]> git.joonet.de Git - adminer.git/commitdiff
projects / adminer.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 9bfc2a3)
Use stricter regexp in URL
authorJakub Vrana <jakub@vrana.cz>
Wed, 3 Jul 2013 17:34:19 +0000 (10:34 -0700)
committerJakub Vrana <jakub@vrana.cz>
Wed, 3 Jul 2013 17:34:19 +0000 (10:34 -0700)
adminer/database.inc.php patch | blob | history
adminer/include/auth.inc.php patch | blob | history
adminer/include/design.inc.php patch | blob | history

diff --git a/adminer/database.inc.php b/adminer/database.inc.php
index 2306144a85166880c2da295f57dbece91162520f..caf315838a8e88b8c50363d9b73088dc76c02eb1 100644 (file)
--- a/adminer/database.inc.php
+++ b/adminer/database.inc.php
@@ -11,7 +11,7 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
                // create or rename database
                if (DB != "") {
                        $_GET["db"] = $name;
-                       queries_redirect(preg_replace('~db=[^&]*&~', '', ME) . "db=" . urlencode($name), lang('Database has been renamed.'), rename_database($name, $row["collation"]));
+                       queries_redirect(preg_replace('~\bdb=[^&]*&~', '', ME) . "db=" . urlencode($name), lang('Database has been renamed.'), rename_database($name, $row["collation"]));
                } else {
                        $databases = explode("\n", str_replace("\r", "", $name));
                        $success = true;
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index b713da1f2d550b0dec7cc821fc9ab36ba86fe06b..268f0f69b70520654af60e2e72a3443a4b71a902 100644 (file)
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -44,7 +44,7 @@ if ($auth) {
                        set_session($key, null);
                }
                unset_permanent();
-               redirect(substr(preg_replace('~(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
+               redirect(substr(preg_replace('~\b(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
        }
        
 } elseif ($permanent && !$_SESSION["pwds"]) {
diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index 2fe85d33a555a81c54edbdcfd98d395cfb6987c0..22ff672fe11e244434b3d77c14a661765ade2b1e 100644 (file)
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -37,9 +37,9 @@ document.body.className = document.body.className.replace(/ nojs/, ' js');
 <div id="content">
 <?php
        if ($breadcrumb !== null) {
-               $link = substr(preg_replace('~(username|db|ns)=[^&]*&~', '', ME), 0, -1);
+               $link = substr(preg_replace('~\b(username|db|ns)=[^&]*&~', '', ME), 0, -1);
                echo '<p id="breadcrumb"><a href="' . h($link ? $link : ".") . '">' . $drivers[DRIVER] . '</a> &raquo; ';
-               $link = substr(preg_replace('~(db|ns)=[^&]*&~', '', ME), 0, -1);
+               $link = substr(preg_replace('~\b(db|ns)=[^&]*&~', '', ME), 0, -1);
                $server = (SERVER != "" ? h(SERVER) : lang('Server'));
                if ($breadcrumb === false) {
                        echo "$server\n";
Sources of adminer, a webclient for database management systems.