diff --git a/libraries/URL.php b/libraries/URL.php index c26491f8d241..2d21d6821d42 100644 --- a/libraries/URL.php +++ b/libraries/URL.php @@ -223,6 +223,10 @@ public static function getCommonRaw($params = array(), $divider = '?') $params['collation_connection'] = $GLOBALS['collation_connection']; } + if (isset($_SESSION[' PMA_token '])) { + $params['token'] = $_SESSION[' PMA_token ']; + } + $query = http_build_query($params, null, $separator); if ($divider != '?' || strlen($query) > 0) { diff --git a/libraries/common.inc.php b/libraries/common.inc.php index 686fc16c5814..a6dbc60516ca 100644 --- a/libraries/common.inc.php +++ b/libraries/common.inc.php @@ -361,31 +361,56 @@ * could access this variables before we reach this point * f.e. PMA\libraries\Config: fontsize * - * Check for token mismatch only if the Request method is POST - * GET Requests would never have token and therefore checking - * mis-match does not make sense - * * @todo variables should be handled by their respective owners (objects) * f.e. lang, server, collation_connection in PMA\libraries\Config */ - $token_mismatch = true; $token_provided = false; +if (PMA_isValid($_REQUEST['token'])) { + $token_provided = true; + $token_mismatch = ! hash_equals($_SESSION[' PMA_token '], $_REQUEST['token']); +} -if ($_SERVER['REQUEST_METHOD'] == 'POST') { - if (PMA_isValid($_POST['token'])) { - $token_provided = true; - $token_mismatch = ! @hash_equals($_SESSION[' PMA_token '], $_POST['token']); - } - - if ($token_mismatch) { - /** - * We don't allow any POST operation parameters if the token is mismatched - * or is not provided +if ($token_mismatch) { + /** + * List of parameters which are allowed from unsafe source + */ + $allow_list = array( + /* needed for direct access, see FAQ 1.34 + * also, server needed for cookie login screen (multi-server) */ - $whitelist = array('ajax_request'); - PMA\libraries\Sanitize::removeRequestVars($whitelist); + 'server', 'db', 'table', 'target', 'lang', + /* Session ID */ + 'phpMyAdmin', + /* Cookie preferences */ + 'pma_lang', 'pma_collation_connection', + /* Possible login form */ + 'pma_servername', 'pma_username', 'pma_password', + 'g-recaptcha-response', + /* Needed to send the correct reply */ + 'ajax_request', + /* Permit to log out even if there is a token mismatch */ + 'old_usr', + /* Permit redirection with token-mismatch in url.php */ + 'url', + /* Permit session expiry flag */ + 'session_expired', + /* JS loading */ + 'scripts', 'call_done', + /* Navigation panel */ + 'aPath', 'vPath', 'pos', 'pos2_name', 'pos2_value', 'searchClause', 'searchClause2' + ); + /** + * Allow changing themes in test/theme.php + */ + if (defined('PMA_TEST_THEME')) { + $allow_list[] = 'set_theme'; } + /** + * Do actual cleanup + */ + PMA\libraries\Sanitize::removeRequestVars($allow_list); + } diff --git a/libraries/navigation/NavigationTree.php b/libraries/navigation/NavigationTree.php index 5db11df455aa..590a849aa6c9 100644 --- a/libraries/navigation/NavigationTree.php +++ b/libraries/navigation/NavigationTree.php @@ -1264,6 +1264,7 @@ public function renderDbSelect() ); $children = $this->_tree->children; $url_params = array( + 'token' => $_SESSION[' PMA_token '], 'server' => $GLOBALS['server'], ); $retval .= '
'; diff --git a/libraries/navigation/nodes/NodeColumn.php b/libraries/navigation/nodes/NodeColumn.php index 99b8afeaf8ae..75f64b6ff7ed 100644 --- a/libraries/navigation/nodes/NodeColumn.php +++ b/libraries/navigation/nodes/NodeColumn.php @@ -31,10 +31,12 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false) $this->links = array( 'text' => 'tbl_structure.php?server=' . $GLOBALS['server'] . '&db=%3$s&table=%2$s&field=%1$s' - . '&change_column=1', + . '&change_column=1' + . '&token=' . $_SESSION[' PMA_token '], 'icon' => 'tbl_structure.php?server=' . $GLOBALS['server'] . '&db=%3$s&table=%2$s&field=%1$s' - . '&change_column=1', + . '&change_column=1' + . '&token=' . $_SESSION[' PMA_token '], 