Exception to CSRF can be abused in Editor

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@852 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/adminer/dump.inc.php b/adminer/dump.inc.php
index c7e4a52a25ab838c10b2ab66dba1a4ddcc49854b..a27b0e0b1b643e69015d3bbc20d679b10e6e6124 100644 (file)
--- a/adminer/dump.inc.php
+++ b/adminer/dump.inc.php
@@ -162,7 +162,7 @@ if ($dbh->server_info >= 5) {
        $db_style[] = 'CREATE+ALTER';
        $table_style[] = 'CREATE+ALTER';
 }
-echo "<tr><th>" . lang('Output') . "<td>$dump_output\n";
+echo "<tr><th>" . lang('Output') . "<td><input type='hidden' name='token' value='$token'>$dump_output\n";
 echo "<tr><th>" . lang('Format') . "<td>$dump_format\n";
 echo "<tr><th>" . lang('Database') . "<td><select name='db_style'><option>" . optionlist($db_style, (strlen($_GET["db"]) ? '' : 'CREATE')) . "</select>\n";
 echo "<tr><th>" . lang('Tables') . "<td><select name='table_style'><option>" . optionlist($table_style, 'DROP+CREATE') . "</select>\n";

diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php
index 7ca461b25c23c3f2e296894e068f60eeb8835880..2941bf1d261dc51c4cfaf9615e8ad2fc361f81e1 100644 (file)
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -99,6 +99,6 @@ include "./include/export.inc.php";
 $confirm = " onclick=\"return confirm('" . lang('Are you sure?') . "');\"";
 $token = $_SESSION["tokens"][$_GET["server"]];
 $error = ($_POST
-       ? ($_POST["token"] == $token || isset($_GET["dump"]) ? "" : lang('Invalid CSRF token. Send the form again.'))
+       ? ($_POST["token"] == $token ? "" : lang('Invalid CSRF token. Send the form again.'))
        : ($_SERVER["REQUEST_METHOD"] != "POST" ? "" : lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.')) // posted form with no data means that post_max_size exceeded because Adminer always sends token at least
 );