Unless admin specifies there programs to use, it does nothing now.

This commit is contained in:
Michal Čihař
2004-10-22 14:37:24 +00:00
parent e53621e045
commit 9b5ae66772
2 changed files with 21 additions and 2 deletions

View File

@@ -11,6 +11,8 @@ $Source$
* db_operations.php, lang/*: We switch to database here. not table.
* lang/*: strProperties is not used anywhere now.
* config.inc.php: Mention db_operations.php possibility.
* libraries/transformations/text_plain__external.inc.php: Unless admin
specifies there programs to use, it does nothing now.
2004-10-21 Marc Delisle <lem9@users.sourceforge.net>
* tbl_query_box.php: bug 1050691, missing parameters

View File

@@ -66,8 +66,25 @@ function PMA_transformation_text_plain__external($buffer, $options = array(), $m
// further operations on $buffer using the $options[] array.
$allowed_programs = array();
$allowed_programs[0] = '/usr/local/bin/tidy';
$allowed_programs[1] = '/usr/local/bin/validate';
//
// WARNING:
//
// It's up to administrator to allow anything here. Note that users may
// specify any parameters, so when programs allow output redirection or
// any other possibly dangerous operations, you should write wrapper
// script that will publish only functions you really want.
//
// Add here program definitions like (note that these are NOT safe
// programs):
//
// $allowed_programs[0] = '/usr/local/bin/tidy';
// $allowed_programs[1] = '/usr/local/bin/validate';
// no-op when no allowed programs
if (count($allowed_programs) == 0) {
return $buffer;
}
if (!isset($options[0]) || $options[0] == '' || !isset($allowed_programs[$options[0]])) {
$program = $allowed_programs[0];