From 07b3dc3f1d7af8f66b83c247cbe63926004c72ae Mon Sep 17 00:00:00 2001
From: Adrian Jones <adrianbjones@gmail.com>
Date: Mon, 1 Apr 2024 08:42:15 -0700
Subject: [PATCH 1/2] Restore latest version check which also fixes Issue#128

---
 adminer/include/adminer.inc.php |  1 +
 adminer/include/design.inc.php  | 20 ++++---------------
 adminer/static/functions.js     | 35 ++++++++++++++-------------------
 3 files changed, 20 insertions(+), 36 deletions(-)

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index 799b55fc..f122d439 100644
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -993,6 +993,7 @@ class Adminer {
 		?>
 <h1>
 <?php echo $this->name(); ?> <span class="version"><?php echo $VERSION; ?></span>
+<a href="https://download.adminerevo.org/latest/adminer/"<?php echo target_blank(); ?> id="version"><?php echo (version_compare($VERSION, $_COOKIE["adminer_version"]) < 0 ? h($_COOKIE["adminer_version"]) : ""); ?></a>
 </h1>
 <?php
 		if ($missing == "auth") {
diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index 399471cd..52823a94 100644
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -35,21 +35,9 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
 <body class="<?php echo lang('ltr'); ?> nojs <?php echo $GLOBALS['project']; ?>">
 <?php
 	$filename = get_temp_dir() . "/adminer.version";
-	if (!$_COOKIE["adminer_version"] && function_exists('openssl_verify') && file_exists($filename) && filemtime($filename) + 86400 > time()) { // 86400 - 1 day in seconds
+	if (!$_COOKIE["adminer_version"] && file_exists($filename) && filemtime($filename) + 86400 > time()) { // 86400 - 1 day in seconds
 		$version = unserialize(file_get_contents($filename));
-		$public = "-----BEGIN PUBLIC KEY-----
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwqWOVuF5uw7/+Z70djoK
-RlHIZFZPO0uYRezq90+7Amk+FDNd7KkL5eDve+vHRJBLAszF/7XKXe11xwliIsFs
-DFWQlsABVZB3oisKCBEuI71J4kPH8dKGEWR9jDHFw3cWmoH3PmqImX6FISWbG3B8
-h7FIx3jEaw5ckVPVTeo5JRm/1DZzJxjyDenXvBQ/6o9DgZKeNDgxwKzH+sw9/YCO
-jHnq1cFpOIISzARlrHMa/43YfeNRAm/tsBXjSxembBPo7aQZLAWHmaj5+K19H10B
-nCpz9Y++cipkVEiKRGih4ZEvjoFysEOdRLj6WiD/uUNky4xGeA6LaJqh5XpkFkcQ
-fQIDAQAB
------END PUBLIC KEY-----
-";
-		if (openssl_verify($version["version"], base64_decode($version["signature"]), $public) == 1) {
-			$_COOKIE["adminer_version"] = $version["version"]; // doesn't need to send to the browser
-		}
+		$_COOKIE["adminer_version"] = $version["version"]; // doesn't need to send to the browser
 	}
 	?>
 <script<?php echo nonce(); ?>>
@@ -133,8 +121,8 @@ function csp() {
 	return array(
 		array(
 			"script-src" => "'self' 'unsafe-inline' 'nonce-" . get_nonce() . "' 'strict-dynamic'", // 'self' is a fallback for browsers not supporting 'strict-dynamic', 'unsafe-inline' is a fallback for browsers not supporting 'nonce-'
-			"connect-src" => "'self'",
-			"frame-src" => "https://www.adminer.org",
+			"connect-src" => "'self' https://api.github.com/repos/adminerevo/adminerevo/releases/latest",
+			"frame-src" => "'self'",
 			"object-src" => "'none'",
 			"base-uri" => "'none'",
 			"form-action" => "'self'",
diff --git a/adminer/static/functions.js b/adminer/static/functions.js
index ec856119..247a43f1 100644
--- a/adminer/static/functions.js
+++ b/adminer/static/functions.js
@@ -101,27 +101,22 @@ function cookie(assign, days) {
 */
 function verifyVersion(current, url, token) {
 	cookie('adminer_version=0', 1);
-	var iframe = document.createElement('iframe');
-	iframe.src = 'https://www.adminer.org/version/?current=' + current;
-	iframe.frameBorder = 0;
-	iframe.marginHeight = 0;
-	iframe.scrolling = 'no';
-	iframe.style.width = '7ex';
-	iframe.style.height = '1.25em';
-	if (window.postMessage && window.addEventListener) {
-		iframe.style.display = 'none';
-		addEventListener('message', function (event) {
-			if (event.origin == 'https://www.adminer.org') {
-				var match = /version=(.+)/.exec(event.data);
-				if (match) {
-					cookie('adminer_version=' + match[1], 1);
-					ajax(url + 'script=version', function () {
-					}, event.data + '&token=' + token);
-				}
+	ajax('https://api.github.com/repos/adminerevo/adminerevo/releases/latest', function (request) {
+		var data = window.JSON ? JSON.parse(request.responseText) : eval('(' + request.responseText + ')');
+		version = data.tag_name.replace(/[^\d.]/g, '');
+
+		if (version) {
+			cookie('adminer_version=' + version, 1);
+			var data = 'version=' + version;
+			ajax(url + 'script=version', function () {
+			}, data + '&token=' + token);
+
+			if (version != current) {
+				qs('#version').innerText = version;
 			}
-		}, false);
-	}
-	qs('#version').appendChild(iframe);
+		}
+
+	});
 }
 
 /** Get value of select

From 455478009227d5b9fa2a486bae72cb554f9e6093 Mon Sep 17 00:00:00 2001
From: Adrian Jones <adrianbjones@gmail.com>
Date: Mon, 1 Apr 2024 09:31:10 -0700
Subject: [PATCH 2/2] Remove unneeded signature in adminer.version file.

---
 adminer/include/bootstrap.inc.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php
index d9332b6d..14836b4a 100644
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -33,7 +33,7 @@ if (isset($_GET["file"])) {
 if ($_GET["script"] == "version") {
 	$fp = file_open_lock(get_temp_dir() . "/adminer.version");
 	if ($fp) {
-		file_write_unlock($fp, serialize(array("signature" => $_POST["signature"], "version" => $_POST["version"])));
+		file_write_unlock($fp, serialize(array("version" => $_POST["version"])));
 	}
 	exit;
 }