beenull/adminerevo
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

Fix XSS in login form (bug #436)

Browse source
This commit is contained in:
Jakub Vrana 2015-02-07 10:40:51 -08:00
parent 411d198d0d
commit c990de3b3e
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
adminer/include/auth.inc.php
View file

@ -114,8 +114,13 @@ function unset_permanent() {
cookie("adminer_permanent", implode(" ", $permanent)); cookie("adminer_permanent", implode(" ", $permanent));
} }
/** Renders an error message and a login form
* @param string plain text
* @return null exits
*/
function auth_error($error) { function auth_error($error) {
global $adminer, $has_token; global $adminer, $has_token;
$error = h($error);
$session_name = session_name(); $session_name = session_name();
if (isset($_GET["username"])) { if (isset($_GET["username"])) {
header("HTTP/1.1 403 Forbidden"); // 401 requires sending WWW-Authenticate header header("HTTP/1.1 403 Forbidden"); // 401 requires sending WWW-Authenticate header

1
changes.txt
View file

@ -1,4 +1,5 @@
Adminer 4.2.0-dev: Adminer 4.2.0-dev:
Fix XSS in login form (bug #436)
Allow limiting number of displayed rows in SQL command Allow limiting number of displayed rows in SQL command
Fix reading routine column collations Fix reading routine column collations
Unlock session in alter database Unlock session in alter database