nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8

Browse Source
This commit is contained in:
Herman van Rink
2011-06-30 20:19:32 +02:00
parent 911a83393e
commit 5ee357a572
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -9,6 +9,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
- [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
- [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8
3.3.10.1 (2011-05-20)
- [security] XSS on Tracking page

2
libraries/display_tbl.lib.php
View File

@@ -1220,7 +1220,7 @@ function PMA_displayTableBody(&$dt_result, &$is_display, $map, $analyzed_sql) {
if ($GLOBALS['cfgRelation']['mimework'] && $GLOBALS['cfg']['BrowseMIME']) {
if (isset($GLOBALS['mime_map'][$meta->name]['mimetype']) && isset($GLOBALS['mime_map'][$meta->name]['transformation']) && !empty($GLOBALS['mime_map'][$meta->name]['transformation'])) {
$include_file = $GLOBALS['mime_map'][$meta->name]['transformation'];
$include_file = PMA_securePath($GLOBALS['mime_map'][$meta->name]['transformation']);
if (file_exists('./libraries/transformations/' . $include_file)) {
$transformfunction_name = str_replace('.inc.php', '', $GLOBALS['mime_map'][$meta->name]['transformation']);