Rename variables to avoid conflict with Adminer 2 sessions and enabled register_globals

diff --git a/adminer/database.inc.php b/adminer/database.inc.php
index 8f61bbd2faf0343f474db1e4bd1e5c77f52de151..0827c638a769bd2f28c12fea9251cb480e763f98 100644 (file)
--- a/adminer/database.inc.php
+++ b/adminer/database.inc.php
@@ -10,11 +10,11 @@ if ($_POST && !$error && !isset($_POST["add_x"])) { // add is an image and PHP c
                        $_GET["db"] = $_POST["name"];
                        queries_redirect(preg_replace('~db=[^&]*&~', '', ME) . "db=" . urlencode($_POST["name"]), lang('Database has been renamed.'), rename_database($_POST["name"], $_POST["collation"]));
                } else {
-                       $dbs = explode("\n", str_replace("\r", "", $_POST["name"]));
+                       $databases = explode("\n", str_replace("\r", "", $_POST["name"]));
                        $success = true;
                        $last = "";
-                       foreach ($dbs as $db) {
-                               if (count($dbs) == 1 || $db != "") { // ignore empty lines but always try to create single database
+                       foreach ($databases as $db) {
+                               if (count($databases) == 1 || $db != "") { // ignore empty lines but always try to create single database
                                        if (!create_database($db, $_POST["collation"])) {
                                                $success = false;
                                        }

diff --git a/adminer/db.inc.php b/adminer/db.inc.php
index 4e8061f3e7d588d1ace41324f99dd0001b0f88c9..a07da0259fa27097accd689e31b1668c70e1e05c 100644 (file)
--- a/adminer/db.inc.php
+++ b/adminer/db.inc.php
@@ -76,10 +76,10 @@ if ($_GET["ns"] !== "") {
                echo "</table>\n";
                if (!information_schema(DB)) {
                        echo "<p><input type='hidden' name='token' value='$token'>" . ($jush == "sql" ? "<input type='submit' value='" . lang('Analyze') . "'> <input type='submit' name='optimize' value='" . lang('Optimize') . "'> <input type='submit' name='check' value='" . lang('Check') . "'> <input type='submit' name='repair' value='" . lang('Repair') . "'> " : "") . "<input type='submit' name='truncate' value='" . lang('Truncate') . "' onclick=\"return confirm('" . lang('Are you sure?') . " (' + formChecked(this, /tables/) + ')');\"> <input type='submit' name='drop' value='" . lang('Drop') . "' onclick=\"return confirm('" . lang('Are you sure?') . " (' + formChecked(this, /tables|views/) + ')');\">\n";
-                       $dbs = (support("scheme") ? schemas() : get_databases());
-                       if (count($dbs) != 1 && $jush != "sqlite") {
+                       $databases = (support("scheme") ? schemas() : get_databases());
+                       if (count($databases) != 1 && $jush != "sqlite") {
                                $db = (isset($_POST["target"]) ? $_POST["target"] : (support("scheme") ? $_GET["ns"] : DB));
-                               echo "<p>" . lang('Move to other database') . ($dbs ? ": " . html_select("target", $dbs, $db) : ': <input name="target" value="' . h($db) . '">') . " <input type='submit' name='move' value='" . lang('Move') . "'>\n";
+                               echo "<p>" . lang('Move to other database') . ($databases ? ": " . html_select("target", $databases, $db) : ': <input name="target" value="' . h($db) . '">') . " <input type='submit' name='move' value='" . lang('Move') . "'>\n";
                        }
                }
                echo "</form>\n";

diff --git a/adminer/drivers/mysql.inc.php b/adminer/drivers/mysql.inc.php
index f8b232ede9cacab9713001f82d380852864e5d6b..a86fa0cb446d3a1ef80f141961ba042ecb29ad90 100644 (file)
--- a/adminer/drivers/mysql.inc.php
+++ b/adminer/drivers/mysql.inc.php
@@ -266,7 +266,7 @@ if (!defined("DRIVER")) {
        */
        function get_databases($flush = true) {
                // SHOW DATABASES can take a very long time so it is cached
-               $return = &get_session("databases");
+               $return = &get_session("dbs");
                if (!isset($return)) {
                        if ($flush) {
                                restart_session();
@@ -523,7 +523,7 @@ if (!defined("DRIVER")) {
        * @return string
        */
        function create_database($db, $collation) {
-               set_session("databases", null);
+               set_session("dbs", null);
                return queries("CREATE DATABASE " . idf_escape($db) . ($collation ? " COLLATE " . q($collation) : ""));
        }
        
