Elasticsearch 7 driver

.gitignore

@@ -2,3 +2,4 @@
 /adminer*.php
 /editor*.php
 /vendor/
+/composer.lock

.gitmodules

@@ -1,9 +1,3 @@
-[submodule "jush"]
-	path = externals/jush
-	url = git://github.com/vrana/jush
-[submodule "JsShrink"]
-	path = externals/JsShrink
-	url = git://github.com/vrana/JsShrink
 [submodule "designs/hydra"]
 	path = designs/hydra
 	url = https://github.com/Niyko/Hydra-Dark-Theme-for-Adminer

adminer/db.inc.php

@@ -61,7 +61,7 @@
 				echo " <input type='submit' name='search' value='" . lang('Search') . "'>\n";
 				echo "</div></fieldset>\n";
 				if ($_POST["search"] && $_POST["query"] != "") {
-					$_GET["where"][0]["op"] = "LIKE %%";
+					$_GET["where"][0]["op"] = $driver->convertOperator("LIKE %%");
 					search_tables();
 				}
 			}

adminer/drivers/mongo.inc.php

@@ -463,6 +463,8 @@ function fields($table) {
 									"insert" => 1,
 									"select" => 1,
 									"update" => 1,
+									"where" => 1,
+									"order" => 1,
 								),
 							);
 						}

adminer/drivers/mssql.inc.php

@@ -387,7 +387,7 @@ function fields($table) {
 				"null" => $row["is_nullable"],
 				"auto_increment" => $row["is_identity"],
 				"collation" => $row["collation_name"],
-				"privileges" => array("insert" => 1, "select" => 1, "update" => 1),
+				"privileges" => array("insert" => 1, "select" => 1, "update" => 1, "where" => 1, "order" => 1),
 				"primary" => $row["is_identity"], //! or indexes.is_primary_key
 				"comment" => $comments[$row["name"]],
 			);

adminer/drivers/mysql.inc.php

@@ -551,7 +551,7 @@ function fields($table) {
 				"auto_increment" => ($row["Extra"] == "auto_increment"),
 				"on_update" => (preg_match('~^on update (.+)~i', $row["Extra"], $match) ? $match[1] : ""), //! available since MySQL 5.1.23
 				"collation" => $row["Collation"],
-				"privileges" => array_flip(preg_split('~, *~', $row["Privileges"])),
+				"privileges" => array_flip(preg_split('~, *~', $row["Privileges"])) + ["where" => 1, "order" => 1],
 				"comment" => $row["Comment"],
 				"primary" => ($row["Key"] == "PRI"),
 				// https://mariadb.com/kb/en/library/show-columns/, https://github.com/vrana/adminer/pull/359#pullrequestreview-276677186

adminer/drivers/oracle.inc.php

@@ -297,7 +297,7 @@ function fields($table) {
 				"null" => ($row["NULLABLE"] == "Y"),
 				//! "auto_increment" => false,
 				//! "collation" => $row["CHARACTER_SET_NAME"],
-				"privileges" => array("insert" => 1, "select" => 1, "update" => 1),
+				"privileges" => array("insert" => 1, "select" => 1, "update" => 1, "where" => 1, "order" => 1),
 				//! "comment" => $row["Comment"],
 				//! "primary" => ($row["Key"] == "PRI"),
 			);

adminer/drivers/sqlite.inc.php

@@ -321,7 +321,7 @@ function fields($table) {
 				"full_type" => $type,
 				"default" => (preg_match("~'(.*)'~", $default, $match) ? str_replace("''", "'", $match[1]) : ($default == "NULL" ? null : $default)),
 				"null" => !$row["notnull"],
-				"privileges" => array("select" => 1, "insert" => 1, "update" => 1),
+				"privileges" => array("select" => 1, "insert" => 1, "update" => 1, "where" => 1, "order" => 1),
 				"primary" => $row["pk"],
 			);
 			if ($row["pk"]) {

