Prevent CSRF

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@76 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/index.php b/index.php
index 847d84ba47a026b005dc25b216edcb6f35f3e1cf..2e6ecf172a727548dce1ca8428ae1c4f5bdb2e68 100644 (file)
--- a/index.php
+++ b/index.php
@@ -13,41 +13,53 @@ include "./connect.inc.php";
 if (isset($_GET["dump"])) {
        include "./dump.inc.php";
 } else {
-       if (isset($_GET["sql"])) {
-               include "./sql.inc.php";
-       } elseif (isset($_GET["table"])) {
+       if (isset($_GET["table"])) {
                include "./table.inc.php";
        } elseif (isset($_GET["select"])) {
                include "./select.inc.php";
-       } elseif (isset($_GET["edit"])) {
-               include "./edit.inc.php";
-       } elseif (isset($_GET["create"])) {
-               include "./create.inc.php";
-       } elseif (isset($_GET["indexes"])) {
-               include "./indexes.inc.php";
        } elseif (isset($_GET["view"])) {
                include "./view.inc.php";
-       } elseif (isset($_GET["database"])) {
-               include "./database.inc.php";
        } else {
-               page_header(htmlspecialchars(lang('Database') . ": " . $_GET["db"]));
-               echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
-               if (mysql_get_server_info() >= 5) {
-                       $result = mysql_query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . mysql_real_escape_string($_GET["db"]) . "'");
-                       if (mysql_num_rows($result)) {
-                               echo "<h2>" . lang('Routines') . "</h2>\n";
-                               echo "<table border='0' cellspacing='0' cellpadding='2'>\n";
-                               while ($row = mysql_fetch_assoc($result)) {
-                                       echo "<tr valign='top'>";
-                                       echo "<th>" . htmlspecialchars($row["ROUTINE_TYPE"]) . "</th>";
-                                       echo "<th>" . htmlspecialchars($row["ROUTINE_NAME"]) . "</th>"; //! parameters from SHOW CREATE {PROCEDURE|FUNCTION}
-                                       echo "<td><pre>" . htmlspecialchars($row["ROUTINE_DEFINITION"]) . "</pre></td>";
-                                       echo "</tr>\n";
-                                       //! call, drop, replace
+               $params = preg_replace('~.*\\?~', '', $_SERVER["REQUEST_URI"]);
+               if ($_POST) {
+                       $error = (in_array($_POST["token"], (array) $_SESSION["tokens"][$params]) ? "" : lang('Invalid CSRF token.'));
+               }
+               if ($_POST && !$error) {
+                       $token = $_POST["token"];
+               } else {
+                       $token = rand(1, 1e6);
+                       $_SESSION["tokens"][$params][] = $token;
+               }
+               if (isset($_GET["sql"])) {
+                       include "./sql.inc.php";
+               } elseif (isset($_GET["edit"])) {
+                       include "./edit.inc.php";
+               } elseif (isset($_GET["create"])) {
+                       include "./create.inc.php";
+               } elseif (isset($_GET["indexes"])) {
+                       include "./indexes.inc.php";
+               } elseif (isset($_GET["database"])) {
+                       include "./database.inc.php";
+               } else {
+                       unset($_SESSION["tokens"][$params]);
+                       page_header(htmlspecialchars(lang('Database') . ": " . $_GET["db"]));
+                       echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
+                       if (mysql_get_server_info() >= 5) {
+                               $result = mysql_query("SELECT * FROM information_schema.ROUTINES WHERE ROUTINE_SCHEMA = '" . mysql_real_escape_string($_GET["db"]) . "'");
+                               if (mysql_num_rows($result)) {
+                                       echo "<h2>" . lang('Routines') . "</h2>\n";
+                                       echo "<table border='0' cellspacing='0' cellpadding='2'>\n";
+                                       while ($row = mysql_fetch_assoc($result)) {
+                                               echo "<tr valign='top'>";
+                                               echo "<th>" . htmlspecialchars($row["ROUTINE_TYPE"]) . "</th>";
+                                               echo "<th>" . htmlspecialchars($row["ROUTINE_NAME"]) . "</th>"; //! parameters from SHOW CREATE {PROCEDURE|FUNCTION}
+                                               echo "<td><pre>" . htmlspecialchars($row["ROUTINE_DEFINITION"]) . "</pre></td>";
+                                               echo "</tr>\n";
+                                       }
+                                       echo "</table>\n";
                                }
-                               echo "</table>\n";
+                               mysql_free_result($result);
                        }
-                       mysql_free_result($result);
                }
        }
        page_footer();