databases/adminer: Fix CVE-2023-45197, CVE-2023-45196, CVE-2023-45195

Remove affected plugin.

PR:		289262
Security:	CVE-2023-45197
Security:	CVE-2023-45196
Security:	CVE-2023-45195
MFH:		2025Q3

4 files changed, 43 insertions, 6 deletions

diff --git a/databases/adminer/Makefile b/databases/adminer/Makefile
index b8372b3a5209..8b637dc367a2 100644
--- a/databases/adminer/Makefile
+++ b/databases/adminer/Makefile
@@ -1,6 +1,6 @@
 PORTNAME=	adminer
 DISTVERSION=	5.3.0
-PORTREVISION=	1
+PORTREVISION=	2
 CATEGORIES=	databases www
 MASTER_SITES=	https://github.com/vrana/${PORTNAME}/releases/download/v${DISTVERSION}/
 PKGNAMEPREFIX=	${PHP_PKGNAMEPREFIX}
@@ -8,7 +8,7 @@ DISTFILES=	${PORTNAME}-${DISTVERSION}.php ${PORTNAME}-${DISTVERSION}.zip
 EXTRACT_ONLY=	${PORTNAME}-${DISTVERSION}.zip
 
 MAINTAINER=	pkaipila@gmail.com
-COMMENT=	Full-featured database management tool written in PHP
+COMMENT=	Full-featured database management tool in a single PHP file
 WWW=		https://www.adminer.org
 
 LICENSE=	APACHE20
@@ -40,5 +40,6 @@ do-build:
 do-install:
 	${MKDIR} ${STAGEDIR}${WWWDIR}
 	${INSTALL_DATA} ${WRKSRC}/index.php ${STAGEDIR}${WWWDIR}
+	${INSTALL_DATA} ${FILESDIR}/adminer-plugins-example.php ${STAGEDIR}${WWWDIR}
 
 .include <bsd.port.mk>
diff --git a/databases/adminer/files/adminer-plugins-example.php b/databases/adminer/files/adminer-plugins-example.php
new file mode 100644
index 000000000000..61400c6dc82b
--- /dev/null
+++ b/databases/adminer/files/adminer-plugins-example.php
@@ -0,0 +1,20 @@
+<?php
+/**
+ * List of all included plugins can be found at the
+ * beginning of index.php
+ */
+return [
+        new AdminerDarkSwitcher,
+
+        new AdminerPrettyJsonColumn,
+
+        new AdminerDumpJson,
+
+        new AdminerDumpXml,
+
+        // install zip extension to use this
+        new AdminerDumpZip,
+
+        // install bz2 extension to use this
+        new AdminerDumpBz2,
+];
diff --git a/databases/adminer/files/makephar.php b/databases/adminer/files/makephar.php
index 4e463e7fdc4e..ad54a3cfe4cb 100644
--- a/databases/adminer/files/makephar.php
+++ b/databases/adminer/files/makephar.php
@@ -54,15 +54,30 @@ foreach(new DirectoryIterator(__DIR__ . '/plugins') as $file)
     if ($file->isFile())
     {
         $contents = php_strip_whitespace($file->getRealPath());
-        $pharFile = 'adminer-plugins/' . $file->getFileName();
-        $plugins[$pharFile] = $contents;
-        if (preg_match('/class\s(A[a-zA-Z]+)\sextends\sAdminer/', $contents, $m))
-        {
+        $fileName = $file->getFileName();
+        $pharFile = 'adminer-plugins/' . $fileName;
+
+        if (
+            /**
+             * Skip affected plugin
+             * https://nvd.nist.gov/vuln/detail/CVE-2023-45197
+             */
+            $fileName !== 'file-upload.php'
+            /**
+             * Adminer editor's plugins are only relevant
+             * in Adminer editor.
+             */
+            && !str_starts_with($fileName, 'editor')
+            && preg_match('/class\s(A[a-zA-Z0-9]+)\sextends\sAdminer/', $contents, $m)
+        ) {
+            $plugins[$pharFile] = $contents;
             $classMap[$m[1]] = $file->getFileName();
         }
     }
 }
 
+ksort($classMap);
+
 $phar->setStub(
     sprintf(
         $stub,
diff --git a/databases/adminer/pkg-plist b/databases/adminer/pkg-plist
index 25f47247234c..49cd2d84519e 100644
--- a/databases/adminer/pkg-plist
+++ b/databases/adminer/pkg-plist
@@ -2,3 +2,4 @@
 @group %%WWWGRP%%
 @mode 0644
 %%WWWDIR%%/index.php
+%%WWWDIR%%/adminer-plugins-example.php