adminer/elastic.php

@@ -0,0 +1,13 @@
+<?php
+function adminer_object() {
+	include_once "../plugins/plugin.php";
+	include_once "../plugins/login-password-less.php";
+	include_once "../plugins/drivers/elastic.php";
+	include_once "../plugins/drivers/elastic5.php";
+	return new AdminerPlugin([
+		// TODO: inline the result of password_hash() so that the password is not visible in source codes
+		new AdminerLoginPasswordLess(password_hash("YOUR_PASSWORD_HERE", PASSWORD_DEFAULT)),
+	]);
+}
+
+include "./index.php";

adminer/file.inc.php

@@ -6,13 +6,13 @@
 	echo lzw_decompress(compile_file('../adminer/static/favicon.ico', 'lzw_compress'));
 } elseif ($_GET["file"] == "default.css") {
 	header("Content-Type: text/css; charset=utf-8");
-	echo lzw_decompress(compile_file('../adminer/static/default.css;../externals/jush/jush.css', 'minify_css'));
+	echo lzw_decompress(compile_file('../adminer/static/default.css;../vendor/vrana/jush/jush.css', 'minify_css'));
 } elseif ($_GET["file"] == "functions.js") {
 	header("Content-Type: text/javascript; charset=utf-8");
 	echo lzw_decompress(compile_file('../adminer/static/functions.js;static/editing.js', 'minify_js'));
 } elseif ($_GET["file"] == "jush.js") {
 	header("Content-Type: text/javascript; charset=utf-8");
-	echo lzw_decompress(compile_file('../externals/jush/modules/jush.js;../externals/jush/modules/jush-textarea.js;../externals/jush/modules/jush-txt.js;../externals/jush/modules/jush-js.js;../externals/jush/modules/jush-sql.js;../externals/jush/modules/jush-pgsql.js;../externals/jush/modules/jush-sqlite.js;../externals/jush/modules/jush-mssql.js;../externals/jush/modules/jush-oracle.js;../externals/jush/modules/jush-simpledb.js', 'minify_js'));
+	echo lzw_decompress(compile_file('../vendor/vrana/jush/modules/jush.js;../vendor/vrana/jush/modules/jush-textarea.js;../vendor/vrana/jush/modules/jush-txt.js;../vendor/vrana/jush/modules/jush-js.js;../vendor/vrana/jush/modules/jush-sql.js;../vendor/vrana/jush/modules/jush-pgsql.js;../vendor/vrana/jush/modules/jush-sqlite.js;../vendor/vrana/jush/modules/jush-mssql.js;../vendor/vrana/jush/modules/jush-oracle.js;../vendor/vrana/jush/modules/jush-simpledb.js', 'minify_js'));
 } else {
 	header("Content-Type: image/gif");
 	switch ($_GET["file"]) {

adminer/include/adminer.inc.php

@@ -561,7 +561,8 @@ function selectSearchProcess($fields, $indexes) {
 					// find anywhere
 					$cols = array();
 					foreach ($fields as $name => $field) {
-						if ((preg_match('~^[-\d.' . (preg_match('~IN$~', $val["op"]) ? ',' : '') . ']+$~', $val["val"]) || !preg_match('~' . number_type() . '|bit~', $field["type"]))
+						if (isset($field["privileges"]["where"])
+                            && (preg_match('~^[-\d.' . (preg_match('~IN$~', $val["op"]) ? ',' : '') . ']+$~', $val["val"]) || !preg_match('~' . number_type() . '|bit~', $field["type"]))
 							&& (!preg_match("~[\x80-\xFF]~", $val["val"]) || preg_match('~char|text|enum|set~', $field["type"]))
 							&& (!preg_match('~date|timestamp~', $field["type"]) || preg_match('~^\d+-\d+-\d+~', $val["val"]))
 						) {

