]> git.joonet.de Git - adminer.git/commitdiff
projects / adminer.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 071e6a2)
Don't send incomplete forms
authorJakub Vrana <jakub@vrana.cz>
Tue, 8 Mar 2011 12:43:05 +0000 (13:43 +0100)
committerJakub Vrana <jakub@vrana.cz>
Tue, 8 Mar 2011 12:43:05 +0000 (13:43 +0100)
20 files changed:
adminer/call.inc.php patch | blob | history
adminer/create.inc.php patch | blob | history
adminer/database.inc.php patch | blob | history
adminer/db.inc.php patch | blob | history
adminer/edit.inc.php patch | blob | history
adminer/event.inc.php patch | blob | history
adminer/include/adminer.inc.php patch | blob | history
adminer/include/connect.inc.php patch | blob | history
adminer/indexes.inc.php patch | blob | history
adminer/procedure.inc.php patch | blob | history
adminer/processlist.inc.php patch | blob | history
adminer/scheme.inc.php patch | blob | history
adminer/select.inc.php patch | blob | history
adminer/sequence.inc.php patch | blob | history
adminer/sql.inc.php patch | blob | history
adminer/trigger.inc.php patch | blob | history
adminer/type.inc.php patch | blob | history
adminer/user.inc.php patch | blob | history
adminer/view.inc.php patch | blob | history
editor/include/adminer.inc.php patch | blob | history

diff --git a/adminer/call.inc.php b/adminer/call.inc.php
index eb3a1bb6cf96d90b2855577c979a48b03aeb05fd..0620b441eafe61c3eaa2933b20e64cc0c410d734 100644 (file)
--- a/adminer/call.inc.php
+++ b/adminer/call.inc.php
@@ -72,6 +72,6 @@ if ($in) {
 }
 ?>
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" value="<?php echo lang('Call'); ?>">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/create.inc.php b/adminer/create.inc.php
index 84f06bdc6be28e01341a5a186241deb2701433c2..8843cfa3e71641b8963e11cad8d2f275c16b1325 100644 (file)
--- a/adminer/create.inc.php
+++ b/adminer/create.inc.php
@@ -161,9 +161,9 @@ foreach ($engines as $engine) {
 <label><input type="checkbox" onclick="columnShow(this.checked, 5);"><?php echo lang('Default values'); ?></label>
 <?php echo (support("comment") ? checkbox("", "", $comments, lang('Comment'), "columnShow(this.checked, 6); toggle('Comment'); if (this.checked) this.form['Comment'].focus();") . ' <input id="Comment" name="Comment" value="' . h($row["Comment"]) . '" maxlength="60"' . ($comments ? '' : ' class="hidden"') . '>' : ''); ?>
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" value="<?php echo lang('Save'); ?>">
 <?php if (strlen($_GET["create"])) { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 <?php
 if (support("partitioning")) {
        $partition_table = ereg('RANGE|LIST', $row["partition_by"]);
diff --git a/adminer/database.inc.php b/adminer/database.inc.php
index e0d91003495b32e06b1817449fbd9c373139296d..90f720e4c23a7d0d979b3ce7dcd95e68781eae51 100644 (file)
--- a/adminer/database.inc.php
+++ b/adminer/database.inc.php
@@ -62,7 +62,6 @@ echo ($_POST["add_x"] || strpos($name, "\n")
 ) . "\n" . ($collations ? html_select("collation", array("" => "(" . lang('collation') . ")") + $collations, $collate) : "");
 ?>
 <script type='text/javascript'>document.getElementById('name').focus();</script>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" value="<?php echo lang('Save'); ?>">
 <?php
 if (DB != "") {
@@ -71,4 +70,5 @@ if (DB != "") {
        echo "<input type='image' name='add' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'>\n";
 }
 ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/db.inc.php b/adminer/db.inc.php
index eaa3bc9aa64d4fc60cd3b16c97ebc1c129ac5190..5738fe2dc75edb61cafb4c9c680f719cc81933ed 100644 (file)
--- a/adminer/db.inc.php
+++ b/adminer/db.inc.php
@@ -73,7 +73,7 @@ if ($adminer->homepage()) {
                        }
                        echo "</table>\n";
                        if (!information_schema(DB)) {
