diff --git a/libraries/URL.php b/libraries/URL.php
index c26491f8d241..2d21d6821d42 100644
--- a/libraries/URL.php
+++ b/libraries/URL.php
@@ -223,6 +223,10 @@ public static function getCommonRaw($params = array(), $divider = '?')
$params['collation_connection'] = $GLOBALS['collation_connection'];
}
+ if (isset($_SESSION[' PMA_token '])) {
+ $params['token'] = $_SESSION[' PMA_token '];
+ }
+
$query = http_build_query($params, null, $separator);
if ($divider != '?' || strlen($query) > 0) {
diff --git a/libraries/common.inc.php b/libraries/common.inc.php
index 686fc16c5814..a6dbc60516ca 100644
--- a/libraries/common.inc.php
+++ b/libraries/common.inc.php
@@ -361,31 +361,56 @@
* could access this variables before we reach this point
* f.e. PMA\libraries\Config: fontsize
*
- * Check for token mismatch only if the Request method is POST
- * GET Requests would never have token and therefore checking
- * mis-match does not make sense
- *
* @todo variables should be handled by their respective owners (objects)
* f.e. lang, server, collation_connection in PMA\libraries\Config
*/
-
$token_mismatch = true;
$token_provided = false;
+if (PMA_isValid($_REQUEST['token'])) {
+ $token_provided = true;
+ $token_mismatch = ! hash_equals($_SESSION[' PMA_token '], $_REQUEST['token']);
+}
-if ($_SERVER['REQUEST_METHOD'] == 'POST') {
- if (PMA_isValid($_POST['token'])) {
- $token_provided = true;
- $token_mismatch = ! @hash_equals($_SESSION[' PMA_token '], $_POST['token']);
- }
-
- if ($token_mismatch) {
- /**
- * We don't allow any POST operation parameters if the token is mismatched
- * or is not provided
+if ($token_mismatch) {
+ /**
+ * List of parameters which are allowed from unsafe source
+ */
+ $allow_list = array(
+ /* needed for direct access, see FAQ 1.34
+ * also, server needed for cookie login screen (multi-server)
*/
- $whitelist = array('ajax_request');
- PMA\libraries\Sanitize::removeRequestVars($whitelist);
+ 'server', 'db', 'table', 'target', 'lang',
+ /* Session ID */
+ 'phpMyAdmin',
+ /* Cookie preferences */
+ 'pma_lang', 'pma_collation_connection',
+ /* Possible login form */
+ 'pma_servername', 'pma_username', 'pma_password',
+ 'g-recaptcha-response',
+ /* Needed to send the correct reply */
+ 'ajax_request',
+ /* Permit to log out even if there is a token mismatch */
+ 'old_usr',
+ /* Permit redirection with token-mismatch in url.php */
+ 'url',
+ /* Permit session expiry flag */
+ 'session_expired',
+ /* JS loading */
+ 'scripts', 'call_done',
+ /* Navigation panel */
+ 'aPath', 'vPath', 'pos', 'pos2_name', 'pos2_value', 'searchClause', 'searchClause2'
+ );
+ /**
+ * Allow changing themes in test/theme.php
+ */
+ if (defined('PMA_TEST_THEME')) {
+ $allow_list[] = 'set_theme';
}
+ /**
+ * Do actual cleanup
+ */
+ PMA\libraries\Sanitize::removeRequestVars($allow_list);
+
}
diff --git a/libraries/navigation/NavigationTree.php b/libraries/navigation/NavigationTree.php
index 5db11df455aa..590a849aa6c9 100644
--- a/libraries/navigation/NavigationTree.php
+++ b/libraries/navigation/NavigationTree.php
@@ -1264,6 +1264,7 @@ public function renderDbSelect()
);
$children = $this->_tree->children;
$url_params = array(
+ 'token' => $_SESSION[' PMA_token '],