'title' => __('Structure'), ); } diff --git a/libraries/navigation/nodes/NodeColumnContainer.php b/libraries/navigation/nodes/NodeColumnContainer.php index c3eceff6d09d..aa678a72b6ed 100644 --- a/libraries/navigation/nodes/NodeColumnContainer.php +++ b/libraries/navigation/nodes/NodeColumnContainer.php @@ -27,9 +27,11 @@ public function __construct() $this->icon = Util::getImage('pause.png', __('Columns')); $this->links = array( 'text' => 'tbl_structure.php?server=' . $GLOBALS['server'] - . '&db=%2$s&table=%1$s', + . '&db=%2$s&table=%1$s' + . '&token=' . $_SESSION[' PMA_token '], 'icon' => 'tbl_structure.php?server=' . $GLOBALS['server'] - . '&db=%2$s&table=%1$s', + . '&db=%2$s&table=%1$s' + . '&token=' . $_SESSION[' PMA_token '], ); $this->real_name = 'columns'; @@ -43,10 +45,12 @@ public function __construct() $new->links = array( 'text' => 'tbl_addfield.php?server=' . $GLOBALS['server'] . '&db=%3$s&table=%2$s' - . '&field_where=last&after_field=', + . '&field_where=last&after_field=' + . '&token=' . $_SESSION[' PMA_token '], 'icon' => 'tbl_addfield.php?server=' . $GLOBALS['server'] . '&db=%3$s&table=%2$s' - . '&field_where=last&after_field=', + . '&field_where=last&after_field=' + . '&token=' . $_SESSION[' PMA_token '], ); $new->classes = 'new_column italics'; $this->addChild($new); diff --git a/libraries/navigation/nodes/NodeDatabase.php b/libraries/navigation/nodes/NodeDatabase.php index 821c47febb56..1df6ff912176 100644 --- a/libraries/navigation/nodes/NodeDatabase.php +++ b/libraries/navigation/nodes/NodeDatabase.php @@ -47,9 +47,9 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false) $this->links = array( 'text' => $script_name . '?server=' . $GLOBALS['server'] - . '&db=%1$s', + . '&db=%1$s&token=' . $_SESSION[' PMA_token '], 'icon' => 'db_operations.php?server=' . $GLOBALS['server'] - . '&db=%1$s&', + . '&db=%1$s&token=' . $_SESSION[' PMA_token '], 'title' => __('Structure'), ); $this->classes = 'database'; diff --git a/libraries/navigation/nodes/NodeDatabaseContainer.php b/libraries/navigation/nodes/NodeDatabaseContainer.php index 9c5dc3c78876..b636748cefd2 100644 --- a/libraries/navigation/nodes/NodeDatabaseContainer.php +++ b/libraries/navigation/nodes/NodeDatabaseContainer.php @@ -38,8 +38,10 @@ public function __construct($name) $new->isNew = true; $new->icon = PMA\libraries\Util::getImage('b_newdb.png', ''); $new->links = array( - 'text' => 'server_databases.php?server=' . $GLOBALS['server'], - 'icon' => 'server_databases.php?server=' . $GLOBALS['server'], + 'text' => 'server_databases.php?server=' . $GLOBALS['server'] + . '&token=' . $_SESSION[' PMA_token '], + 'icon' => 'server_databases.php?server=' . $GLOBALS['server'] + . '&token=' . $_SESSION[' PMA_token '], ); $new->classes = 'new_database italics'; $this->addChild($new); diff --git a/libraries/navigation/nodes/NodeEvent.php b/libraries/navigation/nodes/NodeEvent.php index 6723bab43d23..d394682005c1 100644 --- a/libraries/navigation/nodes/NodeEvent.php +++ b/libraries/navigation/nodes/NodeEvent.php @@ -30,9 +30,11 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false) $this->icon = PMA\libraries\Util::getImage('b_events.png'); $this->links = array( 'text' => 'db_events.php?server=' . $GLOBALS['server'] - . '&db=%2$s&item_name=%1$s&edit_item=1', + . '&db=%2$s&item_name=%1$s&edit_item=1' + . '&token=' . $_SESSION[' PMA_token '], 'icon' => 'db_events.php?server=' . $GLOBALS['server'] - . '&db=%2$s&item_name=%1$s&export_item=1', + . '&db=%2$s&item_name=%1$s&export_item=1' + . '&token=' . $_SESSION[' PMA_token '], ); $this->classes = 'event'; } diff --git a/libraries/navigation/nodes/NodeEventContainer.php b/libraries/navigation/nodes/NodeEventContainer.php index 5c3efbad5acc..a244231fb5bf 100644 --- a/libraries/navigation/nodes/NodeEventContainer.php +++ b/libraries/navigation/nodes/NodeEventContainer.php @@ -26,9 +26,9 @@ public function __construct() $this->icon = PMA\libraries\Util::getImage('b_events.png', ''); $this->links = array( 