-                               echo "<p><input type='hidden' name='token' value='$token'>" . ($jush == "sql" ? "<input type='submit' value='" . lang('Analyze') . "'> <input type='submit' name='optimize' value='" . lang('Optimize') . "'> <input type='submit' name='check' value='" . lang('Check') . "'> <input type='submit' name='repair' value='" . lang('Repair') . "'> " : "") . "<input type='submit' name='truncate' value='" . lang('Truncate') . "'" . confirm("formChecked(this, /tables/)") . "> <input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm("formChecked(this, /tables|views/)", 1) . ">\n"; // 1 - eventStop
+                               echo "<p>" . ($jush == "sql" ? "<input type='submit' value='" . lang('Analyze') . "'> <input type='submit' name='optimize' value='" . lang('Optimize') . "'> <input type='submit' name='check' value='" . lang('Check') . "'> <input type='submit' name='repair' value='" . lang('Repair') . "'> " : "") . "<input type='submit' name='truncate' value='" . lang('Truncate') . "'" . confirm("formChecked(this, /tables/)") . "> <input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm("formChecked(this, /tables|views/)", 1) . ">\n"; // 1 - eventStop
                                $databases = (support("scheme") ? schemas() : get_databases());
                                if (count($databases) != 1 && $jush != "sqlite") {
                                        $db = (isset($_POST["target"]) ? $_POST["target"] : (support("scheme") ? $_GET["ns"] : DB));
@@ -83,6 +83,7 @@ if ($adminer->homepage()) {
                                        echo (support("copy") ? " <input type='submit' name='copy' value='" . lang('Copy') . "' onclick='eventStop(event);'>" : "");
                                        echo "\n";
                                }
+                               echo "<input type='hidden' name='token' value='$token'>\n";
                        }
                        echo "</form>\n";
                }
diff --git a/adminer/edit.inc.php b/adminer/edit.inc.php
index f82e3656a809df0496ce51273b85b61cde9db9a6..5854b958cea3db9b540de64c052dd848ac059413 100644 (file)
--- a/adminer/edit.inc.php
+++ b/adminer/edit.inc.php
@@ -90,13 +90,7 @@ if ($fields) {
 }
 ?>
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
-<input type="hidden" name="referer" value="<?php echo h(isset($_POST["referer"]) ? $_POST["referer"] : $_SERVER["HTTP_REFERER"]); ?>">
-<input type="hidden" name="save" value="1">
 <?php
-if (isset($_GET["select"])) {
-       hidden_fields(array("check" => (array) $_POST["check"], "clone" => $_POST["clone"], "all" => $_POST["all"]));
-}
 if ($fields) {
        echo "<input type='submit' value='" . lang('Save') . "'>\n";
        if (!isset($_GET["select"])) {
@@ -106,5 +100,11 @@ if ($fields) {
 echo ($update ? "<input type='submit' name='delete' value='" . lang('Delete') . "' onclick=\"return confirm('" . lang('Are you sure?') . "');\">\n"
        : ($_POST ? "" : "<script type='text/javascript'>document.getElementById('form').getElementsByTagName('td')[1].firstChild.focus();</script>\n")
 );
+if (isset($_GET["select"])) {
+       hidden_fields(array("check" => (array) $_POST["check"], "clone" => $_POST["clone"], "all" => $_POST["all"]));
+}
 ?>
+<input type="hidden" name="referer" value="<?php echo h(isset($_POST["referer"]) ? $_POST["referer"] : $_SERVER["HTTP_REFERER"]); ?>">
+<input type="hidden" name="save" value="1">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/event.inc.php b/adminer/event.inc.php
index 62eaf7adbf78ecc3438e291de9ee73ceb2fc1927..d942a293ec9ef19c6e6e1ee157229a78742a8c19 100644 (file)
--- a/adminer/event.inc.php
+++ b/adminer/event.inc.php
@@ -47,7 +47,7 @@ if ($_POST) {
 </table>
 <p><?php textarea("EVENT_DEFINITION", $row["EVENT_DEFINITION"]); ?>
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" value="<?php echo lang('Save'); ?>">