'server' => $GLOBALS['server'],
);
$retval .= '
';
diff --git a/libraries/navigation/nodes/NodeColumn.php b/libraries/navigation/nodes/NodeColumn.php
index 99b8afeaf8ae..75f64b6ff7ed 100644
--- a/libraries/navigation/nodes/NodeColumn.php
+++ b/libraries/navigation/nodes/NodeColumn.php
@@ -31,10 +31,12 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false)
$this->links = array(
'text' => 'tbl_structure.php?server=' . $GLOBALS['server']
. '&db=%3$s&table=%2$s&field=%1$s'
- . '&change_column=1',
+ . '&change_column=1'
+ . '&token=' . $_SESSION[' PMA_token '],
'icon' => 'tbl_structure.php?server=' . $GLOBALS['server']
. '&db=%3$s&table=%2$s&field=%1$s'
- . '&change_column=1',
+ . '&change_column=1'
+ . '&token=' . $_SESSION[' PMA_token '],
'title' => __('Structure'),
);
}
diff --git a/libraries/navigation/nodes/NodeColumnContainer.php b/libraries/navigation/nodes/NodeColumnContainer.php
index c3eceff6d09d..aa678a72b6ed 100644
--- a/libraries/navigation/nodes/NodeColumnContainer.php
+++ b/libraries/navigation/nodes/NodeColumnContainer.php
@@ -27,9 +27,11 @@ public function __construct()
$this->icon = Util::getImage('pause.png', __('Columns'));
$this->links = array(
'text' => 'tbl_structure.php?server=' . $GLOBALS['server']
- . '&db=%2$s&table=%1$s',
+ . '&db=%2$s&table=%1$s'
+ . '&token=' . $_SESSION[' PMA_token '],
'icon' => 'tbl_structure.php?server=' . $GLOBALS['server']
- . '&db=%2$s&table=%1$s',
+ . '&db=%2$s&table=%1$s'
+ . '&token=' . $_SESSION[' PMA_token '],
);
$this->real_name = 'columns';
@@ -43,10 +45,12 @@ public function __construct()
$new->links = array(
'text' => 'tbl_addfield.php?server=' . $GLOBALS['server']
. '&db=%3$s&table=%2$s'
- . '&field_where=last&after_field=',
+ . '&field_where=last&after_field='
+ . '&token=' . $_SESSION[' PMA_token '],
'icon' => 'tbl_addfield.php?server=' . $GLOBALS['server']
. '&db=%3$s&table=%2$s'
- . '&field_where=last&after_field=',
+ . '&field_where=last&after_field='
+ . '&token=' . $_SESSION[' PMA_token '],
);
$new->classes = 'new_column italics';
$this->addChild($new);
diff --git a/libraries/navigation/nodes/NodeDatabase.php b/libraries/navigation/nodes/NodeDatabase.php
index 821c47febb56..1df6ff912176 100644
--- a/libraries/navigation/nodes/NodeDatabase.php
+++ b/libraries/navigation/nodes/NodeDatabase.php
@@ -47,9 +47,9 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false)
$this->links = array(
'text' => $script_name
. '?server=' . $GLOBALS['server']
- . '&db=%1$s',
+ . '&db=%1$s&token=' . $_SESSION[' PMA_token '],
'icon' => 'db_operations.php?server=' . $GLOBALS['server']
- . '&db=%1$s&',
+ . '&db=%1$s&token=' . $_SESSION[' PMA_token '],
'title' => __('Structure'),
);
$this->classes = 'database';
diff --git a/libraries/navigation/nodes/NodeDatabaseContainer.php b/libraries/navigation/nodes/NodeDatabaseContainer.php
index 9c5dc3c78876..b636748cefd2 100644
--- a/libraries/navigation/nodes/NodeDatabaseContainer.php
+++ b/libraries/navigation/nodes/NodeDatabaseContainer.php
@@ -38,8 +38,10 @@ public function __construct($name)
$new->isNew = true;
$new->icon = PMA\libraries\Util::getImage('b_newdb.png', '');
$new->links = array(
- 'text' => 'server_databases.php?server=' . $GLOBALS['server'],
