Deferred operations by AJAX instead of JS (doesn't require sending token)

diff --git a/adminer/db.inc.php b/adminer/db.inc.php
index b433c49fff63b31a5179039dc6d0d640f8a52cf7..dd668031ff7e3519f21779169f1d2d22819c1c87 100644 (file)
--- a/adminer/db.inc.php
+++ b/adminer/db.inc.php
@@ -155,8 +155,6 @@ if ($_GET["ns"] !== "") {
        }
        
        if ($tables_list) {
-               page_footer();
-               echo "<script type='text/javascript' src='" . h(ME . "script=db&token=$token") . "'></script>\n";
-               exit; // page_footer() already called
+               echo "<script type='text/javascript'>ajaxSetHtml('" . addcslashes(ME, "\\'/") . "script=db');</script>\n";
        }
 }

diff --git a/adminer/include/connect.inc.php b/adminer/include/connect.inc.php
index 1f58a6eff18649aad6141ba4851daf048fcccd7f..52a910cfcca1fbbd5523d9d60dc0fa439a8ffa71 100644 (file)
--- a/adminer/include/connect.inc.php
+++ b/adminer/include/connect.inc.php
@@ -45,7 +45,7 @@ function connect_error() {
        }
        page_footer("db");
        if ($databases) {
-               echo "<script type='text/javascript' src='" . h(ME . "script=connect&token=$token") . "'></script>\n";
+               echo "<script type='text/javascript'>ajaxSetHtml('" . addcslashes(ME, "\\'/") . "script=connect');</script>\n";
        }
 }
 

diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index 683135c126f738cdd96ef97f053d1def9d40671e..b063e7352cc280a8691e4186984e3d057cc799f8 100644 (file)
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -482,6 +482,25 @@ function odd($return = ' class="odd"') {
        return ($i++ % 2 ? $return : '');
 }
 
+/** Print one row in JSON object
+* @param string or "" to close the object
+* @param string
+* @return null
+*/
+function json_row($key, $val = null) {
+       static $first = true;
+       if ($first) {
+               echo "{";
+       }
+       if ($key != "") {
+               echo ($first ? "" : ",") . "\n\t\"" . addcslashes($key, '\\"') . '": ' . (isset($val) ? '"' . addcslashes($val, '\\"') . '"' : 'undefined');
+               $first = false;
+       } else {
+               echo "\n}\n";
+               $first = true;
+       }
+}
+
 /** Check whether the string is in UTF-8
 * @param string
 * @return bool

diff --git a/adminer/script.inc.php b/adminer/script.inc.php
index 81d663e9b6432eeb4610147617eaf51aa8e3b1d2..5b892514299ccd95279b50d2a96118fadcd5b51e 100644 (file)
--- a/adminer/script.inc.php
+++ b/adminer/script.inc.php
@@ -1,38 +1,37 @@
 <?php
 header("Content-Type: text/javascript; charset=utf-8");
-if ($_GET["token"] != $token) { // CSRF protection
-       exit;
-}
 
 if ($_GET["script"] == "db") {
        $sums = array("Data_length" => 0, "Index_length" => 0, "Data_free" => 0);
        foreach (table_status() as $row) {
-               $id = addcslashes($row["Name"], "\\'/");
-               echo "setHtml('Comment-$id', '" . addcslashes(nbsp($row["Comment"]), "'\\") . "');\n";
+               $id = $row["Name"];
+               json_row("Comment-$id", nbsp($row["Comment"]));
                if (!is_view($row)) {
                        foreach (array("Engine", "Collation") as $key) {
-                               echo "setHtml('$key-$id', '" . addcslashes(nbsp($row[$key]), "'\\") . "');\n";
+                               json_row("$key-$id", nbsp($row[$key]));
                        }
                        foreach ($sums + array("Auto_increment" => 0, "Rows" => 0) as $key => $val) {
                                if ($row[$key] != "") {
                                        $val = number_format($row[$key], 0, '.', lang(','));
-                                       echo "setHtml('$key-$id', '" . ($key == "Rows" && $row["Engine"] == "InnoDB" && $val ? "~ $val" : $val) . "');\n";
+                                       json_row("$key-$id", ($key == "Rows" && $row["Engine"] == "InnoDB" && $val ? "~ $val" : $val));
                                        if (isset($sums[$key])) {
                                                $sums[$key] += ($row["Engine"] != "InnoDB" || $key != "Data_free" ? $row[$key] : 0);
                                        }
                                } elseif (array_key_exists($key, $row)) {
-                                       echo "setHtml('$key-$id');\n";
+                                       json_row("$key-$id");
                                }
                        }
                }
        }
        foreach ($sums as $key => $val) {
-               echo "setHtml('sum-$key', '" . number_format($val, 0, '.', lang(',')) . "');\n";
+               json_row("sum-$key", number_format($val, 0, '.', lang(',')));
        }
+       json_row("");
 } else { // connect
        foreach (count_tables(get_databases()) as $db => $val) {
-               echo "setHtml('tables-" . addcslashes($db, "\\'/") . "', '$val');\n";
+               json_row("tables-$db", $val);
        }
+       json_row("");
 }
 
 exit; // don't print footer

diff --git a/adminer/static/functions.js b/adminer/static/functions.js
index 6a1fb84d0b08f623be1079d1af0fa5dd16766601..54728a00a8440c7c15e473bfee38158ccf35ad70 100644 (file)
--- a/adminer/static/functions.js
+++ b/adminer/static/functions.js
@@ -187,6 +187,19 @@ function ajax(url, callback, data) {
        return xmlhttp;
 }
 
+/** Use setHtml(key, value) for JSON response
+* @param string
+* @return XMLHttpRequest or false in case of an error
+*/
+function ajaxSetHtml(url) {
+       return ajax(url, function (text) {
+               var data = eval('(' + text + ')');
+               for (var key in data) {
+                       setHtml(key, data[key]);
+               }
+       });
+}
+
 var ajaxState = 0;
 var ajaxTimeout;