Protection against big POST data

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@373 7c3ca157-0c34-0410-bff1-cbf682f78f5c
This commit is contained in:
jakubvrana
2008-03-18 10:29:20 +00:00
parent c54ba01361
commit 4d38c7d963
17 changed files with 46 additions and 34 deletions

View File

@@ -1,5 +1,5 @@
<?php
/** phpMinAdmin - MySQL management tool
/** phpMinAdmin - Compact MySQL management
* @link http://phpminadmin.sourceforge.net
* @author Jakub Vrana, http://php.vrana.cz
* @copyright 2007 Jakub Vrana
@@ -50,8 +50,13 @@ if (isset($_GET["dump"])) {
include "./privileges.inc.php";
} else { // uses CSRF token
include "./editing.inc.php";
$error = "";
if ($_POST) {
$error = (in_array($_POST["token"], (array) $TOKENS) ? "" : lang('Invalid CSRF token. Send the form again.'));
if (!in_array($_POST["token"], (array) $TOKENS)) {
$error = lang('Invalid CSRF token. Send the form again.');
}
} elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
$error = lang('Too big POST data. Reduce the data or increase the "post_max_size" configuration directive.');
}
$token = ($_POST && !$error ? $_POST["token"] : token());
if (isset($_GET["default"])) {
@@ -90,7 +95,6 @@ if (isset($_GET["dump"])) {
} elseif (isset($_GET["select"])) {
include "./select.inc.php";
} else {
$TOKENS = array();
page_header(lang('Database') . ": " . htmlspecialchars($_GET["db"]), false);
echo '<p><a href="' . htmlspecialchars($SELF) . 'database=">' . lang('Alter database') . "</a></p>\n";
echo '<p><a href="' . htmlspecialchars($SELF) . 'schema=">' . lang('Database schema') . "</a></p>\n";