- 'icon' => 'server_databases.php?server=' . $GLOBALS['server'],
+ 'text' => 'server_databases.php?server=' . $GLOBALS['server']
+ . '&token=' . $_SESSION[' PMA_token '],
+ 'icon' => 'server_databases.php?server=' . $GLOBALS['server']
+ . '&token=' . $_SESSION[' PMA_token '],
);
$new->classes = 'new_database italics';
$this->addChild($new);
diff --git a/libraries/navigation/nodes/NodeEvent.php b/libraries/navigation/nodes/NodeEvent.php
index 6723bab43d23..d394682005c1 100644
--- a/libraries/navigation/nodes/NodeEvent.php
+++ b/libraries/navigation/nodes/NodeEvent.php
@@ -30,9 +30,11 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false)
$this->icon = PMA\libraries\Util::getImage('b_events.png');
$this->links = array(
'text' => 'db_events.php?server=' . $GLOBALS['server']
- . '&db=%2$s&item_name=%1$s&edit_item=1',
+ . '&db=%2$s&item_name=%1$s&edit_item=1'
+ . '&token=' . $_SESSION[' PMA_token '],
'icon' => 'db_events.php?server=' . $GLOBALS['server']
- . '&db=%2$s&item_name=%1$s&export_item=1',
+ . '&db=%2$s&item_name=%1$s&export_item=1'
+ . '&token=' . $_SESSION[' PMA_token '],
);
$this->classes = 'event';
}
diff --git a/libraries/navigation/nodes/NodeEventContainer.php b/libraries/navigation/nodes/NodeEventContainer.php
index 5c3efbad5acc..a244231fb5bf 100644
--- a/libraries/navigation/nodes/NodeEventContainer.php
+++ b/libraries/navigation/nodes/NodeEventContainer.php
@@ -26,9 +26,9 @@ public function __construct()
$this->icon = PMA\libraries\Util::getImage('b_events.png', '');
$this->links = array(
'text' => 'db_events.php?server=' . $GLOBALS['server']
- . '&db=%1$s',
+ . '&db=%1$s&token=' . $_SESSION[' PMA_token '],
'icon' => 'db_events.php?server=' . $GLOBALS['server']
- . '&db=%1$s',
+ . '&db=%1$s&token=' . $_SESSION[' PMA_token '],
);
$this->real_name = 'events';
@@ -40,9 +40,11 @@ public function __construct()
$new->icon = PMA\libraries\Util::getImage('b_event_add.png', '');
$new->links = array(
'text' => 'db_events.php?server=' . $GLOBALS['server']
- . '&db=%2$s&add_item=1',
+ . '&db=%2$s&token=' . $_SESSION[' PMA_token ']
+ . '&add_item=1',
'icon' => 'db_events.php?server=' . $GLOBALS['server']
- . '&db=%2$s&add_item=1',
+ . '&db=%2$s&token=' . $_SESSION[' PMA_token ']
+ . '&add_item=1',
);
$new->classes = 'new_event italics';
$this->addChild($new);
diff --git a/libraries/navigation/nodes/NodeFunction.php b/libraries/navigation/nodes/NodeFunction.php
index 1cf75a694ce6..61d87b2b2605 100644
--- a/libraries/navigation/nodes/NodeFunction.php
+++ b/libraries/navigation/nodes/NodeFunction.php
@@ -31,10 +31,10 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false)
$this->links = array(
'text' => 'db_routines.php?server=' . $GLOBALS['server']
. '&db=%2$s&item_name=%1$s&item_type=FUNCTION'
- . '&edit_item=1',
+ . '&edit_item=1&token=' . $_SESSION[' PMA_token '],
'icon' => 'db_routines.php?server=' . $GLOBALS['server']
. '&db=%2$s&item_name=%1$s&item_type=FUNCTION'
- . '&execute_dialog=1',
+ . '&execute_dialog=1&token=' . $_SESSION[' PMA_token '],
);
$this->classes = 'function';
}
diff --git a/libraries/navigation/nodes/NodeFunctionContainer.php b/libraries/navigation/nodes/NodeFunctionContainer.php
index 1c6d510eecaa..523d6b62c074 100644
