Fix XSS in login form (bug #436)
This commit is contained in:
parent
411d198d0d
commit
c990de3b3e
|
@ -114,8 +114,13 @@ function unset_permanent() {
|
|||
cookie("adminer_permanent", implode(" ", $permanent));
|
||||
}
|
||||
|
||||
/** Renders an error message and a login form
|
||||
* @param string plain text
|
||||
* @return null exits
|
||||
*/
|
||||
function auth_error($error) {
|
||||
global $adminer, $has_token;
|
||||
$error = h($error);
|
||||
$session_name = session_name();
|
||||
if (isset($_GET["username"])) {
|
||||
header("HTTP/1.1 403 Forbidden"); // 401 requires sending WWW-Authenticate header
|
||||
|
|
|
@ -1,4 +1,5 @@
|
|||
Adminer 4.2.0-dev:
|
||||
Fix XSS in login form (bug #436)
|
||||
Allow limiting number of displayed rows in SQL command
|
||||
Fix reading routine column collations
|
||||
Unlock session in alter database
|
||||
|
|
Loading…
Reference in a new issue