 <?php if ($EVENT != "") { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index fdb413af358beb7caed3a6a4019181c40d88f749..1ac76419617e5f58a9e48ddd0aa042f2e8b09c31 100644 (file)
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -739,8 +739,8 @@ DROP PROCEDURE adminer_alter;
                                }
                        }
                        ?>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" onclick="eventStop(event);">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </p>
 </form>
 <form action="">
diff --git a/adminer/include/connect.inc.php b/adminer/include/connect.inc.php
index 54732b20fe0329d7757f8a83157f5275b6b036ad..e495834a271977fc16111193e59ccfc6927e7daa 100644 (file)
--- a/adminer/include/connect.inc.php
+++ b/adminer/include/connect.inc.php
@@ -32,7 +32,7 @@ function connect_error() {
                        $collations = collations();
                        echo "<form action='' method='post'>\n";
                        echo "<table cellspacing='0' onclick='tableClick(event);'>\n";
-                       echo "<thead><tr><td><input type='hidden' name='token' value='$token'>&nbsp;<th>" . lang('Database') . "<td>" . lang('Collation') . "<td>" . lang('Tables') . "</thead>\n";
+                       echo "<thead><tr><td>&nbsp;<th>" . lang('Database') . "<td>" . lang('Collation') . "<td>" . lang('Tables') . "</thead>\n";
                        foreach ($databases as $db) {
                                $root = h(ME) . "db=" . urlencode($db);
                                echo "<tr" . odd() . "><td>" . checkbox("db[]", $db, in_array($db, (array) $_POST["db"]));
@@ -43,6 +43,7 @@ function connect_error() {
                        }
                        echo "</table>\n";
                        echo "<p><input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm("formChecked(this, /db/)", 1) . ">\n"; // 1 - eventStop
+                       echo "<input type='hidden' name='token' value='$token'>\n";
                        echo "<a href='" . h(ME) . "refresh=1' onclick='eventStop(event);'>" . lang('Refresh') . "</a>\n";
                        echo "</form>\n";
                }
diff --git a/adminer/indexes.inc.php b/adminer/indexes.inc.php
index d5334c6f9c847fb50a5925def8d60320ff76aa66..13b54fdd862b271a8dc49bf1bbaa9caa3091a617 100644 (file)
--- a/adminer/indexes.inc.php
+++ b/adminer/indexes.inc.php
@@ -94,7 +94,7 @@ foreach ($row["indexes"] as $index) {
 ?>
 </table>
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" value="<?php echo lang('Save'); ?>">
 <noscript><p><input type="submit" name="add" value="<?php echo lang('Add next'); ?>"></noscript>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/procedure.inc.php b/adminer/procedure.inc.php
index 1fab8605837cccbbe9d2b1309f6442a5dd2e627e..99ab5dcbde7f2921c61dbb81013c775edef8464c 100644 (file)
--- a/adminer/procedure.inc.php
+++ b/adminer/procedure.inc.php
@@ -51,8 +51,8 @@ if (isset($_GET["function"])) {
 </table>
 <p><?php textarea("definition", $row["definition"]); ?>
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
-<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
 <input type="submit" value="<?php echo lang('Save'); ?>">
 <?php if ($PROCEDURE != "") { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
+<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/processlist.inc.php b/adminer/processlist.inc.php
index 5635ea762e6388addb805f9313dadc043189001f..aac3f50224cb25d1b2ff9019d2311acf0cb8c1aa 100644 (file)
--- a/adminer/processlist.inc.php
+++ b/adminer/processlist.inc.php
@@ -30,6 +30,6 @@ foreach (get_rows("SHOW FULL PROCESSLIST") as $i => $row) {
 </table>
 <p><?php echo ($i + 1) . "/" . lang('%d in total', $connection->result("SELECT @@max_connections")); ?>
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" value="<?php echo lang('Kill'); ?>">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/scheme.inc.php b/adminer/scheme.inc.php