--- a/libraries/navigation/nodes/NodeFunctionContainer.php
+++ b/libraries/navigation/nodes/NodeFunctionContainer.php
@@ -29,9 +29,11 @@ public function __construct()
);
$this->links = array(
'text' => 'db_routines.php?server=' . $GLOBALS['server']
- . '&db=%1$s&type=FUNCTION',
+ . '&db=%1$s&token=' . $_SESSION[' PMA_token ']
+ . '&type=FUNCTION',
'icon' => 'db_routines.php?server=' . $GLOBALS['server']
- . '&db=%1$s&type=FUNCTION',
+ . '&db=%1$s&token=' . $_SESSION[' PMA_token ']
+ . '&type=FUNCTION',
);
$this->real_name = 'functions';
@@ -44,9 +46,11 @@ public function __construct()
$new->icon = PMA\libraries\Util::getImage('b_routine_add.png', $new_label);
$new->links = array(
'text' => 'db_routines.php?server=' . $GLOBALS['server']
- . '&db=%2$s&add_item=1&item_type=FUNCTION',
+ . '&db=%2$s&token=' . $_SESSION[' PMA_token ']
+ . '&add_item=1&item_type=FUNCTION',
'icon' => 'db_routines.php?server=' . $GLOBALS['server']
- . '&db=%2$s&add_item=1&item_type=FUNCTION',
+ . '&db=%2$s&token=' . $_SESSION[' PMA_token ']
+ . '&add_item=1&item_type=FUNCTION',
);
$new->classes = 'new_function italics';
$this->addChild($new);
diff --git a/libraries/navigation/nodes/NodeIndex.php b/libraries/navigation/nodes/NodeIndex.php
index 1cf06f87d606..fa964a0d2dd8 100644
--- a/libraries/navigation/nodes/NodeIndex.php
+++ b/libraries/navigation/nodes/NodeIndex.php
@@ -30,9 +30,11 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false)
$this->icon = PMA\libraries\Util::getImage('b_index.png', __('Index'));
$this->links = array(
'text' => 'tbl_indexes.php?server=' . $GLOBALS['server']
- . '&db=%3$s&table=%2$s&index=%1$s',
+ . '&db=%3$s&table=%2$s&index=%1$s'
+ . '&token=' . $_SESSION[' PMA_token '],
'icon' => 'tbl_indexes.php?server=' . $GLOBALS['server']
- . '&db=%3$s&table=%2$s&index=%1$s',
+ . '&db=%3$s&table=%2$s&index=%1$s'
+ . '&token=' . $_SESSION[' PMA_token '],
);
$this->classes = 'index';
}
diff --git a/libraries/navigation/nodes/NodeIndexContainer.php b/libraries/navigation/nodes/NodeIndexContainer.php
index e914cfd6d81e..8398729f77b8 100644
--- a/libraries/navigation/nodes/NodeIndexContainer.php
+++ b/libraries/navigation/nodes/NodeIndexContainer.php
@@ -26,9 +26,11 @@ public function __construct()
$this->icon = PMA\libraries\Util::getImage('b_index.png', __('Indexes'));
$this->links = array(
'text' => 'tbl_structure.php?server=' . $GLOBALS['server']
- . '&db=%2$s&table=%1$s',
+ . '&db=%2$s&table=%1$s'
+ . '&token=' . $_SESSION[' PMA_token '],
'icon' => 'tbl_structure.php?server=' . $GLOBALS['server']
- . '&db=%2$s&table=%1$s',
+ . '&db=%2$s&table=%1$s'
+ . '&token=' . $_SESSION[' PMA_token '],
);
$this->real_name = 'indexes';
@@ -42,10 +44,12 @@ public function __construct()
$new->links = array(
'text' => 'tbl_indexes.php?server=' . $GLOBALS['server']
. '&create_index=1&added_fields=2'
- . '&db=%3$s&table=%2$s',
+ . '&db=%3$s&table=%2$s&token='
+ . $_SESSION[' PMA_token '],
'icon' => 'tbl_indexes.php?server=' . $GLOBALS['server']
. '&create_index=1&added_fields=2'
- . '&db=%3$s&table=%2$s',
+ . '&db=%3$s&table=%2$s&token='
+ . $_SESSION[' PMA_token '],
);
$new->classes = 'new_index italics';
$this->addChild($new);
