Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with
or
.
Download ZIP
Browse files

Don't send incomplete forms

  • Loading branch information...
commit 740ae10a3d3fe94e63e6788429ad0d408bef615d 1 parent 071e6a2
@vrana authored
View
2  adminer/call.inc.php
@@ -72,6 +72,6 @@
}
?>
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Call'); ?>">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
2  adminer/create.inc.php
@@ -161,9 +161,9 @@
<label><input type="checkbox" onclick="columnShow(this.checked, 5);"><?php echo lang('Default values'); ?></label>
<?php echo (support("comment") ? checkbox("", "", $comments, lang('Comment'), "columnShow(this.checked, 6); toggle('Comment'); if (this.checked) this.form['Comment'].focus();") . ' <input id="Comment" name="Comment" value="' . h($row["Comment"]) . '" maxlength="60"' . ($comments ? '' : ' class="hidden"') . '>' : ''); ?>
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php if (strlen($_GET["create"])) { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php
if (support("partitioning")) {
$partition_table = ereg('RANGE|LIST', $row["partition_by"]);
View
2  adminer/database.inc.php
@@ -62,7 +62,6 @@
) . "\n" . ($collations ? html_select("collation", array("" => "(" . lang('collation') . ")") + $collations, $collate) : "");
?>
<script type='text/javascript'>document.getElementById('name').focus();</script>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php
if (DB != "") {
@@ -71,4 +70,5 @@
echo "<input type='image' name='add' src='../adminer/static/plus.gif' alt='+' title='" . lang('Add next') . "'>\n";
}
?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
3  adminer/db.inc.php
@@ -73,7 +73,7 @@
}
echo "</table>\n";
if (!information_schema(DB)) {
- echo "<p><input type='hidden' name='token' value='$token'>" . ($jush == "sql" ? "<input type='submit' value='" . lang('Analyze') . "'> <input type='submit' name='optimize' value='" . lang('Optimize') . "'> <input type='submit' name='check' value='" . lang('Check') . "'> <input type='submit' name='repair' value='" . lang('Repair') . "'> " : "") . "<input type='submit' name='truncate' value='" . lang('Truncate') . "'" . confirm("formChecked(this, /tables/)") . "> <input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm("formChecked(this, /tables|views/)", 1) . ">\n"; // 1 - eventStop
+ echo "<p>" . ($jush == "sql" ? "<input type='submit' value='" . lang('Analyze') . "'> <input type='submit' name='optimize' value='" . lang('Optimize') . "'> <input type='submit' name='check' value='" . lang('Check') . "'> <input type='submit' name='repair' value='" . lang('Repair') . "'> " : "") . "<input type='submit' name='truncate' value='" . lang('Truncate') . "'" . confirm("formChecked(this, /tables/)") . "> <input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm("formChecked(this, /tables|views/)", 1) . ">\n"; // 1 - eventStop
$databases = (support("scheme") ? schemas() : get_databases());
if (count($databases) != 1 && $jush != "sqlite") {
$db = (isset($_POST["target"]) ? $_POST["target"] : (support("scheme") ? $_GET["ns"] : DB));
@@ -83,6 +83,7 @@
echo (support("copy") ? " <input type='submit' name='copy' value='" . lang('Copy') . "' onclick='eventStop(event);'>" : "");
echo "\n";
}
+ echo "<input type='hidden' name='token' value='$token'>\n";
}
echo "</form>\n";
}
View
12 adminer/edit.inc.php
@@ -90,13 +90,7 @@
}
?>
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
-<input type="hidden" name="referer" value="<?php echo h(isset($_POST["referer"]) ? $_POST["referer"] : $_SERVER["HTTP_REFERER"]); ?>">
-<input type="hidden" name="save" value="1">
<?php
-if (isset($_GET["select"])) {
- hidden_fields(array("check" => (array) $_POST["check"], "clone" => $_POST["clone"], "all" => $_POST["all"]));
-}
if ($fields) {
echo "<input type='submit' value='" . lang('Save') . "'>\n";
if (!isset($_GET["select"])) {
@@ -106,5 +100,11 @@
echo ($update ? "<input type='submit' name='delete' value='" . lang('Delete') . "' onclick=\"return confirm('" . lang('Are you sure?') . "');\">\n"
