nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix for attack via FILES

Browse Source
This commit is contained in:
Marc Delisle
2006-09-29 12:54:34 +00:00
parent 99b37f64b6
commit 9a581ab5d8
2 changed files with 10 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - ChangeLog
$Id$
$Source$
2006-09-29 Marc Delisle <lem9@users.sourceforge.net>
* libraries/grab_globals.lib.php: fix attack via _FILES,
thanks to Stefan Esser
2006-09-27 Marc Delisle <lem9@users.sourceforge.net>
* libraries/common.lib.php, /session.inc.php, /url_generating.lib.php:
security fixes (announcement will come later),

9
libraries/grab_globals.lib.php
View File

@@ -91,9 +91,12 @@ if (! empty($_POST)) {
}
if (! empty($_FILES)) {
foreach ($_FILES as $name => $value) {
$$name = $value['tmp_name'];
${$name . '_name'} = $value['name'];
$_valid_variables = preg_replace($GLOBALS['_import_blacklist'], '', array_keys($_FILES));
foreach ($_valid_variables as $name) {
if (strlen($name) != 0) {
$$name = $_FILES[$name]['tmp_name'];
${$name . '_name'} = $_FILES[$name]['name'];
}
}
unset($name, $value);
}