nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1149381

Browse Source
This commit is contained in:
Alexander M. Turek
2005-02-23 11:34:47 +00:00
parent f90cbaf9ac
commit 8f3bffcf4e
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
$Id$ $Id$
$Source$ $Source$
2005-02-23 Alexander M. Turek <me@derrabus.de>
* libraries/grab_globals.lib.php: More hotfixes against bug #1149381.
2005-02-22 Alexander M. Turek <me@derrabus.de> 2005-02-22 Alexander M. Turek <me@derrabus.de>
* libraries/grab_globals.lib.php: Hotfix against bug #1149381 and parts * libraries/grab_globals.lib.php: Hotfix against bug #1149381 and parts
of bug #1149383. of bug #1149383.

7
libraries/grab_globals.lib.php
View File

@@ -25,12 +25,15 @@ function PMA_gpc_extract($array, &$target) {
* parameters. * parameters.
* *
* Currently, the following variable names are rejected when found in * Currently, the following variable names are rejected when found in
* $_GET or $_POST: cfg and str* * $_GET or $_POST: cfg, GLOBALS, str* and _*
* *
* Warning: this also affects array keys: * Warning: this also affects array keys:
* Variables like $_GET['harmless']['cfg'] will also be rejected! * Variables like $_GET['harmless']['cfg'] will also be rejected!
*/ */
if ($key == 'cfg' || substr($key, 0, 3) == 'str') { if ($key == 'cfg'
|| $key == 'GLOBALS'
|| substr($key, 0, 3) == 'str'
|| $key{0} == '_') {
continue; continue;
} }