From 81fe6d6e476046aae357a0f782137f4606b2adc0 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Sat, 19 Jul 2003 11:36:53 +0000
Subject: [PATCH] path disclosure

---
 ldi_check.php3     |  3 +++
 ldi_table.php3     |  7 ++++++-
 left.php3          |  2 ++
 tbl_printview.php3 | 12 +++++++++++-
 4 files changed, 22 insertions(+), 2 deletions(-)

diff --git a/ldi_check.php3 b/ldi_check.php3
index a02c8dbbd..f317c12c4 100755
--- a/ldi_check.php3
+++ b/ldi_check.php3
@@ -21,6 +21,9 @@
 require('./libraries/grab_globals.lib.php3');
 require('./libraries/common.lib.php3');
 
+// Check parameters
+
+PMA_checkParameters(array('db', 'table'));
 
 /**
  * If a file from UploadDir was submitted, use this file
diff --git a/ldi_table.php3 b/ldi_table.php3
index 6d45ead20..69d374d44 100755
--- a/ldi_table.php3
+++ b/ldi_table.php3
@@ -7,6 +7,12 @@
  * This file defines the forms used to insert a textfile into a table
  */
 
+// Check parameters
+if (!defined('PMA_COMMON_LIB_INCLUDED')) {
+    include('./libraries/common.lib.php3');
+}
+PMA_checkParameters(array('db', 'table'));
+
 
 /**
  * Gets some core libraries and displays links
@@ -16,7 +22,6 @@ $err_url   = 'ldi_table.php3' . $err_url;
 $url_query .= '&amp;goto=ldi_table.php3&amp;back=ldi_table.php3';
 require('./tbl_properties_table_info.php3');
 
-
 /**
  * Displays the form
  */
diff --git a/left.php3 b/left.php3
index 6b288531e..e7c61ca9e 100755
--- a/left.php3
+++ b/left.php3
@@ -31,6 +31,8 @@ if ($cfg['OBGzip']) {
     }
 }
 
+PMA_checkParameters(array('hash'));
+
 include('./libraries/bookmark.lib.php3');
 require('./libraries/relation.lib.php3');
 $cfgRelation = PMA_getRelationsParam();
diff --git a/tbl_printview.php3 b/tbl_printview.php3
index ab30ba45c..90beb6be7 100755
--- a/tbl_printview.php3
+++ b/tbl_printview.php3
@@ -10,6 +10,16 @@ if (!isset($selected_tbl)) {
     include('./header.inc.php3');
 }
 
+// Check parameters
+
+if (!defined('PMA_COMMON_LIB_INCLUDED')) {
+    include('./libraries/common.lib.php3');
+}
+
+PMA_checkParameters(array('the_tables'));
+if (!is_array($the_tables)) {
+    exit();
+}
 
 /**
  * Gets the relations settings
@@ -635,7 +645,7 @@ function printPage()
 //-->
 </script>
 <?php
-echo '<br /><br />&nbsp;<input type="button" style="visibility: ; width: 100px; height: 25px" id="print" value="Print" onclick="printPage()">' . "\n";
+echo '<br /><br />&nbsp;<input type="button" style="visibility: ; width: 100px; height: 25px" id="print" value="' . $strPrint . '" onclick="printPage()">' . "\n";
 
 require('./footer.inc.php3');
 ?>