From 5ee357a572866e730d83f56d6187a67c7c48e523 Mon Sep 17 00:00:00 2001 From: Herman van Rink Date: Thu, 30 Jun 2011 20:19:32 +0200 Subject: [PATCH] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8 --- ChangeLog | 1 + libraries/display_tbl.lib.php | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 73f036871..72a94a3eb 100644 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 - [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7 +- [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8 3.3.10.1 (2011-05-20) - [security] XSS on Tracking page diff --git a/libraries/display_tbl.lib.php b/libraries/display_tbl.lib.php index 7ef333d62..186ce3e56 100644 --- a/libraries/display_tbl.lib.php +++ b/libraries/display_tbl.lib.php @@ -1220,7 +1220,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) { if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) { if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) { - $include_file = $GLOBALS['mime_map'][$meta->name]['transformation']; + $include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]['transformation']); if (file_exists('./libraries/transformations/' . $include_file)) { $transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']);