diff options
Diffstat (limited to 'databases/adminer/files')
| -rw-r--r-- | databases/adminer/files/adminer-plugins-example.php | 20 | ||||
| -rw-r--r-- | databases/adminer/files/makephar.php | 122 | ||||
| -rw-r--r-- | databases/adminer/files/patch-adminer_include_functions.inc.php | 11 | ||||
| -rw-r--r-- | databases/adminer/files/patch-adminer_include_xxtea.inc.php | 70 | ||||
| -rw-r--r-- | databases/adminer/files/pkg-message.in | 8 |
5 files changed, 223 insertions, 8 deletions
diff --git a/databases/adminer/files/adminer-plugins-example.php b/databases/adminer/files/adminer-plugins-example.php new file mode 100644 index 000000000000..61400c6dc82b --- /dev/null +++ b/databases/adminer/files/adminer-plugins-example.php @@ -0,0 +1,20 @@ +<?php +/** + * List of all included plugins can be found at the + * beginning of index.php + */ +return [ + new AdminerDarkSwitcher, + + new AdminerPrettyJsonColumn, + + new AdminerDumpJson, + + new AdminerDumpXml, + + // install zip extension to use this + new AdminerDumpZip, + + // install bz2 extension to use this + new AdminerDumpBz2, +]; diff --git a/databases/adminer/files/makephar.php b/databases/adminer/files/makephar.php new file mode 100644 index 000000000000..b8fdadf1dfbc --- /dev/null +++ b/databases/adminer/files/makephar.php @@ -0,0 +1,122 @@ +<?php +/*********************************************************** + * + * Merges adminer.php and it's plugins to a phar archive + * + ***********************************************************/ + +$phar = new Phar( + $tmpFile = __DIR__ . '/adminer_' . bin2hex(random_bytes(8)) . '.phar', + 0, + 'adminer.phar' +); + +$stub = <<<STUB +<?php +/****************************************************************************** + * + * Adminer plugins are now included in this + * FreeBSD ports edition, no need to download + * them separately. + * https://www.adminer.org/en/plugins/ + * + * copyright Paavo-Einari Kaipila (FreeBSD ports edition) + * copyright Jakub Vrana (Adminer) + * copyright MirLach (ForcedServer plugin) + * copyright Pematon (Collations, JsonPreview, LoginServers and SimpleMenu plugins) + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + ******************************************************************************/ +if (file_exists(\$adminerObjectFile = __DIR__ . '/adminer-object.php')) +{ + require \$adminerObjectFile; +} +Phar::mapPhar('adminer.phar'); +define('ADMINER_PLUGIN_CLASSMAP', json_decode('%s', true)); +require 'phar://adminer.phar/autoload.php'; +__HALT_COMPILER(); +STUB; + +$classMap = []; +$plugins = []; + +foreach(new DirectoryIterator(__DIR__ . '/plugins') as $file) +{ + if ($file->isFile()) + { + $contents = php_strip_whitespace($file->getRealPath()); + $fileName = $file->getFileName(); + $pharFile = 'adminer-plugins/' . $fileName; + + if ( + /** + * Skip affected plugin + * https://nvd.nist.gov/vuln/detail/CVE-2023-45197 + */ + $fileName !== 'file-upload.php' + /** + * Adminer editor's plugins are only relevant + * in Adminer editor. + */ + && !str_starts_with($fileName, 'editor') + && preg_match('/class\s(A[a-zA-Z0-9]+)\s(extends\sAdminer|\{)/', $contents, $m) + ) { + $plugins[$pharFile] = $contents; + $classMap[$m[1]] = $file->getFileName(); + } + } +} + +ksort($classMap); + +$phar->setStub( + sprintf( + $stub, + json_encode($classMap, JSON_UNESCAPED_SLASHES | JSON_PRETTY_PRINT) + ) +); + +$autoLoader = <<<LOADER +<?php +spl_autoload_register(function(\$class) +{ + if (isset(ADMINER_PLUGIN_CLASSMAP[\$class])) + { + require __DIR__ . '/adminer-plugins/' . ADMINER_PLUGIN_CLASSMAP[\$class]; + return true; + } +}); +require __DIR__ . '/adminer.php'; +LOADER; + +$phar->addFromString( + 'autoload.php', + $autoLoader +); + +foreach($plugins as $file => $contents) +{ + $phar->addFromString( + $file, + $contents + ); +} +$phar->compressFiles(Phar::GZ); + +$phar->addFromString( + 'adminer.php', + php_strip_whitespace(__DIR__ . '/adminer.php'), +); + +rename($tmpFile, __DIR__ . '/index.php'); diff --git a/databases/adminer/files/patch-adminer_include_functions.inc.php b/databases/adminer/files/patch-adminer_include_functions.inc.php new file mode 100644 index 000000000000..fa627837460a --- /dev/null +++ b/databases/adminer/files/patch-adminer_include_functions.inc.php @@ -0,0 +1,11 @@ +--- adminer/include/functions.inc.php.orig 2025-10-19 12:05 UTC ++++ adminer/include/functions.inc.php +@@ -761,7 +761,7 @@ + * @return string 32 hexadecimal characters + */ + function rand_string(): string { +- return md5(uniqid(strval(mt_rand()), true)); ++ return bin2hex(random_bytes(32)); + } + + /** Format value to use in select diff --git a/databases/adminer/files/patch-adminer_include_xxtea.inc.php b/databases/adminer/files/patch-adminer_include_xxtea.inc.php new file mode 100644 index 000000000000..86b20cb3ea7f --- /dev/null +++ b/databases/adminer/files/patch-adminer_include_xxtea.inc.php @@ -0,0 +1,70 @@ +--- adminer/include/xxtea.inc.php.orig 2025-11-14 10:44:16 UTC ++++ adminer/include/xxtea.inc.php +@@ -45,6 +45,11 @@ + return int32((($z >> 5 & 0x7FFFFFF) ^ $y << 2) + (($y >> 3 & 0x1FFFFFFF) ^ $z << 4)) ^ int32(($sum ^ $y) + ($k ^ $z)); + } + ++const AES256_NAME = 'aes-256-gcm'; ++const AES256_KEY_BYTES = 32; ++const AES256_NONCE_BYTES = 12; ++const AES256_TAG_BYTES = 16; ++ + /** Cipher + * @param string $str plain-text password + * @return string binary cipher +@@ -53,6 +58,20 @@ + if ($str == "") { + return ""; + } ++ $key = hash_hkdf('sha256', $key, AES256_KEY_BYTES, AES256_NAME); ++ $nonce = random_bytes(AES256_NONCE_BYTES); ++ $cipherText = openssl_encrypt( ++ $str, ++ AES256_NAME, ++ $key, ++ OPENSSL_RAW_DATA, ++ $nonce, ++ $tag, ++ '', ++ AES256_TAG_BYTES ++ ); ++ return $nonce . $tag . $cipherText; ++/* + $key = array_values(unpack("V*", pack("H*", md5($key)))); + $v = str2long($str, true); + $n = count($v) - 1; +@@ -75,6 +94,7 @@ + $v[$n] = $z; + } + return long2str($v, false); ++*/ + } + + /** Decipher +@@ -88,6 +108,20 @@ + if (!$key) { + return false; + } ++ $key = hash_hkdf('sha256', $key, AES256_KEY_BYTES, AES256_NAME); ++ $nonce = substr($str, 0, AES256_NONCE_BYTES); ++ $tag = substr($str, AES256_NONCE_BYTES, AES256_TAG_BYTES); ++ $cipherText = substr($str, AES256_NONCE_BYTES + AES256_TAG_BYTES); ++ return openssl_decrypt( ++ $cipherText, ++ AES256_NAME, ++ $key, ++ OPENSSL_RAW_DATA, ++ $nonce, ++ $tag, ++ '' ++ ); ++/* + $key = array_values(unpack("V*", pack("H*", md5($key)))); + $v = str2long($str, false); + $n = count($v) - 1; +@@ -110,4 +144,5 @@ + $sum = int32($sum - 0x9E3779B9); + } + return long2str($v, true); ++*/ + } diff --git a/databases/adminer/files/pkg-message.in b/databases/adminer/files/pkg-message.in deleted file mode 100644 index 64a90680749d..000000000000 --- a/databases/adminer/files/pkg-message.in +++ /dev/null @@ -1,8 +0,0 @@ -[ -{ type: install - message: <<EOM -You should install the database extension(s) what you want to use: -php%%PHPVER%%-mysqli, php%%PHPVER%%-mssql, php%%PHPVER%%-odbc, php%%PHPVER%%-pgsql or php%%PHPVER%%-pdo_sqlite. -EOM -} -] |