: ($_POST ? "" : "<script type='text/javascript'>document.getElementById('form').getElementsByTagName('td')[1].firstChild.focus();</script>\n")
);
+if (isset($_GET["select"])) {
+ hidden_fields(array("check" => (array) $_POST["check"], "clone" => $_POST["clone"], "all" => $_POST["all"]));
+}
?>
+<input type="hidden" name="referer" value="<?php echo h(isset($_POST["referer"]) ? $_POST["referer"] : $_SERVER["HTTP_REFERER"]); ?>">
+<input type="hidden" name="save" value="1">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
2  adminer/event.inc.php
@@ -47,7 +47,7 @@
</table>
<p><?php textarea("EVENT_DEFINITION", $row["EVENT_DEFINITION"]); ?>
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php if ($EVENT != "") { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
2  adminer/include/adminer.inc.php
@@ -739,8 +739,8 @@ function navigation($missing) {
}
}
?>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" onclick="eventStop(event);">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</p>
</form>
<form action="">
View
3  adminer/include/connect.inc.php
@@ -32,7 +32,7 @@ function connect_error() {
$collations = collations();
echo "<form action='' method='post'>\n";
echo "<table cellspacing='0' onclick='tableClick(event);'>\n";
- echo "<thead><tr><td><input type='hidden' name='token' value='$token'>&nbsp;<th>" . lang('Database') . "<td>" . lang('Collation') . "<td>" . lang('Tables') . "</thead>\n";
+ echo "<thead><tr><td>&nbsp;<th>" . lang('Database') . "<td>" . lang('Collation') . "<td>" . lang('Tables') . "</thead>\n";
foreach ($databases as $db) {
$root = h(ME) . "db=" . urlencode($db);
echo "<tr" . odd() . "><td>" . checkbox("db[]", $db, in_array($db, (array) $_POST["db"]));
@@ -43,6 +43,7 @@ function connect_error() {
}
echo "</table>\n";
echo "<p><input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm("formChecked(this, /db/)", 1) . ">\n"; // 1 - eventStop
+ echo "<input type='hidden' name='token' value='$token'>\n";
echo "<a href='" . h(ME) . "refresh=1' onclick='eventStop(event);'>" . lang('Refresh') . "</a>\n";
echo "</form>\n";
}
View
2  adminer/indexes.inc.php
@@ -94,7 +94,7 @@
?>
</table>
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<noscript><p><input type="submit" name="add" value="<?php echo lang('Add next'); ?>"></noscript>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
4 adminer/procedure.inc.php
@@ -51,8 +51,8 @@
</table>
<p><?php textarea("definition", $row["definition"]); ?>
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
-<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php if ($PROCEDURE != "") { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
+<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
2  adminer/processlist.inc.php
@@ -30,6 +30,6 @@
</table>
<p><?php echo ($i + 1) . "/" . lang('%d in total', $connection->result("SELECT @@max_connections")); ?>
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Kill'); ?>">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
2  adminer/scheme.inc.php
@@ -25,11 +25,11 @@
<form action="" method="post">
<p><input name="name" value="<?php echo h($row["name"]); ?>">
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php
if ($_GET["ns"] != "") {
echo "<input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm() . ">\n";
}
?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
5 adminer/select.inc.php
@@ -409,9 +409,10 @@
echo "</div></fieldset>\n";
}
print_fieldset("import", lang('Import'), !$rows);
- echo "<input type='hidden' name='token' value='$token'><input type='file' name='csv_file'> ";
+ echo "<input type='file' name='csv_file'> ";
echo html_select("separator", array("csv" => "CSV,", "csv;" => "CSV;", "tsv" => "TSV"), $adminer_export["format"], 1); // 1 - select
- echo " <input type='submit' name='import' value='" . lang('Import') . "'>\n";
+ echo " <input type='submit' name='import' value='" . lang('Import') . "'>";
