nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

path disclosure

Browse Source
This commit is contained in:
Marc Delisle
2003-07-19 22:47:29 +00:00
parent 9439bd3780
commit 9a6a496468
3 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -6,8 +6,7 @@ $Id$
$Source$ $Source$
2003-07-19 Marc Delisle <lem9@users.sourceforge.net> 2003-07-19 Marc Delisle <lem9@users.sourceforge.net>
* in main directory: checks for paths disclosure * (in lots of scripts): checks for paths disclosure
(TODO: subdirectories)
2003-07-18 Garvin Hicking <me@supergarv.de> 2003-07-18 Garvin Hicking <me@supergarv.de>
* read_dump.php3: When PHP3 < 4.3.0 is detected, try an alternative * read_dump.php3: When PHP3 < 4.3.0 is detected, try an alternative

7
libraries/auth/cookie.auth.lib.php3
View File

@@ -13,9 +13,12 @@
if (!defined('PMA_COOKIE_AUTH_INCLUDED')) { if (!defined('PMA_COOKIE_AUTH_INCLUDED')) {
define('PMA_COOKIE_AUTH_INCLUDED', 1); define('PMA_COOKIE_AUTH_INCLUDED', 1);
if (!isset($coming_from_common)) {
exit();
}
// emulate array_values() for PHP 3 // emulate array_values() for PHP 3
if (PMA_PHP_INT_VERSION < 40000) { // if (PMA_PHP_INT_VERSION < 40000) {
if (!@function_exists('array_values')) {
function array_values ($arr) { function array_values ($arr) {
$t = array(); $t = array();
while (list($k, $v) = each ($arr)) { while (list($k, $v) = each ($arr)) {

4
libraries/common.lib.php3
View File

@@ -719,6 +719,10 @@ h1 {font-family: sans-serif; font-size: large; font-weight: bold}
// Gets the authentication library that fits the $cfg['Server'] settings // Gets the authentication library that fits the $cfg['Server'] settings
// and run authentication // and run authentication
// (for a quick check of path disclosure in auth/cookies:)
$coming_from_common = TRUE;
include('./libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php3'); include('./libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php3');
if (!PMA_auth_check()) { if (!PMA_auth_check()) {
PMA_auth(); PMA_auth();