index 980bca42d3068cbab6c0c9b986f83987e84014bd..cb570fe8c61d84c6e8f237f799fd00f5a6c0008f 100644 (file)
--- a/adminer/scheme.inc.php
+++ b/adminer/scheme.inc.php
@@ -25,11 +25,11 @@ if ($_POST) {
 
 <form action="" method="post">
 <p><input name="name" value="<?php echo h($row["name"]); ?>">
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" value="<?php echo lang('Save'); ?>">
 <?php
 if ($_GET["ns"] != "") {
        echo "<input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm() . ">\n";
 }
 ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/select.inc.php b/adminer/select.inc.php
index 40b8bfc81ea744a9e8296fb33a5534b6627a6fe1..d490cd7a7dd19155526c5a7504c5f78eb96c5254 100644 (file)
--- a/adminer/select.inc.php
+++ b/adminer/select.inc.php
@@ -409,9 +409,10 @@ if (!$columns) {
                        echo "</div></fieldset>\n";
                }
                print_fieldset("import", lang('Import'), !$rows);
-               echo "<input type='hidden' name='token' value='$token'><input type='file' name='csv_file'> ";
+               echo "<input type='file' name='csv_file'> ";
                echo html_select("separator", array("csv" => "CSV,", "csv;" => "CSV;", "tsv" => "TSV"), $adminer_export["format"], 1); // 1 - select
-               echo " <input type='submit' name='import' value='" . lang('Import') . "'>\n";
+               echo " <input type='submit' name='import' value='" . lang('Import') . "'>";
+               echo "<input type='hidden' name='token' value='$token'>\n";
                echo "</div></fieldset>\n";
                
                $adminer->selectEmailPrint(array_filter($email_fields, 'strlen'), $columns);
diff --git a/adminer/sequence.inc.php b/adminer/sequence.inc.php
index 502eabffd2e587c0e81ce0659692c726605e250b..696819efeb74c3e96945f7762a61768b306d8194 100644 (file)
--- a/adminer/sequence.inc.php
+++ b/adminer/sequence.inc.php
@@ -24,11 +24,11 @@ if ($_POST) {
 
 <form action="" method="post">
 <p><input name="name" value="<?php echo h($row["name"]); ?>">
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" value="<?php echo lang('Save'); ?>">
 <?php
 if ($SEQUENCE != "") {
        echo "<input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm() . ">\n";
 }
 ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/sql.inc.php b/adminer/sql.inc.php
index 553f764ffc358945cbc53b08d44b10acfd61d475..20055b903ae238283802539c19a9ed58e647129b 100644 (file)
--- a/adminer/sql.inc.php
+++ b/adminer/sql.inc.php
@@ -118,9 +118,8 @@ if (!$error && $_POST) {
                                                                        $export = ", <a href='#$id' onclick=\"return !toggle('$id');\">" . lang('Export') . "</a><span id='$id' class='hidden'>: "
                                                                                . html_select("output", $adminer->dumpOutput(), $adminer_export["output"]) . " "
                                                                                . html_select("format", $dump_format, $adminer_export["format"])
-                                                                               . " <input type='hidden' name='query' value='" . h($q) . "' />"
-                                                                               . " <input type='hidden' name='token' value='$token' />"
-                                                                               . " <input type='submit' name='export' value='" . lang('Export') . "' onclick='eventStop(event);'></span>"
+                                                                               . "<input type='hidden' name='query' value='" . h($q) . "'>"
+                                                                               . " <input type='submit' name='export' value='" . lang('Export') . "' onclick='eventStop(event);'><input type='hidden' name='token' value='$token'></span>"
                                                                        ;
