||||||
. (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '')
|
. (isset($_GET["username"]) ? "username=" . urlencode($_GET["username"]) . '&' : '')
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
Adminer 4.7.4-dev:
|
Adminer 4.7.4-dev:
|
||||||
|
Fix XSS if Adminer is accessible at URL /data:
|
||||||
|
|
||||||
Adminer 4.7.3 (released 2019-08-27):
|
Adminer 4.7.3 (released 2019-08-27):
|
||||||
Allow editing foreign keys pointing to tables in other database/schema (bug #694)
|
Allow editing foreign keys pointing to tables in other database/schema (bug #694)
|
||||||
|
|
Loading…
Reference in a new issue