nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

path disclosure

Browse Source
This commit is contained in:
Marc Delisle
2003-07-19 15:29:53 +00:00
parent 204d9669af
commit 9439bd3780
4 changed files with 18 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
db_details_importdocsql.php3
View File

@@ -174,9 +174,11 @@ if (isset($do) && $do == 'import') {
// function is_writeable() is valid on PHP3 and 4 // function is_writeable() is valid on PHP3 and 4
if (!is_writeable($tmp_subdir)) { if (!is_writeable($tmp_subdir)) {
// if we cannot move the file, let PHP report the error
error_reporting(E_ALL);
$docsql_text = PMA_readFile($sql_file, $sql_file_compression); $docsql_text = PMA_readFile($sql_file, $sql_file_compression);
if ($docsql_text == FALSE) {
echo $strFileCouldNotBeRead;
exit();
}
} }
else { else {
$sql_file_new = $tmp_subdir . basename($sql_file); $sql_file_new = $tmp_subdir . basename($sql_file);

12
ldi_check.php3
View File

@@ -71,8 +71,9 @@ if (isset($btnLDI) && isset($local_textfile) && $local_textfile != '') {
// function is_writeable() is valid on PHP3 and 4 // function is_writeable() is valid on PHP3 and 4
if (!is_writeable($tmp_subdir)) { if (!is_writeable($tmp_subdir)) {
// if we cannot move the file, let PHP report the error echo $strWebServerUploadDirectoryError . ': ' . $tmp_subdir
error_reporting(E_ALL); . '<br />';
exit();
} else { } else {
$textfile_new = $tmp_subdir . basename($textfile); $textfile_new = $tmp_subdir . basename($textfile);
if (PMA_PHP_INT_VERSION < 40003) { if (PMA_PHP_INT_VERSION < 40003) {
@@ -100,8 +101,11 @@ if (isset($btnLDI) && empty($textfile)) {
$replace = ''; $replace = '';
} }
error_reporting(E_ALL); // the error message does not correspond exactly to the error...
chmod($textfile, 0644); if (!@chmod($textfile, 0644)) {
echo $strFileCouldNotBeRead . ' ' . $textfile . '<br />';
exit();
}
// Kanji encoding convert appended by Y.Kawada // Kanji encoding convert appended by Y.Kawada
if (function_exists('PMA_kanji_file_conv')) { if (function_exists('PMA_kanji_file_conv')) {

6
read_dump.php3
View File

@@ -100,9 +100,11 @@ if ($sql_file != 'none') {
// function is_writeable() is valid on PHP3 and 4 // function is_writeable() is valid on PHP3 and 4
if (!is_writeable($tmp_subdir)) { if (!is_writeable($tmp_subdir)) {
// if we cannot move the file, let PHP report the error
error_reporting(E_ALL);
$sql_query = PMA_readFile($sql_file, $sql_file_compression); $sql_query = PMA_readFile($sql_file, $sql_file_compression);
if ($sql_query == FALSE) {
echo $strFileCouldNotBeRead;
exit();
}
} }
else { else {
$sql_file_new = $tmp_subdir . basename($sql_file); $sql_file_new = $tmp_subdir . basename($sql_file);

3
tbl_properties_links.php3
View File

@@ -6,7 +6,8 @@
/** /**
* Sets error reporting level * Sets error reporting level
*/ */
error_reporting(E_ALL); // (removed to avoid path disclosure, not sure about why this was here)
// error_reporting(E_ALL);
// Check parameters // Check parameters