'text' => 'db_events.php?server=' . $GLOBALS['server'] - . '&db=%1$s', + . '&db=%1$s&token=' . $_SESSION[' PMA_token '], 'icon' => 'db_events.php?server=' . $GLOBALS['server'] - . '&db=%1$s', + . '&db=%1$s&token=' . $_SESSION[' PMA_token '], ); $this->real_name = 'events'; @@ -40,9 +40,11 @@ public function __construct() $new->icon = PMA\libraries\Util::getImage('b_event_add.png', ''); $new->links = array( 'text' => 'db_events.php?server=' . $GLOBALS['server'] - . '&db=%2$s&add_item=1', + . '&db=%2$s&token=' . $_SESSION[' PMA_token '] + . '&add_item=1', 'icon' => 'db_events.php?server=' . $GLOBALS['server'] - . '&db=%2$s&add_item=1', + . '&db=%2$s&token=' . $_SESSION[' PMA_token '] + . '&add_item=1', ); $new->classes = 'new_event italics'; $this->addChild($new); diff --git a/libraries/navigation/nodes/NodeFunction.php b/libraries/navigation/nodes/NodeFunction.php index 1cf75a694ce6..61d87b2b2605 100644 --- a/libraries/navigation/nodes/NodeFunction.php +++ b/libraries/navigation/nodes/NodeFunction.php @@ -31,10 +31,10 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false) $this->links = array( 'text' => 'db_routines.php?server=' . $GLOBALS['server'] . '&db=%2$s&item_name=%1$s&item_type=FUNCTION' - . '&edit_item=1', + . '&edit_item=1&token=' . $_SESSION[' PMA_token '], 'icon' => 'db_routines.php?server=' . $GLOBALS['server'] . '&db=%2$s&item_name=%1$s&item_type=FUNCTION' - . '&execute_dialog=1', + . '&execute_dialog=1&token=' . $_SESSION[' PMA_token '], ); $this->classes = 'function'; } diff --git a/libraries/navigation/nodes/NodeFunctionContainer.php b/libraries/navigation/nodes/NodeFunctionContainer.php index 1c6d510eecaa..523d6b62c074 100644 --- a/libraries/navigation/nodes/NodeFunctionContainer.php +++ b/libraries/navigation/nodes/NodeFunctionContainer.php @@ -29,9 +29,11 @@ public function __construct() ); $this->links = array( 'text' => 'db_routines.php?server=' . $GLOBALS['server'] - . '&db=%1$s&type=FUNCTION', + . '&db=%1$s&token=' . $_SESSION[' PMA_token '] + . '&type=FUNCTION', 'icon' => 'db_routines.php?server=' . $GLOBALS['server'] - . '&db=%1$s&type=FUNCTION', + . '&db=%1$s&token=' . $_SESSION[' PMA_token '] + . '&type=FUNCTION', ); $this->real_name = 'functions'; @@ -44,9 +46,11 @@ public function __construct() $new->icon = PMA\libraries\Util::getImage('b_routine_add.png', $new_label); $new->links = array( 'text' => 'db_routines.php?server=' . $GLOBALS['server'] - . '&db=%2$s&add_item=1&item_type=FUNCTION', + . '&db=%2$s&token=' . $_SESSION[' PMA_token '] + . '&add_item=1&item_type=FUNCTION', 'icon' => 'db_routines.php?server=' . $GLOBALS['server'] - . '&db=%2$s&add_item=1&item_type=FUNCTION', + . '&db=%2$s&token=' . $_SESSION[' PMA_token '] + . '&add_item=1&item_type=FUNCTION', ); $new->classes = 'new_function italics'; $this->addChild($new); diff --git a/libraries/navigation/nodes/NodeIndex.php b/libraries/navigation/nodes/NodeIndex.php index 1cf06f87d606..fa964a0d2dd8 100644 --- a/libraries/navigation/nodes/NodeIndex.php +++ b/libraries/navigation/nodes/NodeIndex.php @@ -30,9 +30,11 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false) $this->icon = PMA\libraries\Util::getImage('b_index.png', __('Index')); $this->links = array( 'text' => 'tbl_indexes.php?server=' . $GLOBALS['server'] - . '&db=%3$s&table=%2$s&index=%1$s', + . '&db=%3$s&table=%2$s&index=%1$s' + . '&token=' . $_SESSION[' PMA_token '], 'icon' => 'tbl_indexes.php?server=' . $GLOBALS['server'] - . '&db=%3$s&table=%2$s&index=%1$s', + . '&db=%3$s&table=%2$s&index=%1$s' + . '&token=' . $_SESSION[' PMA_token '], ); $this->classes = 'index'; } diff --git a/libraries/navigation/nodes/NodeIndexContainer.php b/libraries/navigation/nodes/NodeIndexContainer.php index e914cfd6d81e..8398729f77b8 100644 --- a/libraries/navigation/nodes/NodeIndexContainer.php +++ b/libraries/navigation/nodes/NodeIndexContainer.php @@ -26,9 +26,11 @@ public function __construct() $this->icon = PMA\libraries\Util::getImage('b_index.png', __('Indexes')); $this->links = array( 'text' => 'tbl_structure.php?server=' . $GLOBALS['server'] - . '&db=%2$s&table=%1$s', + . '&db=%2$s&table=%1$s' + . '&token=' . $_SESSION[' PMA_token '], 'icon' => 'tbl_structure.php?server=' . $GLOBALS['server'] - . '&db=%2$s&table=%1$s', + . '&db=%2$s&table=%1$s' + . '&token=' . $_SESSION[' PMA_token '], ); $this->real_name = 'indexes'; @@ -42,10 +44,12 @@ public function __construct() $new->links = array( 'text' => 'tbl_indexes.php?server=' . $GLOBALS['server'] . '&create_index=1&added_fields=2' - . '&db=%3$s&table=%2$s', + . '&db=%3$s&table=%2$s&token=' + . $_SESSION[' PMA_token '], 'icon' => 'tbl_indexes.php?server=' . $GLOBALS['server'] . '&create_index=1&added_fields=2' - . '&db=%3$s&table=%2$s', + . '&db=%3$s&table=%2$s&token=' + . $_SESSION[' PMA_token '], ); $new->classes = 'new_index italics'; $this->addChild($new); diff --git a/libraries/navigation/nodes/NodeProcedure.php b/libraries/navigation/nodes/NodeProcedure.php index 069d7f3df427..579b116839e1 100644 --- a/libraries/navigation/nodes/NodeProcedure.php +++ b/libraries/navigation/nodes/NodeProcedure.php @@ -34,10 +34,10 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false) $this->links = array( 'text' => 'db_routines.php?server=' . $GLOBALS['server'] . '&db=%2$s&item_name=%1$s&item_type=PROCEDURE' - . '&edit_item=1', + . '&edit_item=1&token=' . $_SESSION[' PMA_token '], 'icon' => 'db_routines.php?server=' . $GLOBALS['server'] . '&db=%2$s&item_name=%1$s&item_type=PROCEDURE' - . '&execute_dialog=1', + . '&execute_dialog=1&token=' . $_SESSION[' PMA_token '], ); $this->classes = 'procedure'; } diff --git a/libraries/navigation/nodes/NodeProcedureContainer.php b/libraries/navigation/nodes/NodeProcedureContainer.php index 9e1d5dab9756..21acc484545a 100644 --- a/libraries/navigation/nodes/NodeProcedureContainer.php +++ b/libraries/navigation/nodes/NodeProcedureContainer.php @@ -29,9 +29,11 @@ public function __construct() ); $this->links = array( 'text' => 'db_routines.php?server=' . $GLOBALS['server'] - . '&db=%1$s&type=PROCEDURE', + . '&db=%1$s&token=' . $_SESSION[' PMA_token '] + . '&type=PROCEDURE', 'icon' => 'db_routines.php?server=' . $GLOBALS['server'] - . '&db=%1$s&type=PROCEDURE', + . '&db=%1$s&token=' . $_SESSION[' PMA_token '] + . '&type=PROCEDURE', ); $this->real_name = 'procedures'; @@ -44,9 +46,11 @@ public function __construct() $new->icon = PMA\libraries\Util::getImage('b_routine_add.png', $new_label); $new->links = array( 'text' => 'db_routines.php?server=' . $GLOBALS['server'] - . '&db=%2$s&add_item=1', + . '&db=%2$s&token=' . $_SESSION[' PMA_token '] + . '&add_item=1', 'icon' => 'db_routines.php?server=' . $GLOBALS['server'] - . '&db=%2$s&add_item=1', + . '&db=%2$s&token=' . $_SESSION[' PMA_token '] + . '&add_item=1', ); $new->classes = 'new_procedure italics'; $this->addChild($new); diff --git a/libraries/navigation/nodes/NodeTable.php b/libraries/navigation/nodes/NodeTable.php index 5c0a04cc2e3d..89020caebc02 100644 --- a/libraries/navigation/nodes/NodeTable.php +++ b/libraries/navigation/nodes/NodeTable.php @@ -53,20 +53,22 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false) 'text' => $script_name . '?server=' . $GLOBALS['server'] . '&db=%2$s&table=%1$s' - . '&pos=0', + . '&pos=0&token=' . $_SESSION[' PMA_token '], 'icon' => array( Util::getScriptNameForOption( $GLOBALS['cfg']['NavigationTreeDefaultTabTable'], 'table' ) . '?server=' . $GLOBALS['server'] - . '&db=%2$s&table=%1$s', + . '&db=%2$s&table=%1$s&token=' + . $_SESSION[' PMA_token '], Util::getScriptNameForOption( $GLOBALS['cfg']['NavigationTreeDefaultTabTable2'], 'table' ) . '?server=' . $GLOBALS['server'] - . '&db=%2$s&table=%1$s', + . '&db=%2$s&table=%1$s&token=' + . $_SESSION[' PMA_token '], ), 'title' => $this->title, ); diff --git a/libraries/navigation/nodes/NodeTableContainer.php b/libraries/navigation/nodes/NodeTableContainer.php index 9b506ea2bb13..8928fb017e29 100644 --- a/libraries/navigation/nodes/NodeTableContainer.php +++ b/libraries/navigation/nodes/NodeTableContainer.php @@ -26,9 +26,11 @@ public function __construct() $this->icon = PMA\libraries\Util::getImage('b_browse.png', __('Tables')); $this->links = array( 'text' => 'db_structure.php?server=' . $GLOBALS['server'] - . '&db=%1$s&tbl_type=table', + . '&db=%1$s&tbl_type=table' + . '&token=' . $_SESSION[' PMA_token '], 'icon' => 'db_structure.php?server=' . $GLOBALS['server'] - . '&db=%1$s&tbl_type=table', + . '&db=%1$s&tbl_type=table' + . '&token=' . $_SESSION[' PMA_token '], ); $this->real_name = 'tables'; $this->classes = 'tableContainer subContainer'; @@ -42,9 +44,9 @@ public function __construct() $new->icon = PMA\libraries\Util::getImage('b_table_add.png', $new_label); $new->links = array( 'text' => 'tbl_create.php?server=' . $GLOBALS['server'] - . '&db=%2$s', + . '&db=%2$s&token=' . $_SESSION[' PMA_token '], 'icon' => 'tbl_create.php?server=' . $GLOBALS['server'] - . '&db=%2$s', + . '&db=%2$s&token=' . $_SESSION[' PMA_token '], ); $new->classes = 'new_table italics'; $this->addChild($new); diff --git a/libraries/navigation/nodes/NodeTrigger.php b/libraries/navigation/nodes/NodeTrigger.php index a90ddda179ac..ee0960bac308 100644 --- a/libraries/navigation/nodes/NodeTrigger.php +++ b/libraries/navigation/nodes/NodeTrigger.php @@ -30,9 +30,11 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false) $this->icon = PMA\libraries\Util::getImage('b_triggers.png'); $this->links = array( 'text' => 'db_triggers.php?server=' . $GLOBALS['server'] - . '&db=%3$s&item_name=%1$s&edit_item=1', + . '&db=%3$s&item_name=%1$s&edit_item=1' + . '&token=' . $_SESSION[' PMA_token '], 'icon' => 'db_triggers.php?server=' . $GLOBALS['server'] - . '&db=%3$s&item_name=%1$s&export_item=1', + . '&db=%3$s&item_name=%1$s&export_item=1' + . '&token=' . $_SESSION[' PMA_token '], ); $this->classes = 'trigger'; } diff --git a/libraries/navigation/nodes/NodeTriggerContainer.php b/libraries/navigation/nodes/NodeTriggerContainer.php index 1cd379017bc9..5d1e643af75a 100644 --- a/libraries/navigation/nodes/NodeTriggerContainer.php +++ b/libraries/navigation/nodes/NodeTriggerContainer.php @@ -26,9 +26,11 @@ public function __construct() $this->icon = PMA\libraries\Util::getImage('b_triggers.png'); $this->links = array( 'text' => 'db_triggers.php?server=' . $GLOBALS['server'] - . '&db=%2$s&table=%1$s', + . '&db=%2$s&table=%1$s&token=' + . $_SESSION[' PMA_token '], 'icon' => 'db_triggers.php?server=' . $GLOBALS['server'] - . '&db=%2$s&table=%1$s', + . '&db=%2$s&table=%1$s&token=' + . $_SESSION[' PMA_token '], ); $this->real_name = 'triggers'; @@ -40,9 +42,11 @@ public function __construct() $new->icon = PMA\libraries\Util::getImage('b_trigger_add.png', ''); $new->links = array( 'text' => 'db_triggers.php?server=' . $GLOBALS['server'] - . '&db=%3$s&add_item=1', + . '&db=%3$s&token=' . $_SESSION[' PMA_token '] + . '&add_item=1', 'icon' => 'db_triggers.php?server=' . $GLOBALS['server'] - . '&db=%3$s&add_item=1', + . '&db=%3$s&token=' . $_SESSION[' PMA_token '] + . '&add_item=1', ); $new->classes = 'new_trigger italics'; $this->addChild($new); diff --git a/libraries/navigation/nodes/NodeView.php b/libraries/navigation/nodes/NodeView.php index 2ec500cd3472..804079727866 100644 --- a/libraries/navigation/nodes/NodeView.php +++ b/libraries/navigation/nodes/NodeView.php @@ -30,9 +30,11 @@ public function __construct($name, $type = Node::OBJECT, $is_group = false) $this->icon = PMA\libraries\Util::getImage('b_props.png', __('View')); $this->links = array( 'text' => 'sql.php?server=' . $GLOBALS['server'] - . '&db=%2$s&table=%1$s&pos=0', + . '&db=%2$s&table=%1$s&pos=0' + . '&token=' . $_SESSION[' PMA_token '], 'icon' => 'tbl_structure.php?server=' . $GLOBALS['server'] - . '&db=%2$s&table=%1$s', + . '&db=%2$s&table=%1$s' + . '&token=' . $_SESSION[' PMA_token '], ); $this->classes = 'view'; } diff --git a/libraries/navigation/nodes/NodeViewContainer.php b/libraries/navigation/nodes/NodeViewContainer.php