Stop session before connecting (thanks to Kareem Zidane)
This commit is contained in:
Jakub Vrana
parent
d7982e0b29
commit
846435aef8
|
|
@ -120,6 +120,7 @@ function auth_error($error) {
|
|||
if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$has_token) {
|
||||
$error = lang('Session expired, please login again.');
|
||||
} else {
|
||||
restart_session();
|
||||
add_invalid_login();
|
||||
$password = get_password();
|
||||
if ($password !== null) {
|
||||
|
|
@ -149,14 +150,19 @@ function auth_error($error) {
|
|||
exit;
|
||||
}
|
||||
|
||||
if (isset($_GET["username"]) && !class_exists("Min_DB")) {
|
||||
unset($_SESSION["pwds"][DRIVER]);
|
||||
unset_permanent();
|
||||
page_header(lang('No extension'), lang('None of the supported PHP extensions (%s) are available.', implode(", ", $possible_drivers)), false);
|
||||
page_footer("auth");
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!ini_bool("session.use_cookies") || @ini_set("session.use_cookies", false) !== false) { // @ - may be disabled
|
||||
session_write_close(); // improves concurrency if a user opens several pages at once, may be restarted later
|
||||
}
|
||||
|
||||
if (isset($_GET["username"])) {
|
||||
if (!class_exists("Min_DB")) {
|
||||
unset($_SESSION["pwds"][DRIVER]);
|
||||
unset_permanent();
|
||||
page_header(lang('No extension'), lang('None of the supported PHP extensions (%s) are available.', implode(", ", $possible_drivers)), false);
|
||||
page_footer("auth");
|
||||
exit;
|
||||
}
|
||||
list($host, $port) = explode(":", SERVER, 2);
|
||||
if (is_numeric($port) && $port < 1024) {
|
||||
auth_error(lang('Connecting to privileged ports is not allowed.'));
|
||||
|
|
|
|||
|
|
@ -95,11 +95,6 @@ include "./include/adminer.inc.php";
|
|||
include "../adminer/include/design.inc.php";
|
||||
include "../adminer/include/xxtea.inc.php";
|
||||
include "../adminer/include/auth.inc.php";
|
||||
|
||||
if (!ini_bool("session.use_cookies") || @ini_set("session.use_cookies", false) !== false) { // @ - may be disabled
|
||||
session_write_close(); // improves concurrency if a user opens several pages at once, may be restarted later
|
||||
}
|
||||
|
||||
include "./include/editing.inc.php";
|
||||
include "./include/connect.inc.php";
|
||||
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
Adminer 4.6.3-dev:
|
||||
Stop session before connecting
|
||||
PDO: Support binary fields download
|
||||
|
||||
Adminer 4.6.2 (released 2018-02-20):
|
||||
|
|
|
|||
Loading…
Reference in a new issue