@@ -532,7 +532,7 @@ if (!defined("DRIVER")) {
        * @return bool
        */
        function drop_databases($databases) {
-               set_session("databases", null);
+               set_session("dbs", null);
                return apply_queries("DROP DATABASE", $databases, 'idf_escape');
        }
        

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index a0eb80d88fd5c029a9bc0209612abb17cc6c35d1..d96921339a2be2565a21747e3e2495e68daac0ed 100644 (file)
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -14,7 +14,7 @@ class Adminer {
        * @return array ($server, $username, $password)
        */
        function credentials() {
-               return array(SERVER, $_GET["username"], get_session("passwords"));
+               return array(SERVER, $_GET["username"], get_session("pwds"));
        }
        
        /** Get key used for permanent login
@@ -386,7 +386,7 @@ document.getElementById('username').focus();
                global $jush;
                restart_session();
                $id = "sql-" . count($_SESSION["messages"]);
-               $history = &get_session("history");
+               $history = &get_session("queries");
                $history[$_GET["db"]][] = (strlen($query) > 1e6 // not DB - reset in drop database
                        ? ereg_replace('[\x80-\xFF]+$', '', substr($query, 0, 1e6)) . "\n..." // [\x80-\xFF] - valid UTF-8, \n - can end by one-line comment
                        : $query
@@ -498,7 +498,7 @@ document.getElementById('username').focus();
 <?php
                if ($missing == "auth") {
                        $first = true;
-                       foreach ((array) $_SESSION["passwords"] as $driver => $servers) {
+                       foreach ((array) $_SESSION["pwds"] as $driver => $servers) {
                                foreach ($servers as $server => $usernames) {
                                        foreach ($usernames as $username => $password) {
                                                if (isset($password)) {

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 4e1352d39363c57da66bdb999e87aee0f5fe5850..156593bcf30caf7737ecc07912340c585e7d98fb 100644 (file)
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -22,7 +22,7 @@ if ($_COOKIE["adminer_permanent"]) {
 
 if (isset($_POST["server"])) {
        session_regenerate_id(); // defense against session fixation
-       $_SESSION["passwords"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
+       $_SESSION["pwds"][$_POST["driver"]][$_POST["server"]][$_POST["username"]] = $_POST["password"];
        if ($_POST["permanent"]) {
                $key = base64_encode($_POST["driver"]) . "-" . base64_encode($_POST["server"]) . "-" . base64_encode($_POST["username"]);
                $private = $adminer->permanentLogin();
@@ -42,7 +42,7 @@ if (isset($_POST["server"])) {
                page_footer("db");
                exit;
        } else {
-               foreach (array("passwords", "databases", "history") as $key) {
+               foreach (array("pwds", "dbs", "queries") as $key) {
                        set_session($key, null);
                }
                $key = base64_encode(DRIVER) . "-" . base64_encode(SERVER) . "-" . base64_encode($_GET["username"]);
@@ -52,13 +52,13 @@ if (isset($_POST["server"])) {
                }
                redirect(substr(preg_replace('~(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.'));
        }
-} elseif ($permanent && !$_SESSION["passwords"]) {
+} elseif ($permanent && !$_SESSION["pwds"]) {
        session_regenerate_id();
        $private = $adminer->permanentLogin(); // try to decode even if not set
        foreach ($permanent as $key => $val) {
                list(, $cipher) = explode(":", $val);
                list($driver, $server, $username) = array_map('base64_decode', explode("-", $key));
-               $_SESSION["passwords"][$driver][$server][$username] = decrypt_string(base64_decode($cipher), $private);
+               $_SESSION["pwds"][$driver][$server][$username] = decrypt_string(base64_decode($cipher), $private);
        }
 }
 