index 78df8085c53f..89dfbe77e941 100644 --- a/libraries/navigation/nodes/NodeViewContainer.php +++ b/libraries/navigation/nodes/NodeViewContainer.php @@ -26,9 +26,11 @@ public function __construct() $this->icon = PMA\libraries\Util::getImage('b_views.png', __('Views')); $this->links = array( 'text' => 'db_structure.php?server=' . $GLOBALS['server'] - . '&db=%1$s&tbl_type=view', + . '&db=%1$s&tbl_type=view' + . '&token=' . $_SESSION[' PMA_token '], 'icon' => 'db_structure.php?server=' . $GLOBALS['server'] - . '&db=%1$s&tbl_type=view', + . '&db=%1$s&tbl_type=view' + . '&token=' . $_SESSION[' PMA_token '], ); $this->classes = 'viewContainer subContainer'; $this->real_name = 'views'; @@ -42,9 +44,9 @@ public function __construct() $new->icon = PMA\libraries\Util::getImage('b_view_add.png', $new_label); $new->links = array( 'text' => 'view_create.php?server=' . $GLOBALS['server'] - . '&db=%2$s', + . '&db=%2$s&token=' . $_SESSION[' PMA_token '], 'icon' => 'view_create.php?server=' . $GLOBALS['server'] - . '&db=%2$s', + . '&db=%2$s&token=' . $_SESSION[' PMA_token '], ); $new->classes = 'new_view italics'; $this->addChild($new); diff --git a/test/classes/AdvisorTest.php b/test/classes/AdvisorTest.php index caed353d2e30..af5a7d16c4c3 100644 --- a/test/classes/AdvisorTest.php +++ b/test/classes/AdvisorTest.php @@ -171,7 +171,7 @@ public function rulesProvider() 'name' => 'Variable', 'issue' => 'issue', 'recommendation' => 'Recommend status_var' + 'filter=status_var&lang=en&token=token">status_var' ), null, ), diff --git a/test/classes/DbSearchTest.php b/test/classes/DbSearchTest.php index 0cca012cb4b2..44758733a0d7 100644 --- a/test/classes/DbSearchTest.php +++ b/test/classes/DbSearchTest.php @@ -167,13 +167,13 @@ public function providerForTestGetResultsRow() . 'href="sql.php?db=pma&table' . '=table1&goto=db_sql.php&pos=0&is_js_confirmed=0&' . 'server=0&lang=en&' - . 'collation_connection=utf-8" ' + . 'collation_connection=utf-8&token=token" ' . 'data-browse-sql="column1" data-table-name="table1" ' . '>Browse' . 'Delete' diff --git a/test/classes/DisplayResultsTest.php b/test/classes/DisplayResultsTest.php index 0d3e8d0b5341..ce6b6a7bd43e 100644 --- a/test/classes/DisplayResultsTest.php +++ b/test/classes/DisplayResultsTest.php @@ -889,7 +889,7 @@ public function dataProviderForTestGetSpecialLinkUrl() 'routine_name', 'db_routines.php?item_name=circumference&db=data' . '&item_type=FUNCTION&server=0&lang=en' - . '&collation_connection=utf-8' + . '&collation_connection=utf-8&token=token' ), array( 'information_schema', @@ -903,7 +903,7 @@ public function dataProviderForTestGetSpecialLinkUrl() 'routine_name', 'db_routines.php?item_name=area&db=data' . '&item_type=PROCEDURE&server=0&lang=en' - . '&collation_connection=utf-8' + . '&collation_connection=utf-8&token=token' ), array( 'information_schema', @@ -917,7 +917,7 @@ public function dataProviderForTestGetSpecialLinkUrl() 'index.php?sql_query=SELECT+%60CHARACTER_SET_NAME%60+FROM+%60info' . 'rmation_schema%60.%60CHARACTER_SETS%60&db=information_schema' . '&test_name=value&server=0&lang=en' - . '&collation_connection=utf-8' + . '&collation_connection=utf-8&token=token' ) ); } @@ -1246,7 +1246,7 @@ public function dataProviderForTestHandleNonPrintableContents() $url_params, null, '1001' ), array( @@ -1261,7 +1261,7 @@ public function dataProviderForTestHandleNonPrintableContents() $url_params, null, '0x123456' ), array( @@ -1276,7 +1276,7 @@ public function dataProviderForTestHandleNonPrintableContents() $url_params, null, '[BLOB - 4 B]' ), array( @@ -1399,7 +1399,7 @@ public function dataProviderForTestGetDataCellForNonNumericColumns() 'binary', '[BLOB - 4 B]' ), diff --git a/test/classes/FooterTest.php b/test/classes/FooterTest.php index 43efe51fde7b..57db70f66396 100644 --- a/test/classes/FooterTest.php +++ b/test/classes/FooterTest.php @@ -157,7 +157,7 @@ public function testGetSelfLink() $this->assertEquals( '', $this->_callPrivateFunction( '_getSelfLink', @@ -182,7 +182,7 @@ public function testGetSelfLinkWithImage() $this->assertEquals( '', diff --git a/test/classes/ThemeTest.php b/test/classes/ThemeTest.php index 590bccd0f732..07d98e429688 100644 --- a/test/classes/ThemeTest.php +++ b/test/classes/ThemeTest.php @@ -292,7 +292,7 @@ public function testPrintPreview() $this->object->getPrintPreview(), '

