diff options
author | Dan Ungureanu <udan1107@gmail.com> | 2015-07-17 18:14:57 +0300 |
---|---|---|
committer | Dan Ungureanu <udan1107@gmail.com> | 2015-07-17 18:14:57 +0300 |
commit | 98a497e67c7e39ed1608b14222fd182f864b9195 (patch) | |
tree | 41dfa792d6fcdbbc1822f3f7d94d38de1e40b604 /lint.php | |
parent | c5a788bfec8def1d4e3c628d60396d3060b4d8b1 (diff) |
Do not process unauthorized requests.
Signed-off-by: Dan Ungureanu <udan1107@gmail.com>
Diffstat (limited to 'lint.php')
-rw-r--r-- | lint.php | 17 |
1 files changed, 17 insertions, 0 deletions
@@ -8,6 +8,19 @@ define('PHPMYADMIN', true); +// We load the minimum files required to check if the user is logged in. +require_once 'libraries/core.lib.php'; +require_once 'libraries/Config.class.php'; +$GLOBALS['PMA_Config'] = new PMA_Config(CONFIG_FILE); +require_once 'libraries/session.inc.php'; + +// If user is not logged in, he should not send any requests, so we exit here to +// avoid external requests. +if (empty($_SESSION['encryption_key'])) { + // Unauthorized access detected. + exit; +} + /** * Loads the SQL lexer and parser, which are used to detect errors. */ @@ -18,4 +31,8 @@ require_once 'libraries/sql-parser/autoload.php'; */ require_once 'libraries/Linter.class.php'; +// The input of this function does not need to be checked again XSS or MySQL +// injections because it is never executed, just parsed. +// The client, which will recieve the JSON response will decode the message and +// and any HTML fragments that are displayed to the user will be encoded anyway. PMA_Linter::lint($_REQUEST['sql_query']); |