bug #1322871, local file inclusion

2005-10-11 13:36:37 +00:00
parent 3143135a5c
commit 694f7ef519
2 changed files with 7 additions and 6 deletions
--- a/9
+++ b/9
@@ -1,10 +1,13 @@
----------------------
+----------------------
 phpMyAdmin - Changelog
 ----------------------
 $Id$
 $Source$
 2005-10-11 Marc Delisle  <lem9@users.sourceforge.net>
    * libraries/grab_globals.lib.php: bug #1322871, local file inclusion
 2005-10-11 Sebastian Mendel <cybot_tm@users.sourceforge.net>
    * footer.inc.php, index.php, left.php, queryframe.php, querywindow.php
      server_databases.php, css/phpmyadmin.css.php, libraries/common.lib.php
@@ -13,10 +16,6 @@ $Source$
      themes/original/css/theme_left.css.php:
      XHTML 1.0 trans. compliance and more semantic XHTML output
 CVS-Vorgang erfolgreich abgeschlossen
 2005-10-09 Marc Delisle  <lem9@users.sourceforge.net>
    * tbl_properties_links.php: invalid js confirmation and operation feedback
      when dropping a view
--- a/libraries/grab_globals.lib.php
+++ b/libraries/grab_globals.lib.php
@@ -101,7 +101,9 @@ if (isset($goto) && strpos(' ' . $goto, '/') > 0 && substr($goto, 0, 2) != './')
 } // end if
 if ( ! empty( $__redirect ) ) {
-    require('./' . $__redirect);
+    // TODO: ensure that PMA_securePath() is defined and available
    // for this script. Meanwhile we duplicate what this function does:
    require('./' . preg_replace('@\.\.*@','.',$__redirect));
    exit();
 } // end if ( ! empty( $__redirect ) )
 ?>