From: Jakub Vrana Date: Tue, 18 Feb 2025 06:58:27 +0000 (+0100) Subject: Don't allow path in HTTP servers X-Git-Tag: v4.16.0~39 X-Git-Url: https://git.joonet.de/?a=commitdiff_plain;h=578c9fca923e3afeccb29761f5da37dfe5d60993;p=adminer.git Don't allow path in HTTP servers --- diff --git a/plugins/drivers/clickhouse.php b/plugins/drivers/clickhouse.php index 86f3464d..30305400 100644 --- a/plugins/drivers/clickhouse.php +++ b/plugins/drivers/clickhouse.php @@ -59,7 +59,7 @@ if (isset($_GET["clickhouse"])) { function connect($server, $username, $password) { preg_match('~^(https?://)?(.*)~', $server, $match); - $this->_url = ($match[1] ? $match[1] : "http://") . "$username:$password@$match[2]"; + $this->_url = ($match[1] ? $match[1] : "http://") . urlencode($username) . ":" . urlencode($password) . "@$match[2]"; $return = $this->query('SELECT 1'); return (bool) $return; } @@ -217,8 +217,11 @@ if (isset($_GET["clickhouse"])) { function connect() { global $adminer; $connection = new Min_DB; - $credentials = $adminer->credentials(); - if ($connection->connect($credentials[0], $credentials[1], $credentials[2])) { + list($server, $username, $password) = $adminer->credentials(); + if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $server)) { + return lang('Invalid server.'); + } + if ($connection->connect($server, $username, $password)) { return $connection; } return $connection->error; diff --git a/plugins/drivers/elastic.php b/plugins/drivers/elastic.php index 399d7cca..351c8531 100644 --- a/plugins/drivers/elastic.php +++ b/plugins/drivers/elastic.php @@ -78,20 +78,13 @@ if (isset($_GET["elastic"])) { * @return bool */ function connect($server, $username, $password) { - $this->_url = build_http_url($server, $username, $password, "localhost", 9200); - + preg_match('~^(https?://)?(.*)~', $server, $match); + $this->_url = ($match[1] ? $match[1] : "http://") . urlencode($username) . ":" . urlencode($password) . "@$match[2]"; $return = $this->query(''); - if (!$return) { - return false; + if ($return) { + $this->server_info = $return['version']['number']; } - - if (!isset($return['version']['number'])) { - $this->error = lang('Invalid server or credentials.'); - return false; - } - - $this->server_info = $return['version']['number']; - return true; + return (bool) $return; } function select_db($database) { @@ -275,6 +268,9 @@ if (isset($_GET["elastic"])) { $connection = new Min_DB; list($server, $username, $password) = adminer()->credentials(); + if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $server)) { + return lang('Invalid server.'); + } if ($password != "" && $connection->connect($server, $username, "")) { return lang('Database does not support password.'); } diff --git a/plugins/drivers/elastic5.php b/plugins/drivers/elastic5.php index a2fec6ba..ceb6abfe 100644 --- a/plugins/drivers/elastic5.php +++ b/plugins/drivers/elastic5.php @@ -72,7 +72,7 @@ if (isset($_GET["elastic5"])) { function connect($server, $username, $password) { preg_match('~^(https?://)?(.*)~', $server, $match); - $this->_url = ($match[1] ? $match[1] : "http://") . "$username:$password@$match[2]"; + $this->_url = ($match[1] ? $match[1] : "http://") . urlencode($username) . ":" . urlencode($password) . "@$match[2]"; $return = $this->query(''); if ($return) { $this->server_info = $return['version']['number']; @@ -266,6 +266,9 @@ if (isset($_GET["elastic5"])) { $connection = new Min_DB; list($server, $username, $password) = adminer()->credentials(); + if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $server)) { + return lang('Invalid server.'); + } if ($password != "" && $connection->connect($server, $username, "")) { return lang('Database does not support password.'); } diff --git a/plugins/drivers/simpledb.php b/plugins/drivers/simpledb.php index 226625f1..64628fcd 100644 --- a/plugins/drivers/simpledb.php +++ b/plugins/drivers/simpledb.php @@ -248,7 +248,10 @@ if (isset($_GET["simpledb"])) { function connect() { global $adminer; - list(, , $password) = $adminer->credentials(); + list($host, , $password) = $adminer->credentials(); + if (!preg_match('~^(https?://)?[-a-z\d.]+(:\d+)?$~', $host)) { + return lang('Invalid server.'); + } if ($password != "") { return lang('Database does not support password.'); }