if (!$has_token) {
$_SESSION["token"] = rand(1, 1e6); // defense against cross-site request forgery
}
-$token = get_token(); ///< @var string CSRF protection
$permanent = array();
if ($_COOKIE["adminer_permanent"]) {
}
if ($auth && $_POST["token"]) {
- $_POST["token"] = $token; // reset token after explicit login
+ $_POST["token"] = get_token(); // reset token after explicit login
}
$error = ''; ///< @var string
exit;
}
-global $adminer, $connection, $driver, $drivers, $error, $permanent, $has_token, $token, $translations; // allows including Adminer inside a function
+global $adminer, $connection, $driver, $drivers, $error, $permanent, $has_token, $translations; // allows including Adminer inside a function
if (!$_SERVER["REQUEST_URI"]) { // IIS 5 compatibility
$_SERVER["REQUEST_URI"] = $_SERVER["ORIG_PATH_INFO"];
}
}
echo script("mixin(document.body, {onkeydown: bodyKeydown, onclick: bodyClick"
- . (isset($_COOKIE["adminer_version"]) ? "" : ", onload: partial(verifyVersion, '" . VERSION . "', '" . js_escape(ME) . "', '" . get_token() . "')") // $token may be empty in auth.inc.php
+ . (isset($_COOKIE["adminer_version"]) ? "" : ", onload: partial(verifyVersion, '" . VERSION . "', '" . js_escape(ME) . "', '" . get_token() . "')")
. "});
document.body.classList.replace('nojs', 'js');
const offlineMessage = '" . js_escape(lang('You are offline.')) . "';
* @return string[]
*/
function slow_query(string $query): array {
- global $adminer, $token, $driver;
+ global $adminer, $driver;
$db = $adminer->database();
$timeout = $adminer->queryTimeout();
$slow_query = $driver->slowQuery($query, $timeout);
$connection2 = connect($adminer->credentials());
if (is_object($connection2) && ($db == "" || $connection2->select_db($db))) {
$kill = get_val(connection_id(), 0, $connection2); // MySQL and MySQLi can use thread_id but it's not in PDO_MySQL
- echo script("const timeout = setTimeout(() => { ajax('" . js_escape(ME) . "script=kill', function () {}, 'kill=$kill&token=$token'); }, 1000 * $timeout);");
+ echo script("const timeout = setTimeout(() => { ajax('" . js_escape(ME) . "script=kill', function () {}, 'kill=$kill&token=" . get_token() . "'); }, 1000 * $timeout);");
}
}
ob_flush();
return "<input type='hidden' name='" . h($name) . "' value='" . h($value) . "'>\n";
}
-/** Get <input type="hidden" name="token">
-* @param string $special token to use instead of global $token
+/** Get CSRF <input type="hidden" name="token">
* @return string HTML
*/
-function input_token(string $special = ""): string {
- global $token;
- return input_hidden("token", ($special ?: $token));
+function input_token(): string {
+ return input_hidden("token", get_token());
}
/** Get a target="_blank" attribute */
echo "<form action='' method='post'>\n<div id='lang'>";
echo lang('Language') . ": " . html_select("lang", langs(), LANG, "this.form.submit();");
echo " <input type='submit' value='" . lang('Use') . "' class='hidden'>\n";
- echo input_token(get_token()); // $token may be empty in auth.inc.php
+ echo input_token();
echo "</div>\n</form>\n";
}
- identifier: includeOnce.fileNotFound # ./adminer-plugins.php
- "~^Function (set_magic_quotes_runtime|mysql_)~" # PHP < 7 functions
- "~an unknown class OCI-?Lob~" # this looks like PHPStan bug
- - "~^Variable \\$(adminer|connection|driver|drivers|error|permanent|has_token|token|translations) might not be defined~" # declared in bootstrap.inc.php
+ - "~^Variable \\$(adminer|connection|driver|drivers|error|permanent|has_token|translations) might not be defined~" # declared in bootstrap.inc.php
- "~expects int, float given~" # this will work
- "~expects bool~" # truthy values
- "~fread expects int<1, max>, 100000~" # 1e6
projects / adminer.git / commitdiff