Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Don't store files in hidden fields

git-svn-id: https://adminer.svn.sourceforge.net/svnroot/adminer/trunk@1250 7c3ca157-0c34-0410-bff1-cbf682f78f5c
  • Loading branch information...
commit 3e9b1ba19f2ffd4f9c70a84b7dde052cf20a917e 1 parent 2d52e07
jakubvrana authored
3  adminer/include/auth.inc.php
@@ -41,9 +41,6 @@ function auth_error($exception = null) {
41 41 $adminer->loginForm($username);
42 42 echo "<p>\n";
43 43 hidden_fields($_POST, array("server", "username", "password")); // expired session
44   - foreach ($_FILES as $key => $val) {
45   - echo '<input type="hidden" name="files[' . h($key) . ']" value="' . ($val["error"] ? $val["error"] : base64_encode(file_get_contents($val["tmp_name"]))) . '">';
46   - }
47 44 echo "<input type='submit' value='" . lang('Login') . "'>\n</form>\n";
48 45 page_footer("auth");
49 46 }
14 adminer/include/functions.inc.php
@@ -296,22 +296,12 @@ function pagination($page) {
296 296 return " " . ($page == $_GET["page"] ? $page + 1 : '<a href="' . h(remove_from_uri("page") . ($page ? "&page=$page" : "")) . '">' . ($page + 1) . "</a>");
297 297 }
298 298
299   -/** Get file contents from $_FILES or $_POST["files"]
  299 +/** Get file contents from $_FILES
300 300 * @param string
301 301 * @param bool
302   -* @return string
  302 +* @return mixed int for error, string otherwise
303 303 */
304 304 function get_file($key, $decompress = false) {
305   - // returns int for error, string otherwise
306   - $file = $_POST["files"][$key];
307   - if (isset($file)) {
308   - // get the file from hidden field if the user was logged out
309   - $length = strlen($file);
310   - if ($length && $length < 4) {
311   - return intval($file);
312   - }
313   - return base64_decode($file);
314   - }
315 305 $file = $_FILES[$key];
316 306 if (!$file || $file["error"]) {
317 307 return $file["error"];

0 comments on commit 3e9b1ba

Please sign in to comment.
Something went wrong with that request. Please try again.