adminer/include/auth.inc.php

@@ -15,6 +15,58 @@
 	}
 }
 
+function validate_server_input() {
+	if (SERVER == "") {
+		return;
+	}
+
+	$parts = parse_url(SERVER);
+	if (!$parts) {
+		auth_error(lang('Invalid server or credentials.'));
+	}
+
+	// Check proper URL parts.
+	if (isset($parts['user']) || isset($parts['pass']) || isset($parts['query']) || isset($parts['fragment'])) {
+		auth_error(lang('Invalid server or credentials.'));
+	}
+
+	// Allow only HTTP/S scheme.
+	if (isset($parts['scheme']) && !preg_match('~^(https?)$~i', $parts['scheme'])) {
+		auth_error(lang('Invalid server or credentials.'));
+	}
+
+	// Allow only host without a path. Note that "localhost" is parsed as path.
+	$host = (isset($parts['host']) ? $parts['host'] : '') . (isset($parts['path']) ? $parts['path'] : '');
+	if (strpos(rtrim($host, '/'), '/') !== false) {
+		auth_error(lang('Invalid server or credentials.'));
+	}
+
+	// Check privileged ports.
+	if (isset($parts['port']) && ($parts['port'] < 1024 || $parts['port'] > 65535)) {
+		auth_error(lang('Connecting to privileged ports is not allowed.'));
+	}
+}
+
+/**
+ * @param string $server
+ * @param string $username
+ * @param string $password
+ * @param string $defaultServer
+ * @param int|null $defaultPort
+ * @return string
+ */
+function build_http_url($server, $username, $password, $defaultServer, $defaultPort = null) {
+	if (!preg_match('~^(https?://)?([^:]*)(:\d+)?$~', rtrim($server, '/'), $matches)) {
+		$this->error = lang('Invalid server or credentials.');
+		return false;
+	}
+
+	return ($matches[1] ?: "http://") .
+		($username !== "" || $password !== "" ? "$username:$password@" : "") .
+		($matches[2] !== "" ? $matches[2] : $defaultServer) .
+		(isset($matches[3]) ? $matches[3] : ($defaultPort ? ":$defaultPort" : ""));
+}
+
 function add_invalid_login() {
 	global $adminer;
 	$fp = file_open_lock(get_temp_dir() . "/adminer.invalid");
@@ -52,7 +104,7 @@ function check_invalid_login() {
 if ($auth) {
 	session_regenerate_id(); // defense against session fixation
 	$vendor = $auth["driver"];
-	$server = $auth["server"];
+	$server = trim($auth["server"]);
 	$username = $auth["username"];
 	$password = (string) $auth["password"];
 	$db = $auth["db"];
@@ -72,14 +124,14 @@ function check_invalid_login() {
 	) {
 		redirect(auth_url($vendor, $server, $username, $db));
 	}
-	
+
 } elseif ($_POST["logout"] && (!$has_token || verify_token())) {
 	foreach (array("pwds", "db", "dbs", "queries") as $key) {
 		set_session($key, null);
 	}
 	unset_permanent();
 	redirect(substr(preg_replace('~\b(username|db|ns)=[^&]*&~', '', ME), 0, -1), lang('Logout successful.') . ' ' . lang('Thanks for using Adminer, consider <a href="https://www.adminer.org/en/donation/">donating</a>.'));
-	
+
 } elseif ($permanent && !$_SESSION["pwds"]) {
 	session_regenerate_id();
 	$private = $adminer->permanentLogin();
@@ -155,18 +207,16 @@ function auth_error($error) {
 stop_session(true);
 
 if (isset($_GET["username"]) && is_string(get_password())) {
-	list($host, $port) = explode(":", SERVER, 2);
-	if (preg_match('~^\s*([-+]?\d+)~', $port, $match) && ($match[1] < 1024 || $match[1] > 65535)) { // is_numeric('80#') would still connect to port 80
-		auth_error(lang('Connecting to privileged ports is not allowed.'));
-	}
+	validate_server_input();
 	check_invalid_login();
+
 	$connection = connect();
 	$driver = new Min_Driver($connection);
 }
 
 $login = null;
 if (!is_object($connection) || ($login = $adminer->login($_GET["username"], get_password())) !== true) {
-	$error = (is_string($connection) ? h($connection) : (is_string($login) ? $login : lang('Invalid credentials.')));
+	$error = (is_string($connection) ? h($connection) : (is_string($login) ? $login : lang('Invalid server or credentials.')));
 	auth_error($error . (preg_match('~^ | $~', get_password()) ? '<br>' . lang('There is a space in the input password which might be the cause.') : ''));
 }
 
