nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

XSS with IE <= 8.x (semicolon and attachment headers

Browse Source
This commit is contained in:
Marc Delisle
2011-08-06 15:05:59 -04:00
parent 39edf6e1fb
commit 0f5f2d9601
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
tbl_tracking.php
View File

@@ -111,7 +111,7 @@ if (isset($_REQUEST['report_export']) && $_REQUEST['export_type'] == 'sqldumpfil
foreach($entries as $entry) { foreach($entries as $entry) {
$dump .= $entry['statement']; $dump .= $entry['statement'];
} }
$filename = 'log_' . htmlspecialchars($_REQUEST['table']) . '.sql'; $filename = 'log_' . str_replace(';', '', htmlspecialchars($_REQUEST['table'])) . '.sql';
header('Content-Type: text/x-sql'); header('Content-Type: text/x-sql');
header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Content-Disposition: attachment; filename="' . $filename . '"'); header('Content-Disposition: attachment; filename="' . $filename . '"');