From 35bfaa7506eab0e9425862102af0316f573f895f Mon Sep 17 00:00:00 2001 From: Jakub Vrana Date: Sun, 6 Dec 2020 13:12:58 +0100 Subject: [PATCH] Improve check for numeric ports (bug #769) --- adminer/include/auth.inc.php | 2 +- changes.txt | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php index 1051186ff..964f1d907 100644 --- a/adminer/include/auth.inc.php +++ b/adminer/include/auth.inc.php @@ -162,7 +162,7 @@ function auth_error($error) { if (isset($_GET["username"]) && is_string(get_password())) { list($host, $port) = explode(":", SERVER, 2); - if (is_numeric($port) && ($port < 1024 || $port > 65535)) { + if (+$port && ($port < 1024 || $port > 65535)) { auth_error(lang('Connecting to privileged ports is not allowed.')); } check_invalid_login(); diff --git a/changes.txt b/changes.txt index 11ddd26a8..a8dd5798d 100644 --- a/changes.txt +++ b/changes.txt @@ -1,5 +1,6 @@ Adminer 4.7.8-dev: Support PHP 8 +Disallow connecting to privileged ports (bug #769) Adminer 4.7.7 (released 2020-05-11): Fix open redirect if Adminer is accessible at //adminer.php%2F@