From ac2f606a21d474596a4b2cada961385439cbc8f0 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Tue, 26 Sep 2006 19:37:18 +0000 Subject: [PATCH] block if PMA_token is empty --- libraries/common.lib.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/libraries/common.lib.php b/libraries/common.lib.php index c93346376..7b467efa1 100644 --- a/libraries/common.lib.php +++ b/libraries/common.lib.php @@ -2876,7 +2876,7 @@ if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) { * Check whether user supplied token is valid, if not remove any * possibly dangerous stuff from request. */ -if (!isset($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { +if (!isset($_REQUEST['token']) || empty($_SESSION[' PMA_token ']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { /* List of parameters which are allowed from unsafe source */ $allow_list = array( 'db', 'table', 'lang', 'server', 'convcharset', 'collation_connection', 'target',