nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

test for PMA_securePath

Browse Source
This commit is contained in:
Marc Delisle
2004-06-15 15:26:50 +00:00
parent a12663d2d0
commit 67d381bb22
1 changed files with 20 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
libraries/common.lib.php
View File

@@ -238,6 +238,25 @@ if ($is_minimum_common == FALSE) {
function PMA_generateHiddenMaxFileSize($max_size){ function PMA_generateHiddenMaxFileSize($max_size){
return '<input type="hidden" name="MAX_FILE_SIZE" value="' .$max_size . '" />'; return '<input type="hidden" name="MAX_FILE_SIZE" value="' .$max_size . '" />';
} }
/**
* Removes insecure parts in a path; used before include() or
* require() when a part of the path comes from an insecure source
* like a cookie or form.
*
* @param string The path to check
*
* @return string The secured path
*
* @access public
* @author Marc Delisle (lem9@users.sourceforge.net)
*/
function PMA_securePath($path) {
// change .. to .
$path = preg_replace('@\.\.*@','.',$path);
return $path;
} // end function
/** /**
* Charset conversion. * Charset conversion.
@@ -298,6 +317,7 @@ if (!isset($_COOKIE['pma_theme']) || empty($_COOKIE['pma_theme'])){
$GLOBALS['theme'] = $_COOKIE['pma_theme']; $GLOBALS['theme'] = $_COOKIE['pma_theme'];
if ($_COOKIE['pma_theme'] != 'original') { if ($_COOKIE['pma_theme'] != 'original') {
$pmaThemeImage = './' . $cfg['ThemePath'] . '/' . $_COOKIE['pma_theme'] . '/img/'; $pmaThemeImage = './' . $cfg['ThemePath'] . '/' . $_COOKIE['pma_theme'] . '/img/';
//$tmp_color_file = './' . $cfg['ThemePath'] . '/' . PMA_securePath($_COOKIE['pma_theme']) . '/colors.inc.php';
$tmp_color_file = './' . $cfg['ThemePath'] . '/' . $_COOKIE['pma_theme'] . '/colors.inc.php'; $tmp_color_file = './' . $cfg['ThemePath'] . '/' . $_COOKIE['pma_theme'] . '/colors.inc.php';
if (@file_exists($tmp_color_file)) { if (@file_exists($tmp_color_file)) {
include($tmp_color_file); include($tmp_color_file);
@@ -2061,26 +2081,6 @@ if (typeof(document.getElementById) != 'undefined'
} }
} // end function } // end function
/**
* Removes insecure parts in a path; used before include() or
* require() when a part of the path comes from an insecure source
* like a cookie or form.
*
* @param string The path to check
*
* @return string The secured path
*
* @access public
* @author Marc Delisle (lem9@users.sourceforge.net)
*/
function PMA_securePath($path) {
// change .. to .
$path = preg_replace('@\.\.*@','.',$path);
return $path;
} // end function
// Kanji encoding convert feature appended by Y.Kawada (2002/2/20) // Kanji encoding convert feature appended by Y.Kawada (2002/2/20)
if (@function_exists('mb_convert_encoding') if (@function_exists('mb_convert_encoding')
&& strpos(' ' . $lang, 'ja-') && strpos(' ' . $lang, 'ja-')