path disclosure
This commit is contained in:
@@ -174,9 +174,11 @@ if (isset($do) && $do == 'import') {
|
||||
|
||||
// function is_writeable() is valid on PHP3 and 4
|
||||
if (!is_writeable($tmp_subdir)) {
|
||||
// if we cannot move the file, let PHP report the error
|
||||
error_reporting(E_ALL);
|
||||
$docsql_text = PMA_readFile($sql_file, $sql_file_compression);
|
||||
if ($docsql_text == FALSE) {
|
||||
echo $strFileCouldNotBeRead;
|
||||
exit();
|
||||
}
|
||||
}
|
||||
else {
|
||||
$sql_file_new = $tmp_subdir . basename($sql_file);
|
||||
|
@@ -71,8 +71,9 @@ if (isset($btnLDI) && isset($local_textfile) && $local_textfile != '') {
|
||||
|
||||
// function is_writeable() is valid on PHP3 and 4
|
||||
if (!is_writeable($tmp_subdir)) {
|
||||
// if we cannot move the file, let PHP report the error
|
||||
error_reporting(E_ALL);
|
||||
echo $strWebServerUploadDirectoryError . ': ' . $tmp_subdir
|
||||
. '<br />';
|
||||
exit();
|
||||
} else {
|
||||
$textfile_new = $tmp_subdir . basename($textfile);
|
||||
if (PMA_PHP_INT_VERSION < 40003) {
|
||||
@@ -100,8 +101,11 @@ if (isset($btnLDI) && empty($textfile)) {
|
||||
$replace = '';
|
||||
}
|
||||
|
||||
error_reporting(E_ALL);
|
||||
chmod($textfile, 0644);
|
||||
// the error message does not correspond exactly to the error...
|
||||
if (!@chmod($textfile, 0644)) {
|
||||
echo $strFileCouldNotBeRead . ' ' . $textfile . '<br />';
|
||||
exit();
|
||||
}
|
||||
|
||||
// Kanji encoding convert appended by Y.Kawada
|
||||
if (function_exists('PMA_kanji_file_conv')) {
|
||||
|
@@ -100,9 +100,11 @@ if ($sql_file != 'none') {
|
||||
|
||||
// function is_writeable() is valid on PHP3 and 4
|
||||
if (!is_writeable($tmp_subdir)) {
|
||||
// if we cannot move the file, let PHP report the error
|
||||
error_reporting(E_ALL);
|
||||
$sql_query = PMA_readFile($sql_file, $sql_file_compression);
|
||||
if ($sql_query == FALSE) {
|
||||
echo $strFileCouldNotBeRead;
|
||||
exit();
|
||||
}
|
||||
}
|
||||
else {
|
||||
$sql_file_new = $tmp_subdir . basename($sql_file);
|
||||
|
@@ -6,7 +6,8 @@
|
||||
/**
|
||||
* Sets error reporting level
|
||||
*/
|
||||
error_reporting(E_ALL);
|
||||
// (removed to avoid path disclosure, not sure about why this was here)
|
||||
// error_reporting(E_ALL);
|
||||
|
||||
|
||||
// Check parameters
|
||||
|
Reference in New Issue
Block a user