nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

disallow accessing serious server files via "?goto=".

Browse Source
This commit is contained in:
Alexander M. Turek
2002-08-12 08:43:45 +00:00
parent 82f307edf3
commit 1184150fd9
2 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -8,6 +8,8 @@ $Source$
2002-08-12 Alexander M. Turek <rabus@users.sourceforge.net> 2002-08-12 Alexander M. Turek <rabus@users.sourceforge.net>
* libraries/defines_php.lib.php3, Documentation.*, translators.html: * libraries/defines_php.lib.php3, Documentation.*, translators.html:
corrected version number. corrected version number.
* libraries/grab_globals.lib.php3: disallow accessing serious server files
via "?goto=".
2002-08-11 Robin Johnson <robbat2@users.sourceforge.net> 2002-08-11 Robin Johnson <robbat2@users.sourceforge.net>
### 2.3.0 is released ### ### 2.3.0 is released ###

7
libraries/grab_globals.lib.php3
View File

@@ -40,5 +40,10 @@ if (!defined('PMA_GRAB_GLOBALS_INCLUDED')) {
$PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF']; $PHP_SELF = $HTTP_SERVER_VARS['PHP_SELF'];
} // end if } // end if
// Securety fix: disallow accessing serious server files via "?goto="
if (isset($goto) && strpos(' ' . $goto, '/') > 0 && substr($goto, 0, 2) != './') {
unset($goto);
} // end if
} // $__PMA_GRAB_GLOBALS_LIB__ } // $__PMA_GRAB_GLOBALS_LIB__
?> ?>