diff --git a/libraries/navigation/nodes/NodeProcedure.php b/libraries/navigation/nodes/NodeProcedure.php
index 069d7f3df427..579b116839e1 100644
--- a/libraries/navigation/nodes/NodeProcedure.php
+++ b/libraries/navigation/nodes/NodeProcedure.php
@@ -34,10 +34,10 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false)
$this->links = array(
'text' => 'db_routines.php?server=' . $GLOBALS['server']
. '&db=%2$s&item_name=%1$s&item_type=PROCEDURE'
- . '&edit_item=1',
+ . '&edit_item=1&token=' . $_SESSION[' PMA_token '],
'icon' => 'db_routines.php?server=' . $GLOBALS['server']
. '&db=%2$s&item_name=%1$s&item_type=PROCEDURE'
- . '&execute_dialog=1',
+ . '&execute_dialog=1&token=' . $_SESSION[' PMA_token '],
);
$this->classes = 'procedure';
}
diff --git a/libraries/navigation/nodes/NodeProcedureContainer.php b/libraries/navigation/nodes/NodeProcedureContainer.php
index 9e1d5dab9756..21acc484545a 100644
--- a/libraries/navigation/nodes/NodeProcedureContainer.php
+++ b/libraries/navigation/nodes/NodeProcedureContainer.php
@@ -29,9 +29,11 @@ public function __construct()
);
$this->links = array(
'text' => 'db_routines.php?server=' . $GLOBALS['server']
- . '&db=%1$s&type=PROCEDURE',
+ . '&db=%1$s&token=' . $_SESSION[' PMA_token ']
+ . '&type=PROCEDURE',
'icon' => 'db_routines.php?server=' . $GLOBALS['server']
- . '&db=%1$s&type=PROCEDURE',
+ . '&db=%1$s&token=' . $_SESSION[' PMA_token ']
+ . '&type=PROCEDURE',
);
$this->real_name = 'procedures';
@@ -44,9 +46,11 @@ public function __construct()
$new->icon = PMA\libraries\Util::getImage('b_routine_add.png', $new_label);
$new->links = array(
'text' => 'db_routines.php?server=' . $GLOBALS['server']
- . '&db=%2$s&add_item=1',
+ . '&db=%2$s&token=' . $_SESSION[' PMA_token ']
+ . '&add_item=1',
'icon' => 'db_routines.php?server=' . $GLOBALS['server']
- . '&db=%2$s&add_item=1',
+ . '&db=%2$s&token=' . $_SESSION[' PMA_token ']
+ . '&add_item=1',
);
$new->classes = 'new_procedure italics';
$this->addChild($new);
diff --git a/libraries/navigation/nodes/NodeTable.php b/libraries/navigation/nodes/NodeTable.php
index 5c0a04cc2e3d..89020caebc02 100644
--- a/libraries/navigation/nodes/NodeTable.php
+++ b/libraries/navigation/nodes/NodeTable.php
@@ -53,20 +53,22 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false)
'text' => $script_name
. '?server=' . $GLOBALS['server']
. '&db=%2$s&table=%1$s'
- . '&pos=0',
+ . '&pos=0&token=' . $_SESSION[' PMA_token '],
'icon' => array(
Util::getScriptNameForOption(
$GLOBALS['cfg']['NavigationTreeDefaultTabTable'],
'table'
)
. '?server=' . $GLOBALS['server']
- . '&db=%2$s&table=%1$s',
+ . '&db=%2$s&table=%1$s&token='
+ . $_SESSION[' PMA_token '],
Util::getScriptNameForOption(
$GLOBALS['cfg']['NavigationTreeDefaultTabTable2'],
'table'
)
. '?server=' . $GLOBALS['server']
- . '&db=%2$s&table=%1$s',
+ . '&db=%2$s&table=%1$s&token='
+ . $_SESSION[' PMA_token '],
),
'title' => $this->title,
);
diff --git a/libraries/navigation/nodes/NodeTableContainer.php b/libraries/navigation/nodes/NodeTableContainer.php
index 9b506ea2bb13..8928fb017e29 100644
--- a/libraries/navigation/nodes/NodeTableContainer.php
+++ b/libraries/navigation/nodes/NodeTableContainer.php
@@ -26,9 +26,11 @@ public function __construct()
