From 9c35c9dd5699690dd1eec6f5acd08cef01945830 Mon Sep 17 00:00:00 2001
From: Garvin Hicking <me@supergarv.de>
Date: Fri, 20 Jun 2003 14:28:30 +0000
Subject: [PATCH] Minor security fixes (directory access, filenames)

---
 ChangeLog                    | 6 ++++++
 db_details_importdocsql.php3 | 8 ++++----
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index cee01c3ef..4313a1270 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,12 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 
+2003-06-20 Garvin Hicking <me@supergarv.de>
+    * db_details_importdocsql.php3: Will now NEVER reveal any filename
+      the docSQL import isn't able to read. Can now only read contents
+      of the 'docSQL' subdirectory and never be able to go higher than
+      that level.
+
 2003-06-19 Marc Delisle  <lem9@users.sourceforge.net>
     * libraries/sqlparser.lib.php3: analyzer for FOREIGN KEYS
     * libraries/sqlparser.lib.php3: bug 756861, DEFAULT 0 becomes DEFAULT0
diff --git a/db_details_importdocsql.php3 b/db_details_importdocsql.php3
index c34b19239..85f22c9d8 100644
--- a/db_details_importdocsql.php3
+++ b/db_details_importdocsql.php3
@@ -99,11 +99,11 @@ global $GLOBALS;
         
         return 1;
     } else {
-        if ($content != '') {
+        if ($content != 'none') {
             echo '<p><font color="orange">' . sprintf($GLOBALS['strIgnoringFile'], ' ' . $file) . '</font></p>' . "\n";
         } else {
             // garvin: disabled. Shouldn't impose ANY non-submitted files ever.
-            echo '<p><font color="orange">' . sprintf($GLOBALS['strIgnoringFile'], ' ' . '') . '</font></p>' . "\n";
+            echo '<p><font color="orange">' . sprintf($GLOBALS['strIgnoringFile'], ' ' . '...') . '</font></p>' . "\n";
         }
         return 0;
     } // end working on table
@@ -206,7 +206,7 @@ if (isset($do) && $do == 'import') {
     } else {
         
         // echo '<h1>Starting Import</h1>';
-        $docpath = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/' . eregi_replace('\.\.*', '.', $docpath);
+        $docpath = $DOCUMENT_ROOT . dirname($PHP_SELF) . '/docSQL/' . eregi_replace('\.\.*', '.', $docpath);
         if (substr($docpath, strlen($docpath) - 2, 1) != '/') {
             $docpath = $docpath . '/';
         }
@@ -239,7 +239,7 @@ if (isset($do) && $do == 'import') {
     <input type="hidden" name="do" value="import" />
     <b><?php echo $strAbsolutePathToDocSqlDir; ?>:</b>
     <br /><br />
-    <?php echo dirname($PHP_SELF); ?>/<input class="textfield" type="text" name="docpath" size="15" value="<?php echo (isset($orig_docpath) ? $orig_docpath : 'docSQL/'); ?>" />
+    <?php echo dirname($PHP_SELF) . '/docSQL'; ?>/<input class="textfield" type="text" name="docpath" size="15" value="<?php echo (isset($orig_docpath) ? $orig_docpath : ''); ?>" />
 <?php
 // garvin: displays import dump feature only if file upload available
 if ($is_upload) {