[adminer-svn] SF.net SVN: adminer:[1305] trunk
Database management in a single PHP file
Brought to you by:
jakubvrana
From: <jak...@us...> - 2010-02-09 16:39:14
|
Revision: 1305 http://adminer.svn.sourceforge.net/adminer/?rev=1305&view=rev Author: jakubvrana Date: 2010-02-09 16:28:34 +0000 (Tue, 09 Feb 2010) Log Message: ----------- Cookies management on IIS (bug #2931186) Modified Paths: -------------- trunk/adminer/include/adminer.inc.php trunk/adminer/include/auth.inc.php trunk/adminer/include/bootstrap.inc.php trunk/adminer/include/functions.inc.php trunk/adminer/privileges.inc.php trunk/editor/db.inc.php Modified: trunk/adminer/include/adminer.inc.php =================================================================== --- trunk/adminer/include/adminer.inc.php 2010-02-09 12:11:35 UTC (rev 1304) +++ trunk/adminer/include/adminer.inc.php 2010-02-09 16:28:34 UTC (rev 1305) @@ -505,7 +505,7 @@ </form> <form action=""> <p> -<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?> +<?php echo SID_FORM; ?> <?php if ($_GET["server"] != "") { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?> <?php echo ($databases ? html_select("db", array("" => "(" . lang('database') . ")") + $databases, DB, "this.form.submit();") : '<input name="db" value="' . h(DB) . '">'); ?> <?php if (isset($_GET["sql"])) { ?><input type="hidden" name="sql" value=""><?php } ?> Modified: trunk/adminer/include/auth.inc.php =================================================================== --- trunk/adminer/include/auth.inc.php 2010-02-09 12:11:35 UTC (rev 1304) +++ trunk/adminer/include/auth.inc.php 2010-02-09 16:28:34 UTC (rev 1305) @@ -10,9 +10,9 @@ . ":" . base64_encode(encrypt_string($_POST["password"], $adminer->permanentLogin())) ); } - if (count($_POST) == 3 + ($_POST["permanent"] ? 1 : 0)) { // 3 - server, username, password + if (count($_POST) == ($_POST["permanent"] ? 4 : 3)) { // 3 - server, username, password $location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri(session_name()) : preg_replace('~^([^?]*).*~', '\\1', ME) . ($_POST["server"] != "" ? '?server=' . urlencode($_POST["server"]) : '')); - if (SID) { + if (SID_FORM) { $pos = strpos($location, '?'); $location = ($pos ? substr_replace($location, SID . "&", $pos + 1, 0) : "$location?" . SID); } Modified: trunk/adminer/include/bootstrap.inc.php =================================================================== --- trunk/adminer/include/bootstrap.inc.php 2010-02-09 12:11:35 UTC (rev 1304) +++ trunk/adminer/include/bootstrap.inc.php 2010-02-09 16:28:34 UTC (rev 1305) @@ -46,7 +46,7 @@ session_write_close(); // disable session.auto_start @ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled session_name("adminer_sid"); // use specific session name to get own namespace -$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", (bool) $_SERVER["HTTPS"]); +$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $_SERVER["HTTPS"] && $_SERVER["HTTPS"] != "off"); if (version_compare(PHP_VERSION, '5.2.0') >= 0) { $params[] = true; // HttpOnly } @@ -75,7 +75,8 @@ @set_time_limit(0); // @ - can be disabled define("DB", $_GET["db"]); // for the sake of speed and size -define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID ? SID . '&' : '') . ($_GET["server"] != "" ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (DB != "" ? 'db=' . urlencode(DB) . '&' : '')); +define("SID_FORM", SID && !ini_get("session.use_only_cookies") ? '<input type="hidden" name="' . session_name() . '" value="' . h(session_id()) . '">' : ''); +define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID_FORM ? SID . '&' : '') . ($_GET["server"] != "" ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (DB != "" ? 'db=' . urlencode(DB) . '&' : '')); include "../adminer/include/version.inc.php"; include "../adminer/include/functions.inc.php"; Modified: trunk/adminer/include/functions.inc.php =================================================================== --- trunk/adminer/include/functions.inc.php 2010-02-09 12:11:35 UTC (rev 1304) +++ trunk/adminer/include/functions.inc.php 2010-02-09 16:28:34 UTC (rev 1305) @@ -201,7 +201,7 @@ * @return bool */ function cookie($name, $value) { - $params = array($name, $value, time() + 2592000, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", (bool) $_SERVER["HTTPS"]); // 2592000 = 30 * 24 * 60 * 60 + $params = array($name, $value, time() + 2592000, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $_SERVER["HTTPS"] && $_SERVER["HTTPS"] != "off"); // 2592000 = 30 * 24 * 60 * 60 if (version_compare(PHP_VERSION, '5.2.0') >= 0) { $params[] = true; // HttpOnly } Modified: trunk/adminer/privileges.inc.php =================================================================== --- trunk/adminer/privileges.inc.php 2010-02-09 12:11:35 UTC (rev 1304) +++ trunk/adminer/privileges.inc.php 2010-02-09 16:28:34 UTC (rev 1305) @@ -5,7 +5,7 @@ if (!$result) { ?> <form action=""><p> -<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?> +<?php echo SID_FORM; ?> <?php if ($_GET["server"] != "") { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?> <?php echo lang('Username'); ?>: <input name="user"> <?php echo lang('Server'); ?>: <input name="host" value="localhost"> Modified: trunk/editor/db.inc.php =================================================================== --- trunk/editor/db.inc.php 2010-02-09 12:11:35 UTC (rev 1304) +++ trunk/editor/db.inc.php 2010-02-09 16:28:34 UTC (rev 1305) @@ -3,7 +3,7 @@ ?> <form action=""><p> -<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?> +<?php echo SID_FORM; ?> <input name="where[][val]" value="<?php echo h($_GET["where"][0]["val"]); ?>"> <input type="submit" value="<?php echo lang('Search'); ?>" /> </form> This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site. |