$this->icon = PMA\libraries\Util::getImage('b_browse.png', __('Tables'));
$this->links = array(
'text' => 'db_structure.php?server=' . $GLOBALS['server']
- . '&db=%1$s&tbl_type=table',
+ . '&db=%1$s&tbl_type=table'
+ . '&token=' . $_SESSION[' PMA_token '],
'icon' => 'db_structure.php?server=' . $GLOBALS['server']
- . '&db=%1$s&tbl_type=table',
+ . '&db=%1$s&tbl_type=table'
+ . '&token=' . $_SESSION[' PMA_token '],
);
$this->real_name = 'tables';
$this->classes = 'tableContainer subContainer';
@@ -42,9 +44,9 @@ public function __construct()
$new->icon = PMA\libraries\Util::getImage('b_table_add.png', $new_label);
$new->links = array(
'text' => 'tbl_create.php?server=' . $GLOBALS['server']
- . '&db=%2$s',
+ . '&db=%2$s&token=' . $_SESSION[' PMA_token '],
'icon' => 'tbl_create.php?server=' . $GLOBALS['server']
- . '&db=%2$s',
+ . '&db=%2$s&token=' . $_SESSION[' PMA_token '],
);
$new->classes = 'new_table italics';
$this->addChild($new);
diff --git a/libraries/navigation/nodes/NodeTrigger.php b/libraries/navigation/nodes/NodeTrigger.php
index a90ddda179ac..ee0960bac308 100644
--- a/libraries/navigation/nodes/NodeTrigger.php
+++ b/libraries/navigation/nodes/NodeTrigger.php
@@ -30,9 +30,11 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false)
$this->icon = PMA\libraries\Util::getImage('b_triggers.png');
$this->links = array(
'text' => 'db_triggers.php?server=' . $GLOBALS['server']
- . '&db=%3$s&item_name=%1$s&edit_item=1',
+ . '&db=%3$s&item_name=%1$s&edit_item=1'
+ . '&token=' . $_SESSION[' PMA_token '],
'icon' => 'db_triggers.php?server=' . $GLOBALS['server']
- . '&db=%3$s&item_name=%1$s&export_item=1',
+ . '&db=%3$s&item_name=%1$s&export_item=1'
+ . '&token=' . $_SESSION[' PMA_token '],
);
$this->classes = 'trigger';
}
diff --git a/libraries/navigation/nodes/NodeTriggerContainer.php b/libraries/navigation/nodes/NodeTriggerContainer.php
index 1cd379017bc9..5d1e643af75a 100644
--- a/libraries/navigation/nodes/NodeTriggerContainer.php
+++ b/libraries/navigation/nodes/NodeTriggerContainer.php
@@ -26,9 +26,11 @@ public function __construct()
$this->icon = PMA\libraries\Util::getImage('b_triggers.png');
$this->links = array(
'text' => 'db_triggers.php?server=' . $GLOBALS['server']
- . '&db=%2$s&table=%1$s',
+ . '&db=%2$s&table=%1$s&token='
+ . $_SESSION[' PMA_token '],
'icon' => 'db_triggers.php?server=' . $GLOBALS['server']
- . '&db=%2$s&table=%1$s',
+ . '&db=%2$s&table=%1$s&token='
+ . $_SESSION[' PMA_token '],
);
$this->real_name = 'triggers';
@@ -40,9 +42,11 @@ public function __construct()
$new->icon = PMA\libraries\Util::getImage('b_trigger_add.png', '');
$new->links = array(
'text' => 'db_triggers.php?server=' . $GLOBALS['server']
- . '&db=%3$s&add_item=1',
+ . '&db=%3$s&token=' . $_SESSION[' PMA_token ']
+ . '&add_item=1',
'icon' => 'db_triggers.php?server=' . $GLOBALS['server']
- . '&db=%3$s&add_item=1',
+ . '&db=%3$s&token=' . $_SESSION[' PMA_token ']
+ . '&add_item=1',
);
$new->classes = 'new_trigger italics';
$this->addChild($new);
diff --git a/libraries/navigation/nodes/NodeView.php b/libraries/navigation/nodes/NodeView.php
index 2ec500cd3472..804079727866 100644
--- a/libraries/navigation/nodes/NodeView.php
+++ b/libraries/navigation/nodes/NodeView.php
