From eeb2048ca6a096d97b66dca0322a47438b8dd054 Mon Sep 17 00:00:00 2001
From: Alexandre <44178713+alexbelgium@users.noreply.github.com>
Date: Sat, 1 Jun 2024 09:03:54 +0200
Subject: [PATCH] Adminer iframe ? (#78)
* Show Adminer in iframe
* Add a link to open in a new page if needed
* X-Frame-Options to SameOrigin
* Use uppercase as per standard
---
homepage/views.php | 5 ++++-
scripts/adminer-de.php | 2 +-
scripts/adminer-fr.php | 2 +-
scripts/adminer.php | 3 ++-
4 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/homepage/views.php b/homepage/views.php
index cf48f30..06e0485 100644
--- a/homepage/views.php
+++ b/homepage/views.php
@@ -136,7 +136,7 @@ if(isset($_GET['view'])){
-
+
@@ -205,6 +205,9 @@ if(isset($_GET['view'])){
if($_GET['view'] == "File"){
echo "";
}
+ if($_GET['view'] == "Adminer"){
+ echo "";
+ }
if($_GET['view'] == "Webterm"){
ensure_authenticated('You cannot access the web terminal');
echo "";
diff --git a/scripts/adminer-de.php b/scripts/adminer-de.php
index 729d48d..95471c7 100644
--- a/scripts/adminer-de.php
+++ b/scripts/adminer-de.php
@@ -639,7 +639,7 @@ var thousandsSeparator = \'',js_escape(' '),'\';
';if($Ba!==null){$A=substr(preg_replace('~\b(username|db|ns)=[^&]*&~','',ME),0,-1);echo'
'.$zb[DRIVER].' » ';$A=substr(preg_replace('~\b(db|ns)=[^&]*&~','',ME),0,-1);$O=$b->serverName(SERVER);$O=($O!=""?$O:'Server');if($Ba===false)echo"$O\n";else{echo"$O » ";if($_GET["ns"]!=""||(DB!=""&&is_array($Ba)))echo''.h(DB).' » ';if(is_array($Ba)){if($_GET["ns"]!="")echo''.h($_GET["ns"]).' » ';foreach($Ba
as$z=>$X){$sb=(is_array($X)?$X[1]:h($X));if($sb!="")echo"$sb » ";}}echo"$mg\n";}}echo"
$og
\n","
\n";restart_session();page_messages($l);$i=&get_session("dbs");if(DB!=""&&$i&&!in_array(DB,$i,true))$i=null;stop_session();define("PAGE_HEADER",1);}function
-page_headers(){global$b;header("Content-Type: text/html; charset=utf-8");header("Cache-Control: no-cache");header("X-Frame-Options: deny");header("X-XSS-Protection: 0");header("X-Content-Type-Options: nosniff");header("Referrer-Policy: origin-when-cross-origin");foreach($b->csp()as$db){$Dc=array();foreach($db
+page_headers(){global$b;header("Content-Type: text/html; charset=utf-8");header("Cache-Control: no-cache");header("X-Frame-Options: SAMEORIGIN");header("X-XSS-Protection: 0");header("X-Content-Type-Options: nosniff");header("Referrer-Policy: origin-when-cross-origin");foreach($b->csp()as$db){$Dc=array();foreach($db
as$z=>$X)$Dc[]="$z $X";header("Content-Security-Policy: ".implode("; ",$Dc));}$b->headers();}function
csp(){return
array(array("script-src"=>"'self' 'unsafe-inline' 'nonce-".get_nonce()."' 'strict-dynamic'","connect-src"=>"'self'","frame-src"=>"https://www.adminer.org","object-src"=>"'none'","base-uri"=>"'none'","form-action"=>"'self'",),);}function
diff --git a/scripts/adminer-fr.php b/scripts/adminer-fr.php
index dc15c11..e78a7db 100644
--- a/scripts/adminer-fr.php
+++ b/scripts/adminer-fr.php
@@ -639,7 +639,7 @@ var thousandsSeparator = \'',js_escape(','),'\';
';if($Ba!==null){$A=substr(preg_replace('~\b(username|db|ns)=[^&]*&~','',ME),0,-1);echo'
'.$zb[DRIVER].' » ';$A=substr(preg_replace('~\b(db|ns)=[^&]*&~','',ME),0,-1);$O=$b->serverName(SERVER);$O=($O!=""?$O:'Serveur');if($Ba===false)echo"$O\n";else{echo"$O » ";if($_GET["ns"]!=""||(DB!=""&&is_array($Ba)))echo''.h(DB).' » ';if(is_array($Ba)){if($_GET["ns"]!="")echo''.h($_GET["ns"]).' » ';foreach($Ba