+ echo "<input type='hidden' name='token' value='$token'>\n";
echo "</div></fieldset>\n";
$adminer->selectEmailPrint(array_filter($email_fields, 'strlen'), $columns);
View
2  adminer/sequence.inc.php
@@ -24,11 +24,11 @@
<form action="" method="post">
<p><input name="name" value="<?php echo h($row["name"]); ?>">
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php
if ($SEQUENCE != "") {
echo "<input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm() . ">\n";
}
?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
7 adminer/sql.inc.php
@@ -118,9 +118,8 @@
$export = ", <a href='#$id' onclick=\"return !toggle('$id');\">" . lang('Export') . "</a><span id='$id' class='hidden'>: "
. html_select("output", $adminer->dumpOutput(), $adminer_export["output"]) . " "
. html_select("format", $dump_format, $adminer_export["format"])
- . " <input type='hidden' name='query' value='" . h($q) . "' />"
- . " <input type='hidden' name='token' value='$token' />"
- . " <input type='submit' name='export' value='" . lang('Export') . "' onclick='eventStop(event);'></span>"
+ . "<input type='hidden' name='query' value='" . h($q) . "'>"
+ . " <input type='submit' name='export' value='" . lang('Export') . "' onclick='eventStop(event);'><input type='hidden' name='token' value='$token'></span>"
;
if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) {
$id = "explain-$commands";
@@ -179,8 +178,8 @@
?>
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Execute'); ?>" title="Ctrl+Enter">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php
echo checkbox("error_stops", 1, $_POST["error_stops"], lang('Stop on error')) . "\n";
echo checkbox("only_errors", 1, $_POST["only_errors"], lang('Show only errors')) . "\n";
View
4 adminer/trigger.inc.php
@@ -37,8 +37,8 @@
<p><?php echo lang('Name'); ?>: <input name="Trigger" value="<?php echo h($row["Trigger"]); ?>" maxlength="64">
<p><?php textarea("Statement", $row["Statement"]); ?>
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
-<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php if ($_GET["name"] != "") { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
+<?php if ($dropped) { ?><input type="hidden" name="dropped" value="1"><?php } ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
2  adminer/type.inc.php
@@ -20,7 +20,6 @@
<form action="" method="post">
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php
if ($TYPE != "") {
echo "<input type='submit' name='drop' value='" . lang('Drop') . "'" . confirm() . ">\n";
@@ -30,4 +29,5 @@
echo "<p><input type='submit' value='" . lang('Save') . "'>\n";
}
?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
2  adminer/user.inc.php
@@ -162,7 +162,7 @@
echo "</table>\n";
?>
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" value="<?php echo lang('Save'); ?>">
<?php if (isset($_GET["host"])) { ?><input type="submit" name="drop" value="<?php echo lang('Drop'); ?>"<?php echo confirm(); ?>><?php } ?>
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
2  adminer/view.inc.php
@@ -28,7 +28,7 @@
<p><?php echo lang('Name'); ?>: <input name="name" value="<?php echo h($row["name"]); ?>" maxlength="64">
<p><?php textarea("select", $row["select"]); ?>
<p>
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<?php if ($dropped) { // old view was dropped but new wasn't created ?><input type="hidden" name="dropped" value="1"><?php } ?>
<input type="submit" value="<?php echo lang('Save'); ?>">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</form>
View
2  editor/include/adminer.inc.php
@@ -505,8 +505,8 @@ function navigation($missing) {
?>
<form action="" method="post">
<p class="logout">
-<input type="hidden" name="token" value="<?php echo $token; ?>">
<input type="submit" name="logout" value="<?php echo lang('Logout'); ?>" onclick="eventStop(event);">
+<input type="hidden" name="token" value="<?php echo $token; ?>">
</p>
</form>
<?php
Please sign in to comment.
Something went wrong with that request. Please try again.