@@ -72,7 +72,7 @@ function auth_error($exception = null) {
                if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$token) {
                        $error = lang('Session expired, please login again.');
                } else {
-                       $password = &get_session("passwords");
+                       $password = &get_session("pwds");
                        if (isset($password)) {
                                $error = h($exception ? $exception->getMessage() : (is_string($connection) ? $connection : lang('Invalid credentials.')));
                                $password = null;
@@ -92,7 +92,7 @@ function auth_error($exception = null) {
 if (isset($_GET["username"]) && class_exists("Min_DB")) { // doesn't exists with passing wrong driver
        $connection = connect();
 }
-if (is_string($connection) || !$adminer->login($_GET["username"], get_session("passwords"))) {
+if (is_string($connection) || !$adminer->login($_GET["username"], get_session("pwds"))) {
        auth_error();
        exit;
 }

diff --git a/adminer/include/connect.inc.php b/adminer/include/connect.inc.php
index 0ae6cb8606c4a53cc9f38c60a330c004a0213985..ffa2b13770068e7725b83bf92dbda60da335bac9 100644 (file)
--- a/adminer/include/connect.inc.php
+++ b/adminer/include/connect.inc.php
@@ -6,7 +6,7 @@ function connect_error() {
                page_header(lang('Database') . ": " . h(DB), lang('Invalid database.'), true);
        } else {
                if ($_POST["db"] && !$error) {
-                       set_session("databases", null);
+                       set_session("dbs", null);
                        queries_redirect(substr(ME, 0, -1), lang('Databases have been dropped.'), drop_databases($_POST["db"]));
                }
                
@@ -56,7 +56,7 @@ if (isset($_GET["status"])) {
 }
 if (!(DB != "" ? $connection->select_db(DB) : isset($_GET["sql"]) || isset($_GET["dump"]) || isset($_GET["database"]) || isset($_GET["processlist"]) || isset($_GET["privileges"]) || isset($_GET["user"]) || isset($_GET["variables"]))) {
        if (DB != "") {
-               set_session("databases", null);
+               set_session("dbs", null);
        }
        connect_error(); // separate function to catch SQLite error
        exit;

diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index 9f8bc0852f0b5f1c6dc47ede15b6f5491417d150..68ae314fc8232d478388b7f580724b5500f6274c 100644 (file)
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -63,7 +63,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
                echo "<div class='message'>" . implode("</div>\n<div class='message'>", $_SESSION["messages"]) . "</div>\n";
                $_SESSION["messages"] = array();
        }
-       $databases = &get_session("databases");
+       $databases = &get_session("dbs");
        if (DB != "" && $databases && !in_array(DB, $databases, true)) {
                $databases = null;
        }