@@ -199,7 +249,7 @@ function auth_error($error) {
 			: lang('Invalid CSRF token. Send the form again.') . ' ' . lang('If you did not send this request from Adminer then close this page.')
 		);
 	}
-	
+
 } elseif ($_SERVER["REQUEST_METHOD"] == "POST") {
 	// posted form with no data means that post_max_size exceeded because Adminer always sends token at least
 	$error = lang('Too big POST data. Reduce the data or increase the %s configuration directive.', "'post_max_size'");

adminer/include/bootstrap.inc.php

@@ -81,7 +81,6 @@ function adminer_errors($errno, $errstr) {
 include "../adminer/drivers/oracle.inc.php";
 include "../adminer/drivers/mssql.inc.php";
 include "../adminer/drivers/mongo.inc.php";
-include "../adminer/drivers/elastic.inc.php";
 include "./include/adminer.inc.php";
 $adminer = (function_exists('adminer_object') ? adminer_object() : new Adminer);
 include "../adminer/drivers/mysql.inc.php"; // must be included as last driver

adminer/include/driver.inc.php

@@ -142,6 +142,14 @@ function convertSearch($idf, $val, $field) {
 		return $idf;
 	}
 
+	/** Convert operator so it can be used in search
+	 * @param string $operator
+	 * @return string
+	 */
+	function convertOperator($operator) {
+		return $operator;
+	}
+
 	/** Convert value returned by database to actual value
 	* @param string
 	* @param array

adminer/include/functions.inc.php

@@ -1077,7 +1077,7 @@ function fields_from_edit() {
 		$name = bracket_escape($key, 1); // 1 - back
 		$return[$name] = array(
 			"field" => $name,
-			"privileges" => array("insert" => 1, "update" => 1),
+			"privileges" => array("insert" => 1, "update" => 1, "where" => 1, "order" => 1),
 			"null" => 1,
 			"auto_increment" => ($key == $driver->primary),
 		);

adminer/include/lang.inc.php

@@ -5,7 +5,7 @@
 	'en' => 'English', // Jakub Vrána - https://www.vrana.cz
 	'ar' => 'العربية', // Y.M Amine - Algeria - [email protected]
 	'bg' => 'Български', // Deyan Delchev
-	'bn' => 'বাংলা', // Dipak Kumar - [email protected]
+	'bn' => 'বাংলা', // Dipak Kumar - [email protected] | Hossain Ahmed Saiman - [email protected]
 	'bs' => 'Bosanski', // Emir Kurtovic
 	'ca' => 'Català', // Joan Llosas
 	'cs' => 'Čeština', // Jakub Vrána - https://www.vrana.cz
@@ -25,7 +25,8 @@
 	'ja' => '日本語', // Hitoshi Ozawa - http://sourceforge.jp/projects/oss-ja-jpn/releases/
 	'ka' => 'ქართული', // Saba Khmaladze [email protected]
 	'ko' => '한국어', // dalli - [email protected]
-	'lt' => 'Lietuvių', // Paulius Leščinskas - http://www.lescinskas.lt
+    'lv' => 'Latviešu', // Kristaps Lediņš - https://krysits.com
+    'lt' => 'Lietuvių', // Paulius Leščinskas - http://www.lescinskas.lt
 	'ms' => 'Bahasa Melayu', // Pisyek
 	'nl' => 'Nederlands', // Maarten Balliauw - http://blog.maartenballiauw.be
 	'no' => 'Norsk', // Iver Odin Kvello, mupublishing.com

adminer/include/version.inc.php

@@ -1,2 +1,2 @@
 <?php
-$VERSION = "4.8.2-dev";
+$VERSION = "4.9-dev";

