From 4656e023f9691ce50dbeb9f10b11991dc05ede83 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Wed, 21 Aug 2002 13:45:44 +0000
Subject: [PATCH] Loic: coding standards, optimization

---
 db_details.php3 | 21 ++++++++++++---------
 read_dump.php3  | 16 +++++++++++-----
 2 files changed, 23 insertions(+), 14 deletions(-)

diff --git a/db_details.php3 b/db_details.php3
index bc4e11d56..b277cb47d 100755
--- a/db_details.php3
+++ b/db_details.php3
@@ -8,6 +8,7 @@
 require('./db_details_common.php3');
 $url_query .= '&amp;goto=db_details.php3';
 
+
 /**
  * Database work
  */
@@ -108,21 +109,23 @@ echo "\n";
 // (TODO: display the charset selection, even if is_upload == FALSE)
 
 if ($cfg['UploadDir'] !='' && $handle = opendir($cfg['UploadDir'])) {
-    $isfirst=0;
+    $is_first = 0;
     while ($file = @readdir($handle)) {
-        if(is_file($cfg['UploadDir'] . $file)) {
-            if ($isfirst==0) {
-                echo "\n".'    <i>' . $strOr . '</i> ' . $strWebServerUploadDirectory . '&nbsp;:<br />' . "\n";
+        if (is_file($cfg['UploadDir'] . $file)) {
+            if ($is_first == 0) {
+                echo "\n";
+                echo '    <i>' . $strOr . '</i> ' . $strWebServerUploadDirectory . '&nbsp;:<br />' . "\n";
                 echo '    <div style="margin-bottom: 5px">' . "\n";
                 echo '        <select size="1" name="sql_localfile">' . "\n";
                 echo '            <option value="" selected></option>' . "\n";
-            } // end if (isfirst)
-            echo '            <option value="'.$file.'">'.$file.'</option>' . "\n";
-            $isfirst++;
+            } // end if (is_first)
+            echo '            <option value="' . htmlspecialchars($file) . '">' . htmlspecialchars($file) . '</option>' . "\n";
+            $is_first++;
         } // end if (is_file)
     } // end while
-    if ($isfirst>0) {
-        echo "        </select>\n    </div>\n\n";
+    if ($is_first > 0) {
+        echo '        </select>' . "\n"
+             . '    </div>' . "\n\n";
     } // end if (isfirst > 0)
     @closedir($handle);
 } // end if (web-server upload directory)
diff --git a/read_dump.php3 b/read_dump.php3
index 76f1e9d5b..8a017705f 100644
--- a/read_dump.php3
+++ b/read_dump.php3
@@ -199,8 +199,11 @@ $err_url  = $goto
 $view_bookmark = 0;
 $sql_bookmark  = isset($sql_bookmark) ? $sql_bookmark : '';
 $sql_query     = isset($sql_query)    ? $sql_query    : '';
-$sql_file      = (!empty($sql_localfile) && $cfg['UploadDir']!='')  ? $cfg['UploadDir'].$sql_localfile : $sql_file;
-$sql_file      = !empty($sql_file)    ? $sql_file     : 'none';
+if (!empty($sql_localfile) && $cfg['UploadDir'] != '') {
+    $sql_file  = $cfg['UploadDir'] . $sql_localfile;
+} else if (empty($sql_file)) {
+    $sql_file  = 'none';
+}
 
 
 /**
@@ -208,7 +211,7 @@ $sql_file      = !empty($sql_file)    ? $sql_file     : 'none';
  */
 if (!empty($id_bookmark)) {
     include('./libraries/bookmark.lib.php3');
-    switch($action_bookmark) {
+    switch ($action_bookmark) {
         case 0: // bookmarked query that have to be run
             $sql_query = PMA_queryBookmarks($db, $cfg['Bookmark'], $id_bookmark);
             break;
@@ -228,8 +231,11 @@ if (!empty($id_bookmark)) {
  */
 // Gets the query from a file if required
 if ($sql_file != 'none') {
-    if ((file_exists($sql_file) && is_uploaded_file($sql_file)) 
-       || file_exists($cfg['UploadDir'].$sql_localfile)) { 
+// loic1 : fixed a security issue
+//    if ((file_exists($sql_file) && is_uploaded_file($sql_file))
+//        || file_exists($cfg['UploadDir'] . $sql_localfile)) {
+    if (file_exists($sql_file)
+        && (($sql_file == $cfg['UploadDir'] . $sql_localfile) || is_uploaded_file($sql_file))) {
         $open_basedir     = '';
         if (PMA_PHP_INT_VERSION >= 40000) {
             $open_basedir = @ini_get('open_basedir');