CSRF protection of included JavaScript

diff --git a/adminer/db.inc.php b/adminer/db.inc.php
index 20944c96f106ca7a31c3e45ee7b49b2e7801b591..453e0c2531fc8054a6f985d01d20163abb749988 100644 (file)
--- a/adminer/db.inc.php
+++ b/adminer/db.inc.php
@@ -155,6 +155,6 @@ if ($_GET["ns"] !== "") {
        }
        
        page_footer();
-       echo "<script type='text/javascript' src='" . h(ME) . "script=db'></script>\n";
+       echo "<script type='text/javascript' src='" . h(ME . "script=db&token=$token") . "'></script>\n";
        exit; // page_footer() already called
 }

diff --git a/adminer/include/connect.inc.php b/adminer/include/connect.inc.php
index 231e2f7c400e6b8db63f3a068610972a2b32452c..a222dd73e52b0a180f6b5dd55086405805e73d77 100644 (file)
--- a/adminer/include/connect.inc.php
+++ b/adminer/include/connect.inc.php
@@ -43,7 +43,7 @@ function connect_error() {
                }
        }
        page_footer("db");
-       echo "<script type='text/javascript' src='" . h(ME) . "script=connect'></script>\n";
+       echo "<script type='text/javascript' src='" . h(ME . "script=connect&token=$token") . "'></script>\n";
 }
 
 if (isset($_GET["status"])) {

diff --git a/adminer/script.inc.php b/adminer/script.inc.php
index 3d872b46f5f42dff7cd7caca211968f8cdc6a542..81d663e9b6432eeb4610147617eaf51aa8e3b1d2 100644 (file)
--- a/adminer/script.inc.php
+++ b/adminer/script.inc.php
@@ -1,5 +1,8 @@
 <?php
 header("Content-Type: text/javascript; charset=utf-8");
+if ($_GET["token"] != $token) { // CSRF protection
+       exit;
+}
 
 if ($_GET["script"] == "db") {
        $sums = array("Data_length" => 0, "Index_length" => 0, "Data_free" => 0);