]> git.joonet.de Git - adminer.git/commitdiff
projects / adminer.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 7d83484)
Don't trust user token
authorjakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Sat, 21 Nov 2009 08:59:03 +0000 (08:59 +0000)
committerjakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Sat, 21 Nov 2009 08:59:03 +0000 (08:59 +0000)
git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1249 7c3ca157-0c34-0410-bff1-cbf682f78f5c

adminer/include/auth.inc.php patch | blob | history

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 6049ac8cd218a134dae6b8d246ba814fa3c74b1b..ff35f69402f9e95f0897886752a849530b2d5802 100644 (file)
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -60,5 +60,5 @@ if (is_string($connection) || !$adminer->login($username, $_SESSION["passwords"]
 unset($username);
 
 if (!$_SESSION["tokens"][$_GET["server"]]) {
-       $_SESSION["tokens"][$_GET["server"]] = (isset($_POST["server"]) && $_POST["token"] ? $_POST["token"] : rand(1, 1e6)); // defense against cross-site request forgery
+       $_SESSION["tokens"][$_GET["server"]] = rand(1, 1e6); // defense against cross-site request forgery
 }
Sources of adminer, a webclient for database management systems.