(0.0.0.0)

No preview available.[ take it ]' . '

' ); diff --git a/test/classes/URLTest.php b/test/classes/URLTest.php index d11477e75ecd..e53af360b406 100644 --- a/test/classes/URLTest.php +++ b/test/classes/URLTest.php @@ -45,6 +45,7 @@ public function testDbOnly() $expected = 'server=x' . htmlentities($separator) . 'lang=en' . htmlentities($separator) . 'collation_connection=x' + . htmlentities($separator) . 'token=token' ; $expected = '?db=db' @@ -68,6 +69,7 @@ public function testNewStyle() $expected = 'server=x' . htmlentities($separator) . 'lang=en' . htmlentities($separator) . 'collation_connection=x' + . htmlentities($separator) . 'token=token' ; $expected = '?db=db' @@ -92,6 +94,7 @@ public function testWithAlternateDivider() $expected = 'server=x' . $separator . 'lang=en' . $separator . 'collation_connection=x' + . $separator . 'token=token' ; $expected = '#ABC#db=db' . $separator . 'table=table' . $separator @@ -119,6 +122,7 @@ public function testDefault() $expected = '?server=x' . htmlentities($separator) . 'lang=en' . htmlentities($separator) . 'collation_connection=x' + . htmlentities($separator) . 'token=token' ; $this->assertEquals($expected, URL::getCommon()); } diff --git a/test/classes/config/PageSettingsTest.php b/test/classes/config/PageSettingsTest.php index 9f6f67eb074a..28f1ba51f58f 100644 --- a/test/classes/config/PageSettingsTest.php +++ b/test/classes/config/PageSettingsTest.php @@ -57,7 +57,7 @@ public function testShowGroupBrowse() '
' . '
' . '
', $html ); diff --git a/test/classes/navigation/NavigationTest.php b/test/classes/navigation/NavigationTest.php index 1bc71f912f7e..4c34b72fb708 100644 --- a/test/classes/navigation/NavigationTest.php +++ b/test/classes/navigation/NavigationTest.php @@ -156,7 +156,7 @@ public function testGetItemUnhideDialog() $this->assertContains( '', $html ); diff --git a/test/classes/navigation/NodeDatabaseChildTest.php b/test/classes/navigation/NodeDatabaseChildTest.php index 90daff01d120..8011f55e9c78 100644 --- a/test/classes/navigation/NodeDatabaseChildTest.php +++ b/test/classes/navigation/NodeDatabaseChildTest.php @@ -83,7 +83,7 @@ public function testGetHtmlForControlButtons() $this->assertContains( '', + . '&dbName=parent&lang=en&token=token" class="hideNavItem ajax">', $html ); } diff --git a/test/classes/plugin/auth/AuthenticationConfigTest.php b/test/classes/plugin/auth/AuthenticationConfigTest.php index 9679f4c92d8b..6235c4f634a0 100644 --- a/test/classes/plugin/auth/AuthenticationConfigTest.php +++ b/test/classes/plugin/auth/AuthenticationConfigTest.php @@ -138,7 +138,7 @@ public function testAuthFails() $this->assertContains( 'Retry to connect', $html ); diff --git a/test/classes/plugin/auth/AuthenticationCookieTest.php b/test/classes/plugin/auth/AuthenticationCookieTest.php index 224a9e98a665..3340d1756044 100644 --- a/test/classes/plugin/auth/AuthenticationCookieTest.php +++ b/test/classes/plugin/auth/AuthenticationCookieTest.php @@ -372,7 +372,7 @@ public function testAuthHeaderPartial() $_COOKIE['pmaAuth-2'] = ''; - $this->mockResponse('Location: /phpmyadmin/index.php?server=2&lang=en&collation_connection=utf-8'); + $this->mockResponse('Location: /phpmyadmin/index.php?server=2&lang=en&collation_connection=utf-8&token=token'); $this->object->logOut(); } diff --git a/test/libraries/PMA_Form_Processing_test.php b/test/libraries/PMA_Form_Processing_test.php index 09f044efbf72..bef39ffd8665 100644 --- a/test/libraries/PMA_Form_Processing_test.php +++ b/test/libraries/PMA_Form_Processing_test.php @@ -39,7 +39,7 @@ public function testProcessFormSet() { $this->mockResponse( array('HTTP/1.1 303 See Other'), - array('Location: index.php?lang=en') + array('Location: index.php?lang=en&token=token') ); // case 1 diff --git a/test/libraries/PMA_insert_edit_test.php b/test/libraries/PMA_insert_edit_test.php index d68adf98eddb..541d2aa6c5dc 100644 --- a/test/libraries/PMA_insert_edit_test.php +++ b/test/libraries/PMA_insert_edit_test.php @@ -293,7 +293,7 @@ public function testShowTypeOrFunction() $this->assertEquals( ' : ' + . 