Trust user-supplied token with login
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1248 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
parent
cca3b36e03
commit
7d834847d1
|
@ -48,13 +48,6 @@ function auth_error($exception = null) {
|
||||||
page_footer("auth");
|
page_footer("auth");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!$_SESSION["tokens"][$_GET["server"]]) {
|
|
||||||
$_SESSION["tokens"][$_GET["server"]] = rand(1, 1e6); // defense against cross-site request forgery
|
|
||||||
if ($_POST["token"]) {
|
|
||||||
$_POST["token"] = $_SESSION["tokens"][$_GET["server"]];
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
$username = &$_SESSION["usernames"][$_GET["server"]];
|
$username = &$_SESSION["usernames"][$_GET["server"]];
|
||||||
if (!isset($username)) {
|
if (!isset($username)) {
|
||||||
$username = $_GET["username"]; // default username can be passed in URL
|
$username = $_GET["username"]; // default username can be passed in URL
|
||||||
|
@ -65,3 +58,7 @@ if (is_string($connection) || !$adminer->login($username, $_SESSION["passwords"]
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
unset($username);
|
unset($username);
|
||||||
|
|
||||||
|
if (!$_SESSION["tokens"][$_GET["server"]]) {
|
||||||
|
$_SESSION["tokens"][$_GET["server"]] = (isset($_POST["server"]) && $_POST["token"] ? $_POST["token"] : rand(1, 1e6)); // defense against cross-site request forgery
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in a new issue