diff --git a/adminer/sql.inc.php b/adminer/sql.inc.php
index ccc1341e1d9023a58adf5ad65ecd82bf814b1c26..69f9a1d965411d416459590c4f16148e24a72dd9 100644 (file)
--- a/adminer/sql.inc.php
+++ b/adminer/sql.inc.php
@@ -1,6 +1,6 @@
 <?php
 restart_session();
-$history_all = &get_session("history");
+$history_all = &get_session("queries");
 $history = &$history_all[DB];
 if (!$error && $_POST["clear"]) {
        $history = array();
@@ -39,7 +39,7 @@ if (!$error && $_POST) {
                if (is_object($connection2) && DB != "") {
                        $connection2->select_db(DB);
                }
-               $queries = 0;
+               $commands = 0;
                $errors = "";
                while ($query != "") {
                        if (!$offset && preg_match('~^\\s*DELIMITER\\s+(.+)~i', $query, $match)) {
@@ -58,15 +58,15 @@ if (!$error && $_POST) {
                                        if (!$found || $found == $delimiter) { // end of a query
                                                $empty = false;
                                                $q = substr($query, 0, $match[0][1]);
-                                               $queries++;
-                                               echo "<pre class='jush-$jush' id='sql-$queries'>" . shorten_utf8(trim($q), 1000) . "</pre>\n";
+                                               $commands++;
+                                               echo "<pre class='jush-$jush' id='sql-$commands'>" . shorten_utf8(trim($q), 1000) . "</pre>\n";
                                                ob_flush();
                                                flush(); // can take a long time - show the running query
                                                $start = explode(" ", microtime()); // microtime(true) is available since PHP 5
                                                //! don't allow changing of character_set_results, convert encoding of displayed query
                                                if (!$connection->multi_query($q)) {
                                                        echo "<p class='error'>" . lang('Error in query') . ": " . error() . "\n";
-                                                       $errors .= " <a href='#sql-$queries'>$queries</a>";
+                                                       $errors .= " <a href='#sql-$commands'>$commands</a>";
                                                        if ($_POST["error_stops"]) {
                                                                break;
                                                        }
@@ -82,7 +82,7 @@ if (!$error && $_POST) {
                                                                        select($result, $connection2);
                                                                        echo "<p>" . ($result->num_rows ? lang('%d row(s)', $result->num_rows) : "") . $time;
                                                                        if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q)) {
-                                                                               $id = "explain-$queries";
+                                                                               $id = "explain-$commands";
                                                                                echo ", <a href='#$id' onclick=\"return !toggle('$id');\">EXPLAIN</a>\n";
                                                                                echo "<div id='$id' class='hidden'>\n";
                                                                                select(explain($connection2, $q));
@@ -91,7 +91,7 @@ if (!$error && $_POST) {
                                                                } else {
                                                                        if (preg_match("~^$space*(CREATE|DROP|ALTER)$space+(DATABASE|SCHEMA)\\b~isU", $q)) {
                                                                                restart_session();
-                                                                               set_session("databases", null); // clear cache
+                                                                               set_session("dbs", null); // clear cache
                                                                                session_write_close();
                                                                        }
                                                                        echo "<p class='message' title='" . h($connection->info) . "'>" . lang('Query executed OK, %d row(s) affected.', $connection->affected_rows) . "$time\n";
@@ -115,7 +115,7 @@ if (!$error && $_POST) {
                                }
                        }
                }
-               if ($errors && $queries > 1) {
+               if ($errors && $commands > 1) {
                        echo "<p class='error'>" . lang('Error in query') . ": $errors\n";
                }
                if ($empty) {

diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index 965caaf34692a0c18e235a2fd55d019429a21cee..92249fd28c2205be6a53ff01bf6287bd11b2b944 100644 (file)
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -10,7 +10,7 @@ class Adminer {
        //! driver, ns
        
        function credentials() {
-               return array(SERVER, $_GET["username"], get_session("passwords"));
+               return array(SERVER, $_GET["username"], get_session("pwds"));
        }
        
        function permanentLogin() {
@@ -19,10 +19,10 @@ class Adminer {
        
        function database() {
                global $connection;
-               $dbs = get_databases(false);
-               return (!$dbs
+               $databases = get_databases(false);
+               return (!$databases
                        ? $connection->result("SELECT SUBSTRING_INDEX(CURRENT_USER, '@', 1)") // username without the database list
-                       : $dbs[(information_schema($dbs[0]) ? 1 : 0)] // first available database
+                       : $databases[(information_schema($databases[0]) ? 1 : 0)] // first available database
                );
        }
        
@@ -441,7 +441,7 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
 <?php
                if ($missing == "auth") {
                        $first = true;
-                       foreach ((array) $_SESSION["passwords"]["server"][""] as $username => $password) {
+                       foreach ((array) $_SESSION["pwds"]["server"][""] as $username => $password) {
                                if (isset($password)) {
                                        if ($first) {
                                                echo "<p>\n";