nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Loic: coding standards, optimization

Browse Source
This commit is contained in:
Marc Delisle
2002-08-21 13:45:44 +00:00
parent a06a9eda0e
commit 4656e023f9
2 changed files with 23 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
db_details.php3
View File

@@ -8,6 +8,7 @@
require('./db_details_common.php3'); require('./db_details_common.php3');
$url_query .= '&goto=db_details.php3'; $url_query .= '&goto=db_details.php3';
/** /**
* Database work * Database work
*/ */
@@ -108,21 +109,23 @@ echo "\n";
// (TODO: display the charset selection, even if is_upload == FALSE) // (TODO: display the charset selection, even if is_upload == FALSE)
if ($cfg['UploadDir'] !='' && $handle = opendir($cfg['UploadDir'])) { if ($cfg['UploadDir'] !='' && $handle = opendir($cfg['UploadDir'])) {
$isfirst=0; $is_first = 0;
while ($file = @readdir($handle)) { while ($file = @readdir($handle)) {
if (is_file($cfg['UploadDir'] . $file)) { if (is_file($cfg['UploadDir'] . $file)) {
if ($isfirst==0) { if ($is_first == 0) {
echo "\n".' <i>' . $strOr . '</i> ' . $strWebServerUploadDirectory . '&nbsp;:<br />' . "\n"; echo "\n";
echo ' <i>' . $strOr . '</i> ' . $strWebServerUploadDirectory . '&nbsp;:<br />' . "\n";
echo ' <div style="margin-bottom: 5px">' . "\n"; echo ' <div style="margin-bottom: 5px">' . "\n";
echo ' <select size="1" name="sql_localfile">' . "\n"; echo ' <select size="1" name="sql_localfile">' . "\n";
echo ' <option value="" selected></option>' . "\n"; echo ' <option value="" selected></option>' . "\n";
} // end if (isfirst) } // end if (is_first)
echo ' <option value="'.$file.'">'.$file.'</option>' . "\n"; echo ' <option value="' . htmlspecialchars($file) . '">' . htmlspecialchars($file) . '</option>' . "\n";
$isfirst++; $is_first++;
} // end if (is_file) } // end if (is_file)
} // end while } // end while
if ($isfirst>0) { if ($is_first > 0) {
echo " </select>\n </div>\n\n"; echo ' </select>' . "\n"
. ' </div>' . "\n\n";
} // end if (isfirst > 0) } // end if (isfirst > 0)
@closedir($handle); @closedir($handle);
} // end if (web-server upload directory) } // end if (web-server upload directory)

14
read_dump.php3
View File

@@ -199,8 +199,11 @@ $err_url = $goto
$view_bookmark = 0; $view_bookmark = 0;
$sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : ''; $sql_bookmark = isset($sql_bookmark) ? $sql_bookmark : '';
$sql_query = isset($sql_query) ? $sql_query : ''; $sql_query = isset($sql_query) ? $sql_query : '';
$sql_file = (!empty($sql_localfile) && $cfg['UploadDir']!='') ? $cfg['UploadDir'].$sql_localfile : $sql_file; if (!empty($sql_localfile) && $cfg['UploadDir'] != '') {
$sql_file = !empty($sql_file) ? $sql_file : 'none'; $sql_file = $cfg['UploadDir'] . $sql_localfile;
} else if (empty($sql_file)) {
$sql_file = 'none';
}
/** /**
@@ -228,8 +231,11 @@ if (!empty($id_bookmark)) {
*/ */
// Gets the query from a file if required // Gets the query from a file if required
if ($sql_file != 'none') { if ($sql_file != 'none') {
if ((file_exists($sql_file) && is_uploaded_file($sql_file)) // loic1 : fixed a security issue
|| file_exists($cfg['UploadDir'].$sql_localfile)) { // if ((file_exists($sql_file) && is_uploaded_file($sql_file))
// || file_exists($cfg['UploadDir'] . $sql_localfile)) {
if (file_exists($sql_file)
&& (($sql_file == $cfg['UploadDir'] . $sql_localfile) || is_uploaded_file($sql_file))) {
$open_basedir = ''; $open_basedir = '';
if (PMA_PHP_INT_VERSION >= 40000) { if (PMA_PHP_INT_VERSION >= 40000) {
$open_basedir = @ini_get('open_basedir'); $open_basedir = @ini_get('open_basedir');