'DataEditView=1&goto=sql.php&lang=en&token=token">' . 'Function', $result ); @@ -303,7 +303,7 @@ public function testShowTypeOrFunction() $this->assertEquals( 'Function', $result ); @@ -313,7 +313,7 @@ public function testShowTypeOrFunction() $this->assertEquals( ' : ' + . 'DataEditView=1&goto=sql.php&lang=en&token=token">' . 'Type', $result ); @@ -323,7 +323,7 @@ public function testShowTypeOrFunction() $this->assertEquals( 'Type', $result ); @@ -746,7 +746,7 @@ public function testGetForeignLink() $this->assertContains( '', + . '&data=abc&server=1&lang=en&token=token">', $result ); @@ -1977,7 +1977,7 @@ public function testGetErrorUrl() { $GLOBALS['cfg']['ServerDefault'] = 1; $this->assertEquals( - 'tbl_change.php?lang=en', + 'tbl_change.php?lang=en&token=token', PMA_getErrorUrl(array()) ); @@ -2278,7 +2278,7 @@ public function testGetLinkForRelationalDisplayField() $this->assertEquals( 'b<', + . '+%60f%60%3D1&lang=en&token=token" title="a>">b<', $result ); @@ -2288,7 +2288,7 @@ public function testGetLinkForRelationalDisplayField() $this->assertEquals( 'a>', + . '+%60f%60%3D1&lang=en&token=token" title="b<">a>', $result ); } diff --git a/test/libraries/PMA_server_privileges_test.php b/test/libraries/PMA_server_privileges_test.php index b1776c84e817..ba3c9544d266 100644 --- a/test/libraries/PMA_server_privileges_test.php +++ b/test/libraries/PMA_server_privileges_test.php @@ -2427,13 +2427,13 @@ function testPMAGetHtmlForInitials() $this->assertContains( '-', + . 'collation_connection&token=token">-', $actual ); $this->assertContains( '"', + . 'collation_connection&token=token">"', $actual ); $this->assertContains('Show all', $actual); diff --git a/test/libraries/PMA_user_preferences_test.php b/test/libraries/PMA_user_preferences_test.php index 535fabaebf09..48cd98bc6029 100644 --- a/test/libraries/PMA_user_preferences_test.php +++ b/test/libraries/PMA_user_preferences_test.php @@ -368,7 +368,7 @@ public function testUserprefsRedirect() { $GLOBALS['lang'] = ''; - $this->mockResponse('Location: /phpmyadmin/file.html?a=b&saved=1&server=0#h+ash'); + $this->mockResponse('Location: /phpmyadmin/file.html?a=b&saved=1&server=0&token=token#h+ash'); $GLOBALS['PMA_Config']->set('PmaAbsoluteUri', ''); $GLOBALS['PMA_Config']->set('PMA_IS_IIS', false); diff --git a/test/libraries/common/PMA_getDbLink_test.php b/test/libraries/common/PMA_getDbLink_test.php index d123eadd50d8..9c56febd8127 100644 --- a/test/libraries/common/PMA_getDbLink_test.php +++ b/test/libraries/common/PMA_getDbLink_test.php @@ -58,7 +58,7 @@ function testGetDbLinkNull() $GLOBALS['cfg']['DefaultTabDatabase'], 'database' ) . '?db=' . $database - . '&server=99&lang=en" ' + . '&server=99&lang=en&token=token" ' . 'title="Jump to database "' . htmlspecialchars($database) . '".">' . htmlspecialchars($database) . '', @@ -80,7 +80,7 @@ function testGetDbLink() $GLOBALS['cfg']['DefaultTabDatabase'], 'database' ) . '?db=' . $database - . '&server=99&lang=en" title="Jump to database "' + . '&server=99&lang=en&token=token" title="Jump to database "' . htmlspecialchars($database) . '".">' . htmlspecialchars($database) . '', PMA\libraries\Util::getDbLink($database) @@ -103,7 +103,7 @@ function testGetDbLinkWithSpecialChars() ) . '?db=' . htmlspecialchars(urlencode($database)) - . '&server=99&lang=en" title="Jump to database "' + . '&server=99&lang=en&token=token" title="Jump to database "' . htmlspecialchars($database) . '".">' . htmlspecialchars($database) . '', PMA\libraries\Util::getDbLink($database)