@@ -30,9 +30,11 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false)
$this->icon = PMA\libraries\Util::getImage('b_props.png', __('View'));
$this->links = array(
'text' => 'sql.php?server=' . $GLOBALS['server']
- . '&db=%2$s&table=%1$s&pos=0',
+ . '&db=%2$s&table=%1$s&pos=0'
+ . '&token=' . $_SESSION[' PMA_token '],
'icon' => 'tbl_structure.php?server=' . $GLOBALS['server']
- . '&db=%2$s&table=%1$s',
+ . '&db=%2$s&table=%1$s'
+ . '&token=' . $_SESSION[' PMA_token '],
);
$this->classes = 'view';
}
diff --git a/libraries/navigation/nodes/NodeViewContainer.php b/libraries/navigation/nodes/NodeViewContainer.php
index 78df8085c53f..89dfbe77e941 100644
--- a/libraries/navigation/nodes/NodeViewContainer.php
+++ b/libraries/navigation/nodes/NodeViewContainer.php
@@ -26,9 +26,11 @@ public function __construct()
$this->icon = PMA\libraries\Util::getImage('b_views.png', __('Views'));
$this->links = array(
'text' => 'db_structure.php?server=' . $GLOBALS['server']
- . '&db=%1$s&tbl_type=view',
+ . '&db=%1$s&tbl_type=view'
+ . '&token=' . $_SESSION[' PMA_token '],
'icon' => 'db_structure.php?server=' . $GLOBALS['server']
- . '&db=%1$s&tbl_type=view',
+ . '&db=%1$s&tbl_type=view'
+ . '&token=' . $_SESSION[' PMA_token '],
);
$this->classes = 'viewContainer subContainer';
$this->real_name = 'views';
@@ -42,9 +44,9 @@ public function __construct()
$new->icon = PMA\libraries\Util::getImage('b_view_add.png', $new_label);
$new->links = array(
'text' => 'view_create.php?server=' . $GLOBALS['server']
- . '&db=%2$s',
+ . '&db=%2$s&token=' . $_SESSION[' PMA_token '],
'icon' => 'view_create.php?server=' . $GLOBALS['server']
- . '&db=%2$s',
+ . '&db=%2$s&token=' . $_SESSION[' PMA_token '],
);
$new->classes = 'new_view italics';
$this->addChild($new);
diff --git a/test/classes/AdvisorTest.php b/test/classes/AdvisorTest.php
index caed353d2e30..af5a7d16c4c3 100644
--- a/test/classes/AdvisorTest.php
+++ b/test/classes/AdvisorTest.php
@@ -171,7 +171,7 @@ public function rulesProvider()
'name' => 'Variable',
'issue' => 'issue',
'recommendation' => 'Recommend
status_var'
+ 'filter=status_var&lang=en&token=token">status_var'
),
null,
),
diff --git a/test/classes/DbSearchTest.php b/test/classes/DbSearchTest.php
index 0cca012cb4b2..44758733a0d7 100644
--- a/test/classes/DbSearchTest.php
+++ b/test/classes/DbSearchTest.php
@@ -167,13 +167,13 @@ public function providerForTestGetResultsRow()
. 'href="sql.php?db=pma&table'
. '=table1&goto=db_sql.php&pos=0&is_js_confirmed=0&'
. 'server=0&lang=en&'
- . 'collation_connection=utf-8" '
+ . 'collation_connection=utf-8&token=token" '
. 'data-browse-sql="column1" data-table-name="table1" '
. '>Browse
'
. 'Delete | '
diff --git a/test/classes/DisplayResultsTest.php b/test/classes/DisplayResultsTest.php
index 0d3e8d0b5341..ce6b6a7bd43e 100644
--- a/test/classes/DisplayResultsTest.php
+++ b/test/classes/DisplayResultsTest.php
@@ -889,7 +889,7 @@ public function dataProviderForTestGetSpecialLinkUrl()
'routine_name',
'db_routines.php?item_name=circumference&db=data'
. '&item_type=FUNCTION&server=0&lang=en'
- . '&collation_connection=utf-8'
+ . '&collation_connection=utf-8&token=token'
),
array(
'information_schema',
