nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

'../' is no good for us.

Browse Source
This commit is contained in:
Garvin Hicking
2003-03-11 19:24:48 +00:00
parent 667259f19b
commit 127b2a4577
2 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -12,8 +12,7 @@ $Source$
a subdirectory of phpMyAdmin ('docSQL' proposed) OR upload each a subdirectory of phpMyAdmin ('docSQL' proposed) OR upload each
file on its own via File Upload (if $is_upload is true). file on its own via File Upload (if $is_upload is true).
Filenames not matching the converter will no more printed out to Filenames not matching the converter will no more printed out to
maintain security. maintain security. Permits input of '../'.
* transformation_wrapper.php3 - Remove $err_url, because if a query * transformation_wrapper.php3 - Remove $err_url, because if a query
fails here, the user won't get to see the error string anyways. fails here, the user won't get to see the error string anyways.
Can happen if you want to display a blob without having an index Can happen if you want to display a blob without having an index

2
db_details_importdocsql.php3
View File

@@ -206,7 +206,7 @@ if (isset($do) && $do == 'import') {
} else { } else {
// echo '<h1>Starting Import</h1>'; // echo '<h1>Starting Import</h1>';
$docpath = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . $docpath; $docpath = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . str_replace('../', './', $docpath);
if (substr($docpath, strlen($docpath) - 2, 1) != '/') { if (substr($docpath, strlen($docpath) - 2, 1) != '/') {
$docpath = $docpath . '/'; $docpath = $docpath . '/';
} }