Fix XSS in login form (bug #436)
This commit is contained in:
parent
411d198d0d
commit
c990de3b3e
|
@ -114,8 +114,13 @@ function unset_permanent() {
|
||||||
cookie("adminer_permanent", implode(" ", $permanent));
|
cookie("adminer_permanent", implode(" ", $permanent));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/** Renders an error message and a login form
|
||||||
|
* @param string plain text
|
||||||
|
* @return null exits
|
||||||
|
*/
|
||||||
function auth_error($error) {
|
function auth_error($error) {
|
||||||
global $adminer, $has_token;
|
global $adminer, $has_token;
|
||||||
|
$error = h($error);
|
||||||
$session_name = session_name();
|
$session_name = session_name();
|
||||||
if (isset($_GET["username"])) {
|
if (isset($_GET["username"])) {
|
||||||
header("HTTP/1.1 403 Forbidden"); // 401 requires sending WWW-Authenticate header
|
header("HTTP/1.1 403 Forbidden"); // 401 requires sending WWW-Authenticate header
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
Adminer 4.2.0-dev:
|
Adminer 4.2.0-dev:
|
||||||
|
Fix XSS in login form (bug #436)
|
||||||
Allow limiting number of displayed rows in SQL command
|
Allow limiting number of displayed rows in SQL command
|
||||||
Fix reading routine column collations
|
Fix reading routine column collations
|
||||||
Unlock session in alter database
|
Unlock session in alter database
|
||||||
|
|
Loading…
Reference in a new issue