Cookies management on IIS (bug #2931186)

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1305 7c3ca157-0c34-0410-bff1-cbf682f78f5c

diff --git a/adminer/include/adminer.inc.php b/adminer/include/adminer.inc.php
index c19ab338ea06188badfb970e1e2cfef35f99523c..c64a539fd164ead27cda9a2144aab2e57ae97557 100644 (file)
--- a/adminer/include/adminer.inc.php
+++ b/adminer/include/adminer.inc.php
@@ -505,7 +505,7 @@ class Adminer {
 </form>
 <form action="">
 <p>
-<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?>
+<?php echo SID_FORM; ?>
 <?php if ($_GET["server"] != "") { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
 <?php echo ($databases ? html_select("db", array("" => "(" . lang('database') . ")") + $databases, DB, "this.form.submit();") : '<input name="db" value="' . h(DB) . '">'); ?>
 <?php if (isset($_GET["sql"])) { ?><input type="hidden" name="sql" value=""><?php } ?>

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index 3e4284f9f970b2c230a9b156e6279473c74faeb1..0eeafdc9fca95c2588ab101a12265fa913275317 100644 (file)
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -10,9 +10,9 @@ if (isset($_POST["server"])) {
                        . ":" . base64_encode(encrypt_string($_POST["password"], $adminer->permanentLogin()))
                );
        }
-       if (count($_POST) == 3 + ($_POST["permanent"] ? 1 : 0)) { // 3 - server, username, password
+       if (count($_POST) == ($_POST["permanent"] ? 4 : 3)) { // 3 - server, username, password
                $location = ((string) $_GET["server"] === $_POST["server"] ? remove_from_uri(session_name()) : preg_replace('~^([^?]*).*~', '\\1', ME) . ($_POST["server"] != "" ? '?server=' . urlencode($_POST["server"]) : ''));
-               if (SID) {
+               if (SID_FORM) {
                        $pos = strpos($location, '?');
                        $location = ($pos ? substr_replace($location, SID . "&", $pos + 1, 0) : "$location?" . SID);
                }

diff --git a/adminer/include/bootstrap.inc.php b/adminer/include/bootstrap.inc.php
index 997ff60e1a3a88389759df552044946b76a8d214..8fd671b7f6534099219f67bf6f46cb2cdee547a1 100644 (file)
--- a/adminer/include/bootstrap.inc.php
+++ b/adminer/include/bootstrap.inc.php
@@ -46,7 +46,7 @@ if (!isset($_SERVER["REQUEST_URI"])) {
 session_write_close(); // disable session.auto_start
 @ini_set("session.use_trans_sid", false); // protect links in export, @ - may be disabled
 session_name("adminer_sid"); // use specific session name to get own namespace
-$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", (bool) $_SERVER["HTTPS"]);
+$params = array(0, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $_SERVER["HTTPS"] && $_SERVER["HTTPS"] != "off");
 if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
        $params[] = true; // HttpOnly
 }
@@ -75,7 +75,8 @@ if (function_exists("set_magic_quotes_runtime")) {
 @set_time_limit(0); // @ - can be disabled
 
 define("DB", $_GET["db"]); // for the sake of speed and size
-define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID ? SID . '&' : '') . ($_GET["server"] != "" ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (DB != "" ? 'db=' . urlencode(DB) . '&' : ''));
+define("SID_FORM", SID && !ini_get("session.use_only_cookies") ? '<input type="hidden" name="' . session_name() . '" value="' . h(session_id()) . '">' : '');
+define("ME", preg_replace('~^[^?]*/([^?]*).*~', '\\1', $_SERVER["REQUEST_URI"]) . '?' . (SID_FORM ? SID . '&' : '') . ($_GET["server"] != "" ? 'server=' . urlencode($_GET["server"]) . '&' : '') . (DB != "" ? 'db=' . urlencode(DB) . '&' : ''));
 
 include "../adminer/include/version.inc.php";
 include "../adminer/include/functions.inc.php";

diff --git a/adminer/include/functions.inc.php b/adminer/include/functions.inc.php
index fcc5b2c91188b61240de77dc8f2da56a8e1faf30..833e99754d2ac755a140e41f7f2a497c40af6cba 100644 (file)
--- a/adminer/include/functions.inc.php
+++ b/adminer/include/functions.inc.php
@@ -201,7 +201,7 @@ function where_link($i, $column, $value) {
 * @return bool
 */
 function cookie($name, $value) {
-       $params = array($name, $value, time() + 2592000, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", (bool) $_SERVER["HTTPS"]); // 2592000 = 30 * 24 * 60 * 60
+       $params = array($name, $value, time() + 2592000, preg_replace('~\\?.*~', '', $_SERVER["REQUEST_URI"]), "", $_SERVER["HTTPS"] && $_SERVER["HTTPS"] != "off"); // 2592000 = 30 * 24 * 60 * 60
        if (version_compare(PHP_VERSION, '5.2.0') >= 0) {
                $params[] = true; // HttpOnly
        }

diff --git a/adminer/privileges.inc.php b/adminer/privileges.inc.php
index 0540040adb74973e7ac775c82740580f65bd010c..77155a379185fd4aa2525884b85803002ca70a73 100644 (file)
--- a/adminer/privileges.inc.php
+++ b/adminer/privileges.inc.php
@@ -5,7 +5,7 @@ $result = $connection->query("SELECT User, Host FROM mysql.user ORDER BY Host, U
 if (!$result) {
        ?>
 <form action=""><p>
-<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?>
+<?php echo SID_FORM; ?>
 <?php if ($_GET["server"] != "") { ?><input type="hidden" name="server" value="<?php echo h($_GET["server"]); ?>"><?php } ?>
 <?php echo lang('Username'); ?>: <input name="user">
 <?php echo lang('Server'); ?>: <input name="host" value="localhost">

diff --git a/editor/db.inc.php b/editor/db.inc.php
index 4a8e990bcc126b2da216b5534040de68edc751f4..2385fb75b923b983c851ba08f1051c712d999d34 100644 (file)
--- a/editor/db.inc.php
+++ b/editor/db.inc.php
@@ -3,7 +3,7 @@ page_header(lang('Server'), "", null);
 
 ?>
 <form action=""><p>
-<?php if (SID) { ?><input type="hidden" name="<?php echo session_name(); ?>" value="<?php echo h(session_id()); ?>"><?php } ?>
+<?php echo SID_FORM; ?>
 <input name="where[][val]" value="<?php echo h($_GET["where"][0]["val"]); ?>">
 <input type="submit" value="<?php echo lang('Search'); ?>" />
 </form>