From b3ebf738aab16eab74756380514bb74c68146cce Mon Sep 17 00:00:00 2001
From: Lionel Laffineur <lionel@tigron.be>
Date: Fri, 1 Dec 2023 22:57:05 +0100
Subject: [PATCH] Forbid protocol and port number in server for Elastisearch
 driver

---
 adminer/drivers/elastic.inc.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/adminer/drivers/elastic.inc.php b/adminer/drivers/elastic.inc.php
index 217ded59..f03098ec 100644
--- a/adminer/drivers/elastic.inc.php
+++ b/adminer/drivers/elastic.inc.php
@@ -227,6 +227,9 @@ if (isset($_GET["elastic"])) {
 		global $adminer;
 		$connection = new Min_DB;
 		list($server, $username, $password) = $adminer->credentials();
+		if (strpos($server, '/') !== false || strpos($server, ':') !== false) {
+			return lang('Only hostname or IP address');
+		}
 		if ($password != "" && $connection->connect($server, $username, "")) {
 			return lang('Database does not support password.');
 		}