nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

escape allowed parameters from non-token requests

Browse Source
This commit is contained in:
Marc Delisle
2006-06-28 15:39:56 +00:00
parent 02f86bfb95
commit 6d6f47bdb2
2 changed files with 5 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -7,6 +7,8 @@ $Source$
2006-06-28 Marc Delisle <lem9@users.sourceforge.net> 2006-06-28 Marc Delisle <lem9@users.sourceforge.net>
* libraries/Config.class.php: remove debug code * libraries/Config.class.php: remove debug code
* libraries/common.lib.php: escape allowed parameters from non-token
requests
2006-06-27 Michal Čihař <michal@cihar.com> 2006-06-27 Michal Čihař <michal@cihar.com>
* libraries/import/csv.php: Fix special case of Excel export with ; at the * libraries/import/csv.php: Fix special case of Excel export with ; at the

3
libraries/common.lib.php
View File

@@ -2808,6 +2808,9 @@ if (!isset($_REQUEST['token']) || $_SESSION['PMA_token'] != $_REQUEST['token'])
unset($_GET[$key]); unset($_GET[$key]);
unset($_POST[$key]); unset($_POST[$key]);
unset($GLOBALS[$key]); unset($GLOBALS[$key]);
} else {
// allowed stuff could be compromised so escape it
$_REQUEST[$key] = htmlspecialchars($_REQUEST[$key]);
} }
} }
} }