beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Fixed warnings on login page

Browse source
This commit is contained in:
Lionel Laffineur 2023-12-03 17:39:39 +01:00
parent 5acbf93af9
commit c4038f46ee
5 changed files with 40 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

20
adminer/include/adminer.inc.php
View file

@ -121,9 +121,9 @@ class Adminer {
echo "<table cellspacing='0' class='layout'>\n";
echo $this->loginFormField('driver', '<tr><th>' . lang('System') . '<td>', html_select("auth[driver]", $drivers, DRIVER, "loginDriver(this);") . "\n");
echo $this->loginFormField('server', '<tr><th>' . lang('Server') . '<td>', '<input name="auth[server]" value="' . h(SERVER) . '" title="hostname[:port]" placeholder="localhost" autocapitalize="off">' . "\n");
echo $this->loginFormField('username', '<tr><th>' . lang('Username') . '<td>', '<input name="auth[username]" id="username" value="' . h($_GET["username"]) . '" autocomplete="username" autocapitalize="off">' . script("focus(qs('#username')); qs('#username').form['auth[driver]'].onchange();"));
echo $this->loginFormField('username', '<tr><th>' . lang('Username') . '<td>', '<input name="auth[username]" id="username" value="' . h((isset($_GET["username"]) ? $_GET["username"] : "")) . '" autocomplete="username" autocapitalize="off">' . script("focus(qs('#username')); qs('#username').form['auth[driver]'].onchange();"));
echo $this->loginFormField('password', '<tr><th>' . lang('Password') . '<td>', '<input type="password" name="auth[password]" autocomplete="current-password">' . "\n");
echo $this->loginFormField('db', '<tr><th>' . lang('Database') . '<td>', '<input name="auth[db]" value="' . h($_GET["db"]) . '" autocapitalize="off">' . "\n");
echo $this->loginFormField('db', '<tr><th>' . lang('Database') . '<td>', '<input name="auth[db]" value="' . h((isset($_GET["db"]) ? $_GET["db"] : "")) . '" autocapitalize="off">' . "\n");
echo "</table>\n";
echo "<p><input type='submit' value='" . lang('Login') . "'>\n";
echo checkbox("auth[permanent]", 1, $_COOKIE["adminer_permanent"], lang('Permanent login')) . "\n";
@ -968,13 +968,15 @@ class Adminer {
<?php
if ($missing == "auth") {
$output = "";
foreach ((array) $_SESSION["pwds"] as $vendor => $servers) {
foreach ($servers as $server => $usernames) {
foreach ($usernames as $username => $password) {
if ($password !== null) {
$dbs = $_SESSION["db"][$vendor][$server][$username];
foreach (($dbs ? array_keys($dbs) : array("")) as $db) {
$output .= "<li><a href='" . h(auth_url($vendor, $server, $username, $db)) . "'>($drivers[$vendor]) " . h($username . ($server != "" ? "@" . $this->serverName($server) : "") . ($db != "" ? " - $db" : "")) . "</a>\n";
if (isset( $_SESSION["pwds"])) {
foreach ((array) $_SESSION["pwds"] as $vendor => $servers) {
foreach ($servers as $server => $usernames) {
foreach ($usernames as $username => $password) {
if ($password !== null) {
$dbs = $_SESSION["db"][$vendor][$server][$username];
foreach (($dbs ? array_keys($dbs) : array("")) as $db) {
$output .= "<li><a href='" . h(auth_url($vendor, $server, $username, $db)) . "'>($drivers[$vendor]) " . h($username . ($server != "" ? "@" . $this->serverName($server) : "") . ($db != "" ? " - $db" : "")) . "</a>\n";
}
}
}
}

4
adminer/include/auth.inc.php
View file

@ -51,7 +51,7 @@ function check_invalid_login() {
}
}
$auth = $_POST["auth"];
$auth = (isset($_POST["auth"]) ? $_POST["auth"] : null);
if ($auth) {
session_regenerate_id(); // defense against session fixation
$vendor = $auth["driver"];
@ -76,7 +76,7 @@ if ($auth) {
redirect(auth_url($vendor, $server, $username, $db));
}
} elseif ($_POST["logout"] && (!$has_token || verify_token())) {
} elseif (isset($_POST["logout"]) && $_POST["logout"] && (!$has_token || verify_token())) {
foreach (array("pwds", "db", "dbs", "queries") as $key) {
set_session($key, null);
}

