}
}
$_GET["server"] = $_POST["server"];
-} elseif (isset($_GET["logout"])) {
- unset($_SESSION["usernames"][$_GET["server"]]);
- unset($_SESSION["passwords"][$_GET["server"]]);
- unset($_SESSION["databases"][$_GET["server"]]);
- $_SESSION["tokens"][$_GET["server"]] = array();
- redirect(substr($SELF, 0, -1), lang('Logout successful.'));
+} elseif (isset($_POST["logout"])) {
+ if ($_POST["token"] != $_SESSION["tokens"][$_GET["server"]]["?logout"]) {
+ page_header(lang('Logout'), lang('Invalid CSRF token. Send the form again.'));
+ page_footer("db");
+ exit;
+ } else {
+ unset($_SESSION["usernames"][$_GET["server"]]);
+ unset($_SESSION["passwords"][$_GET["server"]]);
+ unset($_SESSION["databases"][$_GET["server"]]);
+ $_SESSION["tokens"][$_GET["server"]] = array();
+ redirect(substr($SELF, 0, -1), lang('Logout successful.'));
+ }
}
function auth_error() {
<div id="menu">
<h1><a href="http://phpminadmin.sourceforge.net"><?php echo lang('phpMinAdmin'); ?></a></h1>
<?php if ($missing != "auth") { ?>
+<form action="" method="post">
<p>
<a href="<?php echo htmlspecialchars($SELF); ?>sql="><?php echo lang('SQL command'); ?></a>
<a href="<?php echo htmlspecialchars($SELF); ?>dump=<?php echo urlencode($_GET["table"]); ?>"><?php echo lang('Dump'); ?></a>
-<a href="<?php echo htmlspecialchars(preg_replace('~db=[^&]*&~', '', $SELF)); ?>logout="><?php echo lang('Logout'); ?></a>
+<input type="hidden" name="token" value="<?php
+if (!$_SESSION["tokens"][$_GET["server"]]["?logout"]) {
+ $_SESSION["tokens"][$_GET["server"]]["?logout"] = rand(1, 1e6);
+}
+echo $_SESSION["tokens"][$_GET["server"]]["?logout"];
+?>" />
+<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" />
</p>
+</form>
<form action="">
<p><?php if (strlen($_GET["server"])) { ?><input type="hidden" name="server" value="<?php echo htmlspecialchars($_GET["server"]); ?>" /><?php } ?>
<select name="db" onchange="this.form.submit();"><option value="">(<?php echo lang('database'); ?>)</option>
projects / adminer.git / commitdiff