Don't execute external JavaScript when verifying version

diff --git a/adminer/include/design.inc.php b/adminer/include/design.inc.php
index d668dd13f599c0b86ca5e4abbbbb93b6d85f86f5..6a3930f0b934174b9e5eb1ad4c71c0283486f9b3 100644 (file)
--- a/adminer/include/design.inc.php
+++ b/adminer/include/design.inc.php
@@ -7,7 +7,7 @@
 * @return null
 */
 function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
-       global $LANG, $adminer, $connection, $drivers, $jush;
+       global $LANG, $VERSION, $adminer, $connection, $drivers, $jush;
        page_headers();
        $title_all = $title . ($title2 != "" ? ": $title2" : "");
        $title_page = strip_tags($title_all . (SERVER != "" && SERVER != "localhost" ? h(" - " . SERVER) : "") . " - " . $adminer->name());
@@ -29,7 +29,7 @@ function page_header($title, $error = "", $breadcrumb = array(), $title2 = "") {
 <?php } ?>
 <?php } ?>
 
-<body class="<?php echo lang('ltr'); ?> nojs" onkeydown="bodyKeydown(event);" onclick="bodyClick(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion();"); ?>">
+<body class="<?php echo lang('ltr'); ?> nojs" onkeydown="bodyKeydown(event);" onclick="bodyClick(event);" onload="bodyLoad('<?php echo (is_object($connection) ? substr($connection->server_info, 0, 3) : ""); ?>');<?php echo (isset($_COOKIE["adminer_version"]) ? "" : " verifyVersion('$VERSION');"); ?>">
 <script type="text/javascript">
 document.body.className = document.body.className.replace(/ nojs/, ' js');
 </script>

diff --git a/adminer/static/functions.js b/adminer/static/functions.js
index 819e66556367958621081c3dac227eb82cf4d533..0d8c38fa9e9b1bf9e45d8b61a25ac3817eb63b0c 100644 (file)
--- a/adminer/static/functions.js
+++ b/adminer/static/functions.js
@@ -30,12 +30,29 @@ function cookie(assign, days) {
 }
 
 /** Verify current Adminer version
+* @param string
 */
-function verifyVersion() {
+function verifyVersion(current) {
        cookie('adminer_version=0', 1);
-       var script = document.createElement('script');
-       script.src = location.protocol + '//www.adminer.org/version.php';
-       document.body.appendChild(script);
+       var iframe = document.createElement('iframe');
+       iframe.src = location.protocol + '//www.adminer.org/version/?current=' + current;
+       iframe.frameBorder = 0;
+       iframe.marginHeight = 0;
+       iframe.scrolling = 'no';
+       iframe.style.width = '7ex';
+       iframe.style.height = '1.25em';
+       if (window.postMessage && window.addEventListener) {
+               iframe.style.display = 'none';
+               addEventListener('message', function (event) {
+                       if (event.origin == location.protocol + '//www.adminer.org') {
+                               var match = /version=(.+)/.exec(event.data);
+                               if (match) {
+                                       cookie('adminer_version=' + match[1], 1);
+                               }
+                       }
+               }, false);
+       }
+       document.getElementById('version').appendChild(iframe);
 }
 
 /** Get value of select

diff --git a/changes.txt b/changes.txt
index adea07ce4bbc2d71bd33e3482fdf55a5f5f4aa78..3f19c43f781b76f79eaabe55b6e92b8bcd883c1b 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -16,6 +16,7 @@ Encrypt passwords stored in session by a key stored in cookie
 Don't append newlines to uploaded files, bug since Adminer 3.7.0
 Don't display SQL edit form on Ctrl+click on the select query, introduced in Adminer 3.6.4
 Use MD5 for editing long keys only in supported drivers, bug since Adminer 3.6.4
+Don't execute external JavaScript when verifying version
 Protect CSRF token against BREACH
 SQLite: Allow editing primary key
 SQLite: Allow editing foreign keys