Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Don't store files in hidden fields

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1250 7c3ca157-0c34-0410-bff1-cbf682f78f5c
  • Loading branch information...
commit 3e9b1ba19f2ffd4f9c70a84b7dde052cf20a917e 1 parent 2d52e07
jakubvrana authored
Showing with 2 additions and 15 deletions.
  1. +0 −3  adminer/include/auth.inc.php
  2. +2 −12 adminer/include/functions.inc.php
View
3  adminer/include/auth.inc.php
@@ -41,9 +41,6 @@ function auth_error($exception = null) {
$adminer->loginForm($username);
echo "<p>\n";
hidden_fields($_POST, array("server", "username", "password")); // expired session
- foreach ($_FILES as $key => $val) {
- echo '<input type="hidden" name="files[' . h($key) . ']" value="' . ($val["error"] ? $val["error"] : base64_encode(file_get_contents($val["tmp_name"]))) . '">';
- }
echo "<input type='submit' value='" . lang('Login') . "'>\n</form>\n";
page_footer("auth");
}
View
14 adminer/include/functions.inc.php
@@ -296,22 +296,12 @@ function pagination($page) {
return " " . ($page == $_GET["page"] ? $page + 1 : '<a href="' . h(remove_from_uri("page") . ($page ? "&page=$page" : "")) . '">' . ($page + 1) . "</a>");
}
-/** Get file contents from $_FILES or $_POST["files"]
+/** Get file contents from $_FILES
* @param string
* @param bool
-* @return string
+* @return mixed int for error, string otherwise
*/
function get_file($key, $decompress = false) {
- // returns int for error, string otherwise
- $file = $_POST["files"][$key];
- if (isset($file)) {
- // get the file from hidden field if the user was logged out
- $length = strlen($file);
- if ($length && $length < 4) {
- return intval($file);
- }
- return base64_decode($file);
- }
$file = $_FILES[$key];
if (!$file || $file["error"]) {
return $file["error"];
Please sign in to comment.
Something went wrong with that request. Please try again.