Improve check for numeric ports (bug #769)

author Jakub Vrana <jakub@vrana.cz>

Sun, 6 Dec 2020 12:12:58 +0000 (13:12 +0100)

committer Jakub Vrana <jakub@vrana.cz>

Sun, 6 Dec 2020 12:14:41 +0000 (13:14 +0100)
author Jakub Vrana <jakub@vrana.cz>
Sun, 6 Dec 2020 12:12:58 +0000 (13:12 +0100)
committer Jakub Vrana <jakub@vrana.cz>
Sun, 6 Dec 2020 12:14:41 +0000 (13:14 +0100)
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php

index 1051186ff89de08d90a37ccc6f72f9c334aa722c..964f1d907dc452203111b75859299fc921967798 100644 (file)
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -162,7 +162,7 @@ stop_session(true);
  
  if (isset($_GET["username"]) && is_string(get_password())) {
         list($host, $port) = explode(":", SERVER, 2);
-       if (is_numeric($port) && ($port < 1024 || $port > 65535)) {
+       if (+$port && ($port < 1024 || $port > 65535)) {
                 auth_error(lang('Connecting to privileged ports is not allowed.'));
         }
         check_invalid_login();
diff --git a/changes.txt b/changes.txt

index 11ddd26a8b73026ed266aa049ed76ef7bbc16a6b..a8dd5798d105fbf8d079da5718db49241c6f258a 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -1,5 +1,6 @@
  Adminer 4.7.8-dev:
  Support PHP 8
+Disallow connecting to privileged ports (bug #769)
  
  Adminer 4.7.7 (released 2020-05-11):
  Fix open redirect if Adminer is accessible at //adminer.php%2F@
author	Jakub Vrana <jakub@vrana.cz>
	Sun, 6 Dec 2020 12:12:58 +0000 (13:12 +0100)
committer	Jakub Vrana <jakub@vrana.cz>
	Sun, 6 Dec 2020 12:14:41 +0000 (13:14 +0100)
adminer/include/auth.inc.php		patch \| blob \| history
changes.txt		patch \| blob \| history