Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/phpmyadmin/phpmyadmin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/sql.php
diff options
context:
space:
mode:
authorMadhura Jayaratne <madhura.cj@gmail.com>2018-04-17 17:07:48 +0300
committerMadhura Jayaratne <madhura.cj@gmail.com>2018-04-17 17:59:33 +0300
commitc6dd6b56e236a3aff953cee4135ecaa67130e641 (patch)
tree4e166cd9d267dcaaec6965e531240cee9c5cf70e /sql.php
parent301cbe4ef7b38e4ab351438703f38410c2a578cc (diff)
Fix phpmyadmin-security#240 Multiple CSRF vulnerabilities
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
Diffstat (limited to 'sql.php')
-rw-r--r--sql.php4
1 files changed, 2 insertions, 2 deletions
diff --git a/sql.php b/sql.php
index 13eb168e03..056497fd3b 100644
--- a/sql.php
+++ b/sql.php
@@ -69,8 +69,8 @@ if (! isset($err_url)) {
// Coming from a bookmark dialog
if (isset($_POST['bkm_fields']['bkm_sql_query'])) {
$sql_query = $_POST['bkm_fields']['bkm_sql_query'];
-} elseif (isset($_GET['sql_query'])) {
- $sql_query = $_GET['sql_query'];
+} elseif (isset($_POST['sql_query'])) {
+ $sql_query = $_POST['sql_query'];
}
// This one is just to fill $db
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-24 23:26:34 +0300