Disallow connecting to ports > 65535 (bug #730)

author Jakub Vrana <jakub@vrana.cz>

Thu, 30 Jan 2020 16:12:23 +0000 (17:12 +0100)

committer Jakub Vrana <jakub@vrana.cz>

Thu, 30 Jan 2020 16:13:17 +0000 (17:13 +0100)
author Jakub Vrana <jakub@vrana.cz>
Thu, 30 Jan 2020 16:12:23 +0000 (17:12 +0100)
committer Jakub Vrana <jakub@vrana.cz>
Thu, 30 Jan 2020 16:13:17 +0000 (17:13 +0100)
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php

index f8a5a3993cea4bc29cbad9c1ba585302c2909e27..1051186ff89de08d90a37ccc6f72f9c334aa722c 100644 (file)
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -162,7 +162,7 @@ stop_session(true);
  
  if (isset($_GET["username"]) && is_string(get_password())) {
         list($host, $port) = explode(":", SERVER, 2);
-       if (is_numeric($port) && $port < 1024) {
+       if (is_numeric($port) && ($port < 1024 || $port > 65535)) {
                 auth_error(lang('Connecting to privileged ports is not allowed.'));
         }
         check_invalid_login();
diff --git a/changes.txt b/changes.txt

index 1930155b7e34159cf30d4506519eb8a2ebd30259..2c80c913847ee224d5a96d03944ca7d81c680309 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -2,6 +2,7 @@ Adminer 4.7.6-dev:
  Speed up alter table form (regression from 4.4.0)
  Fix clicking on non-input fields in alter table (regression from 4.6.2)
  Display time of procedure execution
+Disallow connecting to ports > 65535 (bug #730)
  MySQL: Always set foreign_key_checks in export
  Editor: Fix focusing foreign key search in select
author	Jakub Vrana <jakub@vrana.cz>
	Thu, 30 Jan 2020 16:12:23 +0000 (17:12 +0100)
committer	Jakub Vrana <jakub@vrana.cz>
	Thu, 30 Jan 2020 16:13:17 +0000 (17:13 +0100)
adminer/include/auth.inc.php		patch \| blob \| history
changes.txt		patch \| blob \| history