                                                                        if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) {
                                                                                $id = "explain-$commands";
@@ -179,8 +178,8 @@ echo "<p>" . (ini_bool("file_uploads") ? lang('File upload') . ': <input type="f
 
 ?>
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" value="<?php echo lang('Execute'); ?>" title="Ctrl+Enter">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 <?php
 echo checkbox("error_stops", 1, $_POST["error_stops"], lang('Stop on error')) . "\n";
 echo checkbox("only_errors", 1, $_POST["only_errors"], lang('Show only errors')) . "\n";
diff --git a/adminer/trigger.inc.php b/adminer/trigger.inc.php
index a9f1eca8836e35941c8c8b98ca7311e539d375f7..2e3fb4ec14047130da2a4f9db89bac56f74fa282 100644 (file)
--- a/adminer/trigger.inc.php
+++ b/adminer/trigger.inc.php
@@ -37,8 +37,8 @@ if ($_POST) {
 <p><?php echo lang('Name'); ?>: <input name="Trigger" value="<?php echo h($row["Trigger"]); ?>" maxlength="64">
 <p><?php textarea("Statement", $row["Statement"]); ?>
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
-<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
 <input type="submit" value="<?php echo lang('Save'); ?>">
 <?php if ($_GET["name"] != "") { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
+<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/type.inc.php b/adminer/type.inc.php
index 4f30550d8568de169454aa28b59617d2bd317080..0421d13c60af630f4132a4f6f68ddae4579a65ad 100644 (file)
--- a/adminer/type.inc.php
+++ b/adminer/type.inc.php
@@ -20,7 +20,6 @@ if ($_POST) {
 
 <form action="" method="post">
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <?php
 if ($TYPE != "") {
        echo "<input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm() . ">\n";
@@ -30,4 +29,5 @@ if ($TYPE != "") {
        echo "<p><input type='submit' value='" . lang('Save') . "'>\n";
 }
 ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/user.inc.php b/adminer/user.inc.php
index c4f74b521df3833aca924452c8baf53588cbb706..874b01de39fdfe25fc235899dae7076ae306f2a4 100644 (file)
--- a/adminer/user.inc.php
+++ b/adminer/user.inc.php
@@ -162,7 +162,7 @@ foreach (array(
 echo "</table>\n";
 ?>
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" value="<?php echo lang('Save'); ?>">
 <?php if (isset($_GET["host"])) { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/adminer/view.inc.php b/adminer/view.inc.php
index 0d47b8c5504106b30f1409a3b7c8a3fe04447f05..76e6959a67652ac3c2336f1c0aeee813c5b7962c 100644 (file)
--- a/adminer/view.inc.php
+++ b/adminer/view.inc.php
@@ -28,7 +28,7 @@ if ($_POST) {
 <p><?php echo lang('Name'); ?>: <input name="name" value="<?php echo h($row["name"]); ?>" maxlength="64">
 <p><?php textarea("select", $row["select"]); ?>
 <p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <?php if ($dropped) { // old view was dropped but new wasn't created ?><input type="hidden" name="dropped" value="1"><?php } ?>
 <input type="submit" value="<?php echo lang('Save'); ?>">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </form>
diff --git a/editor/include/adminer.inc.php b/editor/include/adminer.inc.php
index b4c51a30c35a584d0fc23fb8190eb77c32eea334..668f9ba8bbad7eeb4321407e49f890a6b2e0d223 100644 (file)
--- a/editor/include/adminer.inc.php
+++ b/editor/include/adminer.inc.php
@@ -505,8 +505,8 @@ ORDER BY ORDINAL_POSITION", null, "") as $row) { //! requires MySQL 5
                        ?>
 <form action="" method="post">
 <p class="logout">
-<input type="hidden" name="token" value="<?php echo $token; ?>">
 <input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" onclick="eventStop(event);">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
 </p>
 </form>
 <?php
Sources of adminer, a webclient for database management systems.