From fc17d0151a2ff87764c98034a47c3b39d4097427 Mon Sep 17 00:00:00 2001
From: jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Date: Tue, 9 Feb 2010 16:28:34 +0000
Subject: [PATCH] Cookies management on IIS (bug #2931186)

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1305 7c3ca157-0c34-0410-bff1-cbf682f78f5c
---
 adminer/include/adminer.inc.php   | 2 +-
 adminer/include/auth.inc.php      | 4 ++--
 adminer/include/bootstrap.inc.php | 5 +++--
 adminer/include/functions.inc.php | 2 +-
 adminer/privileges.inc.php        | 2 +-
 editor/db.inc.php                 | 2 +-
 6 files changed, 9 insertions(+), 8 deletions(-)

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index c19ab338..c64a539f 100644
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -505,7 +505,7 @@ class Adminer {
 </form>
 <form action="">
 <p>
-<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?>
+<?php echo SID_FORM; ?>
 <?php if ($_GET["server"] != "") { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
 <?php echo ($databases ? html_select("db", array("" => "(" . lang('database') . ")") + $databases, DB, "this.form.submit();") : '<input name="db" value="' . h(DB) . '">'); ?>
 <?php if (isset($_GET["sql"])) { ?><input type="hidden" name="sql" value=""><?php } ?>
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 3e4284f9..0eeafdc9 100644
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -10,9 +10,9 @@ if (isset($_POST["server"])) {
 			. ":" . base64_encode(encrypt_string($_POST["password"], $adminer->permanentLogin()))
 		);
 	}
-	if (count($_POST) == 3 + ($_POST["permanent"] ? 1 : 0)) { // 3 - server, username, password
+	if (count($_POST) == ($_POST["permanent"] ? 4 : 3)) { // 3 - server, username, password
 		$location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri(session_name()) : preg_replace('~^([^?]*).*~', '\\1', ME) . ($_POST["server"] != "" ? '?server=' . urlencode($_POST["server"]) : ''));
-		if (SID) {
+		if (SID_FORM) {
 			$pos = strpos($location, '?');
 			$location = ($pos ? substr_replace($location, SID . "&", $pos + 1, 0) : "$location?" . SID);
 		}
diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php
index 997ff60e..8fd671b7 100644
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -46,7 +46,7 @@ if (!isset($_SERVER["REQUEST_URI"])) {
 session_write_close(); // disable session.auto_start
 @ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled
 session_name("adminer_sid"); // use specific session name to get own namespace
-$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", (bool) $_SERVER["HTTPS"]);
+$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $_SERVER["HTTPS"] && $_SERVER["HTTPS"] != "off");
 if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
 	$params[] = true; // HttpOnly
 }
@@ -75,7 +75,8 @@ if (function_exists("set_magic_quotes_runtime")) {
 @set_time_limit(0); // @ - can be disabled
 
 define("DB", $_GET["db"]); // for the sake of speed and size
-define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID ? SID . '&' : '') . ($_GET["server"] != "" ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (DB != "" ? 'db=' . urlencode(DB) . '&' : ''));
+define("SID_FORM", SID && !ini_get("session.use_only_cookies") ? '<input type="hidden" name="' . session_name() . '" value="' . h(session_id()) . '">' : '');
+define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID_FORM ? SID . '&' : '') . ($_GET["server"] != "" ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (DB != "" ? 'db=' . urlencode(DB) . '&' : ''));
 
 include "../adminer/include/version.inc.php";
 include "../adminer/include/functions.inc.php";
diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index fcc5b2c9..833e9975 100644
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -201,7 +201,7 @@ function where_link($i, $column, $value) {
 * @return bool
 */
 function cookie($name, $value) {
-	$params = array($name, $value, time() + 2592000, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", (bool) $_SERVER["HTTPS"]); // 2592000 = 30 * 24 * 60 * 60
+	$params = array($name, $value, time() + 2592000, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $_SERVER["HTTPS"] && $_SERVER["HTTPS"] != "off"); // 2592000 = 30 * 24 * 60 * 60
 	if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
 		$params[] = true; // HttpOnly
 	}
diff --git a/adminer/privileges.inc.php b/adminer/privileges.inc.php
index 0540040a..77155a37 100644
--- a/adminer/privileges.inc.php
+++ b/adminer/privileges.inc.php
@@ -5,7 +5,7 @@ $result = $connection->query("SELECT User, Host FROM mysql.user ORDER BY Host, U
 if (!$result) {
 	?>
 <form action=""><p>
-<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?>
+<?php echo SID_FORM; ?>
 <?php if ($_GET["server"] != "") { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
 <?php echo lang('Username'); ?>: <input name="user">
 <?php echo lang('Server'); ?>: <input name="host" value="localhost">
diff --git a/editor/db.inc.php b/editor/db.inc.php
index 4a8e990b..2385fb75 100644
--- a/editor/db.inc.php
+++ b/editor/db.inc.php
@@ -3,7 +3,7 @@ page_header(lang('Server'), "", null);
 
 ?>
 <form action=""><p>
-<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?>
+<?php echo SID_FORM; ?>
 <input name="where[][val]" value="<?php echo h($_GET["where"][0]["val"]); ?>">
 <input type="submit" value="<?php echo lang('Search'); ?>" />
 </form>