@@ -903,7 +903,7 @@ public function dataProviderForTestGetSpecialLinkUrl()
'routine_name',
'db_routines.php?item_name=area&db=data'
. '&item_type=PROCEDURE&server=0&lang=en'
- . '&collation_connection=utf-8'
+ . '&collation_connection=utf-8&token=token'
),
array(
'information_schema',
@@ -917,7 +917,7 @@ public function dataProviderForTestGetSpecialLinkUrl()
'index.php?sql_query=SELECT+%60CHARACTER_SET_NAME%60+FROM+%60info'
. 'rmation_schema%60.%60CHARACTER_SETS%60&db=information_schema'
. '&test_name=value&server=0&lang=en'
- . '&collation_connection=utf-8'
+ . '&collation_connection=utf-8&token=token'
)
);
}
@@ -1246,7 +1246,7 @@ public function dataProviderForTestHandleNonPrintableContents()
$url_params,
null,
'
1001'
),
array(
@@ -1261,7 +1261,7 @@ public function dataProviderForTestHandleNonPrintableContents()
$url_params,
null,
'
0x123456'
),
array(
@@ -1276,7 +1276,7 @@ public function dataProviderForTestHandleNonPrintableContents()
$url_params,
null,
'
[BLOB - 4 B]'
),
array(
@@ -1399,7 +1399,7 @@ public function dataProviderForTestGetDataCellForNonNumericColumns()
'binary',
'
[BLOB - 4 B] | '
),
diff --git a/test/classes/FooterTest.php b/test/classes/FooterTest.php
index 43efe51fde7b..57db70f66396 100644
--- a/test/classes/FooterTest.php
+++ b/test/classes/FooterTest.php
@@ -157,7 +157,7 @@ public function testGetSelfLink()
$this->assertEquals(
'
',
$this->_callPrivateFunction(
'_getSelfLink',
@@ -182,7 +182,7 @@ public function testGetSelfLinkWithImage()
$this->assertEquals(
'
',
diff --git a/test/classes/ThemeTest.php b/test/classes/ThemeTest.php
index 590bccd0f732..07d98e429688 100644
--- a/test/classes/ThemeTest.php
+++ b/test/classes/ThemeTest.php
@@ -292,7 +292,7 @@ public function testPrintPreview()
$this->object->getPrintPreview(),
'
'
);
diff --git a/test/classes/URLTest.php b/test/classes/URLTest.php
index d11477e75ecd..e53af360b406 100644
--- a/test/classes/URLTest.php
+++ b/test/classes/URLTest.php
@@ -45,6 +45,7 @@ public function testDbOnly()
$expected = 'server=x' . htmlentities($separator)
. 'lang=en' . htmlentities($separator)
. 'collation_connection=x'
+ . htmlentities($separator) . 'token=token'
;
$expected = '?db=db'
@@ -68,6 +69,7 @@ public function testNewStyle()
$expected = 'server=x' . htmlentities($separator)
. 'lang=en' . htmlentities($separator)
. 'collation_connection=x'
+ . htmlentities($separator) . 'token=token'
;
$expected = '?db=db'
@@ -92,6 +94,7 @@ public function testWithAlternateDivider()
$expected = 'server=x' . $separator
. 'lang=en' . $separator
. 'collation_connection=x'
+ . $separator . 'token=token'
;
$expected = '#ABC#db=db' . $separator . 'table=table' . $separator
@@ -119,6 +122,7 @@ public function testDefault()
$expected = '?server=x' . htmlentities($separator)
. 'lang=en' . htmlentities($separator)
. 'collation_connection=x'
+ . htmlentities($separator) . 'token=token'
;
$this->assertEquals($expected, URL::getCommon());
}
diff --git a/test/classes/config/PageSettingsTest.php b/test/classes/config/PageSettingsTest.php
index 9f6f67eb074a..28f1ba51f58f 100644
--- a/test/classes/config/PageSettingsTest.php
+++ b/test/classes/config/PageSettingsTest.php
@@ -57,7 +57,7 @@ public function testShowGroupBrowse()
'