adminer/lang/ar.inc.php

@@ -2,7 +2,7 @@
 $translations = array(
 	'Login' => 'تسجيل الدخول',
 	'Logout successful.' => 'تم تسجيل الخروج بنجاح.',
-	'Invalid credentials.' => 'بيانات الدخول غير صالحة.',
+	'Invalid server or credentials.' => null,
 	'Server' => 'الخادم',
 	'Username' => 'اسم المستخدم',
 	'Password' => 'كلمة المرور',
@@ -264,4 +264,42 @@
 	'Permanent link' => 'رابط دائم',
 	'Edit all' => 'تعديل الكل',
 	'HH:MM:SS' => 'HH:MM:SS',
+
+	'Drop %s?' => null,
+	'Tables have been optimized.' => null,
+	'Materialized view' => null,
+	'Vacuum' => null,
+	'Selected' => null,
+	'overwrite' => null,
+	'DB' => null,
+	'Ctrl+click on a value to modify it.' => null,
+	'File must be in UTF-8 encoding.' => null,
+	'Modify' => null,
+	'Load more data' => null,
+	'Loading' => null,
+	'ATTACH queries are not supported.' => null,
+	'Warnings' => null,
+	'%d / ' => array(),
+	'Limit rows' => null,
+	'Adminer does not support accessing a database without a password, <a href="https://www.adminer.org/en/password/"%s>more information</a>.' => null,
+	'Default value' => null,
+	'Full table scan' => null,
+	'Too many unsuccessful logins, try again in %d minute(s).' => array(),
+	'Thanks for using Adminer, consider <a href="https://www.adminer.org/en/donation/">donating</a>.' => null,
+	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => null,
+	'The action will be performed after successful login with the same credentials.' => null,
+	'Connecting to privileged ports is not allowed.' => null,
+	'There is a space in the input password which might be the cause.' => null,
+	'If you did not send this request from Adminer then close this page.' => null,
+	'You can upload a big SQL file via FTP and import it from server.' => null,
+	'Size' => null,
+	'Compute' => null,
+	'You are offline.' => null,
+	'You have no privileges to update this table.' => null,
+	'Saving' => null,
+	'Unknown error.' => null,
+	'Database does not support password.' => null,
+	'Disable %s or enable %s or %s extensions.' => null,
+	'yes' => null,
+	'no' => null,
 );

adminer/lang/bg.inc.php

@@ -10,7 +10,7 @@
 	'Logout' => 'Изход',
 	'Logged as: %s' => 'Текущ потребител: %s',
 	'Logout successful.' => 'Излизането е успешно.',
-	'Invalid credentials.' => 'Невалидни потребителски данни.',
+	'Invalid server or credentials.' => null,
 	'Too many unsuccessful logins, try again in %d minute(s).' => array('Прекалено много неуспешни опити за вход, опитайте пак след %d минута.', 'Прекалено много неуспешни опити за вход, опитайте пак след %d минути.'),
 	'Master password expired. <a href="https://www.adminer.org/en/extension/"%s>Implement</a> %s method to make it permanent.' => 'Главната парола вече е невалидна. <a href="https://www.adminer.org/en/extension/"%s>Изберете</a> %s метод, за да я направите постоянна.',
 	'Language' => 'Език',
@@ -333,4 +333,18 @@
 	'Type has been dropped.' => 'Вида беше пермахнат.',
 	'Type has been created.' => 'Вида беше създаден.',
 	'Alter type' => 'Промяна на вид',
+
+	'Drop %s?' => null,
+	'overwrite' => null,
+	'DB' => null,
+	'ATTACH queries are not supported.' => null,
+	'Warnings' => null,
+	'Adminer does not support accessing a database without a password, <a href="https://www.adminer.org/en/password/"%s>more information</a>.' => null,
+	'Thanks for using Adminer, consider <a href="https://www.adminer.org/en/donation/">donating</a>.' => null,
+	'The action will be performed after successful login with the same credentials.' => null,
+	'Connecting to privileged ports is not allowed.' => null,
+	'There is a space in the input password which might be the cause.' => null,
+	'Unknown error.' => null,
+	'Database does not support password.' => null,
+	'Disable %s or enable %s or %s extensions.' => null,
 );