Hide error message from HTTP servers

diff --git a/changes.txt b/changes.txt
index 4dee070fa835c82c998f606a2907d7450182b32f..1d2ac7f34cb4868663492bffcdf71b0d0ccbe185 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -1,3 +1,7 @@
+Adminer 4.15.0-dev:
+Don't allow path in HTTP servers
+Hide error message from HTTP servers
+
 Adminer 4.14.0:
 Use autofocus HTML attribute
 PostgreSQL: Fix initial value of exported autoincrement

diff --git a/plugins/drivers/clickhouse.php b/plugins/drivers/clickhouse.php
index 30305400cbc285895cfa664ecfb1ec609b3aba06..a96666454d586dd82495ab214d9d70c8d96ae524 100644 (file)
--- a/plugins/drivers/clickhouse.php
+++ b/plugins/drivers/clickhouse.php
@@ -9,7 +9,6 @@ if (isset($_GET["clickhouse"])) {
                var $_db = 'default';
 
                function rootQuery($db, $query) {
-                       @ini_set('track_errors', 1); // @ - may be disabled
                        $file = @file_get_contents("$this->_url/?database=$db", false, stream_context_create(array('http' => array(
                                'method' => 'POST',
                                'content' => $this->isQuerySelectLike($query) ? "$query FORMAT JSONCompact" : $query,
@@ -19,12 +18,8 @@ if (isset($_GET["clickhouse"])) {
                                'max_redirects' => 0,
                        ))));
 
-                       if ($file === false) {
-                               $this->error = $php_errormsg;
-                               return $file;
-                       }
-                       if (!preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) {
-                               $this->error = lang('Invalid credentials.') . " $http_response_header[0]";
+                       if ($file === false || !preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) {
+                               $this->error = lang('Invalid credentials.');
                                return false;
                        }
                        $return = json_decode($file, true);

diff --git a/plugins/drivers/elastic.php b/plugins/drivers/elastic.php
index 351c8531261cdc03d90e9b0927f83899dd8d62a0..df6f92efe62b9c973f884c9f09486202f9b5b6cb 100644 (file)
--- a/plugins/drivers/elastic.php
+++ b/plugins/drivers/elastic.php
@@ -17,8 +17,6 @@ if (isset($_GET["elastic"])) {
                         * @return array|false
                         */
                        function rootQuery($path, array $content = null, $method = 'GET') {
-                               @ini_set('track_errors', 1); // @ - may be disabled
-
                                $file = @file_get_contents("$this->_url/" . ltrim($path, '/'), false, stream_context_create(array('http' => array(
                                        'method' => $method,
                                        'content' => $content !== null ? json_encode($content) : null,

diff --git a/plugins/drivers/elastic5.php b/plugins/drivers/elastic5.php
index ceb6abfe2288de509ba81b9449154b52984ba4c7..c277a0adc724a40e1cad7e7ccbad00595c569144 100644 (file)
--- a/plugins/drivers/elastic5.php
+++ b/plugins/drivers/elastic5.php
@@ -15,8 +15,6 @@ if (isset($_GET["elastic5"])) {
                         * @return mixed
                         */
                        function rootQuery($path, $content = array(), $method = 'GET') {
-                               @ini_set('track_errors', 1); // @ - may be disabled
-
                                $file = @file_get_contents("$this->_url/" . ltrim($path, '/'), false, stream_context_create(array('http' => array(
                                        'method' => $method,
                                        'content' => $content === null ? $content : json_encode($content),
@@ -25,12 +23,8 @@ if (isset($_GET["elastic5"])) {
                                        'follow_location' => 0,
                                        'max_redirects' => 0,
                                ))));
-                               if (!$file) {
-                                       $this->error = $php_errormsg;
-                                       return $file;
-                               }
-                               if (!preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) {
-                                       $this->error = lang('Invalid credentials.') . " $http_response_header[0]";
+                               if (!$file || !preg_match('~^HTTP/[0-9.]+ 2~i', $http_response_header[0])) {
+                                       $this->error = lang('Invalid credentials.');
                                        return false;
                                }
                                $return = json_decode($file, true);

diff --git a/plugins/drivers/simpledb.php b/plugins/drivers/simpledb.php
index 64628fcd3595894ee45a516f7173c444348796dc..b9212b1ae44900cec5117b9bd078fa781ee6347e 100644 (file)
--- a/plugins/drivers/simpledb.php
+++ b/plugins/drivers/simpledb.php
@@ -424,7 +424,6 @@ if (isset($_GET["simpledb"])) {
                }
                $query = str_replace('%7E', '~', substr($query, 1));
                $query .= "&Signature=" . urlencode(base64_encode(hmac('sha1', "POST\n" . preg_replace('~^https?://~', '', $host) . "\n/\n$query", $secret, true)));
-               @ini_set('track_errors', 1); // @ - may be disabled
                $file = @file_get_contents((preg_match('~^https?://~', $host) ? $host : "http://$host"), false, stream_context_create(array('http' => array(
                        'method' => 'POST', // may not fit in URL with GET
                        'content' => $query,
@@ -433,7 +432,7 @@ if (isset($_GET["simpledb"])) {
                        'max_redirects' => 0,
                ))));
                if (!$file) {
-                       $connection->error = $php_errormsg;
+                       $this->error = lang('Invalid credentials.');
                        return false;
                }
                libxml_use_internal_errors(true);