as$z=>$X){$sb=(is_array($X)?$X[1]:h($X));if($sb!="")echo"$sb » ";}}echo"$mg\n";}}echo"
$og
\n","
\n";restart_session();page_messages($l);$i=&get_session("dbs");if(DB!=""&&$i&&!in_array(DB,$i,true))$i=null;stop_session();define("PAGE_HEADER",1);}function
-page_headers(){global$b;header("Content-Type: text/html; charset=utf-8");header("Cache-Control: no-cache");header("X-Frame-Options: deny");header("X-XSS-Protection: 0");header("X-Content-Type-Options: nosniff");header("Referrer-Policy: origin-when-cross-origin");foreach($b->csp()as$db){$Dc=array();foreach($db
+page_headers(){global$b;header("Content-Type: text/html; charset=utf-8");header("Cache-Control: no-cache");header("X-Frame-Options: SAMEORIGIN");header("X-XSS-Protection: 0");header("X-Content-Type-Options: nosniff");header("Referrer-Policy: origin-when-cross-origin");foreach($b->csp()as$db){$Dc=array();foreach($db
as$z=>$X)$Dc[]="$z $X";header("Content-Security-Policy: ".implode("; ",$Dc));}$b->headers();}function
csp(){return
array(array("script-src"=>"'self' 'unsafe-inline' 'nonce-".get_nonce()."' 'strict-dynamic'","connect-src"=>"'self'","frame-src"=>"https://www.adminer.org","object-src"=>"'none'","base-uri"=>"'none'","form-action"=>"'self'",),);}function
diff --git a/scripts/adminer.php b/scripts/adminer.php
index 83fc1d1..d7b69d7 100644
--- a/scripts/adminer.php
+++ b/scripts/adminer.php
@@ -1,4 +1,5 @@
Open in new page';
/** Adminer - Compact database management
* @link https://www.adminer.org/
* @author Jakub Vrana, https://www.vrana.cz/
@@ -639,7 +640,7 @@ var thousandsSeparator = \'',js_escape(','),'\';
';if($Ba!==null){$A=substr(preg_replace('~\b(username|db|ns)=[^&]*&~','',ME),0,-1);echo'
'.$zb[DRIVER].' » ';$A=substr(preg_replace('~\b(db|ns)=[^&]*&~','',ME),0,-1);$O=$b->serverName(SERVER);$O=($O!=""?$O:'Server');if($Ba===false)echo"$O\n";else{echo"$O » ";if($_GET["ns"]!=""||(DB!=""&&is_array($Ba)))echo''.h(DB).' » ';if(is_array($Ba)){if($_GET["ns"]!="")echo''.h($_GET["ns"]).' » ';foreach($Ba
as$z=>$X){$sb=(is_array($X)?$X[1]:h($X));if($sb!="")echo"$sb » ";}}echo"$mg\n";}}echo"
$og
\n","
\n";restart_session();page_messages($l);$i=&get_session("dbs");if(DB!=""&&$i&&!in_array(DB,$i,true))$i=null;stop_session();define("PAGE_HEADER",1);}function
-page_headers(){global$b;header("Content-Type: text/html; charset=utf-8");header("Cache-Control: no-cache");header("X-Frame-Options: deny");header("X-XSS-Protection: 0");header("X-Content-Type-Options: nosniff");header("Referrer-Policy: origin-when-cross-origin");foreach($b->csp()as$db){$Dc=array();foreach($db
+page_headers(){global$b;header("Content-Type: text/html; charset=utf-8");header("Cache-Control: no-cache");header("X-Frame-Options: SAMEORIGIN");header("X-XSS-Protection: 0");header("X-Content-Type-Options: nosniff");header("Referrer-Policy: origin-when-cross-origin");foreach($b->csp()as$db){$Dc=array();foreach($db
as$z=>$X)$Dc[]="$z $X";header("Content-Security-Policy: ".implode("; ",$Dc));}$b->headers();}function
csp(){return
array(array("script-src"=>"'self' 'unsafe-inline' 'nonce-".get_nonce()."' 'strict-dynamic'","connect-src"=>"'self'","frame-src"=>"https://www.adminer.org","object-src"=>"'none'","base-uri"=>"'none'","form-action"=>"'self'",),);}function