23
adminer/include/bootstrap.inc.php
View file

@ -1,6 +1,7 @@
<?php
function adminer_errors($errno, $errstr) {
return !!preg_match('~^(Trying to access array offset on value of type null|Undefined array key)~', $errstr);
function adminer_errors($errNo, $errStr, $errFile, $errLine) {
file_put_contents("php://stderr", sprintf("%d - %s - %s:%d\n", $errNo, $errStr, $errFile, $errLine));
printf("%d - %s - %s:%d\n", $errNo, $errStr, $errFile, $errLine);
}
error_reporting(6135); // errors and warnings
@ -30,7 +31,7 @@ if (isset($_GET["file"])) {
include "../adminer/file.inc.php";
}
if ($_GET["script"] == "version") {
if (isset($_GET["script"]) && $_GET["script"] == "version") {
$fp = file_open_lock(get_temp_dir() . "/adminer.version");
if ($fp) {
file_write_unlock($fp, serialize(array("signature" => $_POST["signature"], "version" => $_POST["version"])));
@ -46,10 +47,10 @@ if (!$_SERVER["REQUEST_URI"]) { // IIS 5 compatibility
if (!strpos($_SERVER["REQUEST_URI"], '?') && $_SERVER["QUERY_STRING"] != "") { // IIS 7 compatibility
$_SERVER["REQUEST_URI"] .= "?$_SERVER[QUERY_STRING]";
}
if ($_SERVER["HTTP_X_FORWARDED_PREFIX"]) {
if (isset($_SERVER["HTTP_X_FORWARDED_PREFIX"]) && $_SERVER["HTTP_X_FORWARDED_PREFIX"]) {
$_SERVER["REQUEST_URI"] = $_SERVER["HTTP_X_FORWARDED_PREFIX"] . $_SERVER["REQUEST_URI"];
}
$HTTPS = ($_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")) || ini_bool("session.cookie_secure"); // session.cookie_secure could be set on HTTP if we are behind a reverse proxy
$HTTPS = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] && strcasecmp($_SERVER["HTTPS"], "off")) || ini_bool("session.cookie_secure"); // session.cookie_secure could be set on HTTP if we are behind a reverse proxy
@ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled
if (!defined("SID")) {
@ -102,8 +103,16 @@ if ($adminer->operators === null) {
$adminer->operator_regexp = $operator_regexp;
}
define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
define("DB", $_GET["db"]); // for the sake of speed and size
if (isset($_GET[DRIVER])) {
define("SERVER", $_GET[DRIVER]); // read from pgsql=localhost
} else {
define("SERVER", "");
}
if (isset($_GET["db"])) {
define("DB", $_GET["db"]); // for the sake of speed and size
} else {
define("DB", "");
}
define("ME", preg_replace('~\?.*~', '', relative_uri()) . '?'
. (sid() ? SID . '&' : '')
. (SERVER !== null ? DRIVER . "=" . urlencode(SERVER) . '&' : '')

10
adminer/include/functions.inc.php
View file

@ -595,7 +595,10 @@ function stop_session($force = false) {
* @return mixed
*/
function &get_session($key) {
return $_SESSION[$key][DRIVER][SERVER][$_GET["username"]];
if (isset($_GET["username"]) && isset($_SESSION[$key][DRIVER][SERVER][$_GET["username"]])) {
return $_SESSION[$key][DRIVER][SERVER][$_GET["username"]];
}
return null;
}
/** Set session variable for current server
@ -630,7 +633,10 @@ function auth_url($vendor, $server, $username, $db = null) {
* @return bool
*/
function is_ajax() {
return ($_SERVER["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest");
if (isset($_SERVER["HTTP_X_REQUESTED_WITH"])) {
return ($_SERVER["HTTP_X_REQUESTED_WITH"] == "XMLHttpRequest");
}
return false;
}
/** Send Location header and exit

6
adminer/include/lang.inc.php
View file

@ -63,7 +63,7 @@ function get_lang() {
*/
function lang($idf, $number = null) {
global $LANG, $translations;
$translation = ($translations[$idf] ? $translations[$idf] : $idf);
$translation = (isset($translations[$idf]) ? $translations[$idf] : $idf);
if (is_array($translation)) {
$pos = ($number == 1 ? 0
: ($LANG == 'cs' || $LANG == 'sk' ? ($number && $number < 5 ? 1 : 2) // different forms for 1, 2-4, other
@ -102,10 +102,10 @@ if (isset($_POST["lang"]) && verify_token()) { // $error not yet available
}
$LANG = "en";
if (isset($langs[$_COOKIE["adminer_lang"]])) {
if (isset($_COOKIE["adminer_lang"]) && isset($langs[$_COOKIE["adminer_lang"]])) {
cookie("adminer_lang", $_COOKIE["adminer_lang"]);
$LANG = $_COOKIE["adminer_lang"];
} elseif (isset($langs[$_SESSION["lang"]])) {
} elseif (isset($_SESSION["lang"]) && isset($langs[$_SESSION["lang"]])) {
$LANG = $_SESSION["lang"];
} else {
$accept_language = array();