nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Remove error.php

Browse Source 
Redirecting to other script introduces possibility of inject custom
messages to it. Though there is no clear security issue in this, it
might confuse users and mistake them to go to external site as it allows
to include links.

Conflicts:

	error.php
	libraries/core.lib.php
This commit is contained in:
Michal Čihař
2011-01-06 09:36:30 +01:00
parent 8928900532
commit 9ebd401b0e
3 changed files with 13 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
libraries/core.lib.php
View File

@@ -261,21 +261,18 @@ function PMA_fatalError($error_message, $message_args = null)
$error_message = strtr($error_message, array('<br />' => '[br]'));
// Displays the error message
// (do not use &amp; for parameters sent by header)
$query_params = array(
'lang' => $GLOBALS['available_languages'][$GLOBALS['lang']][2],
'dir' => $GLOBALS['text_dir'],
'type' => $GLOBALS['strError'],
'error' => $error_message,
);
header('Location: ' . (defined('PMA_SETUP') ? '../' : '') . 'error.php?'
. http_build_query($query_params, null, '&'));
$lang = $GLOBALS['available_languages'][$GLOBALS['lang']][2];
$dir = $GLOBALS['text_dir'];
$type = $GLOBALS['strError'];
$error = $error_message;
// on fatal errors it cannot hurt to always delete the current session
if (isset($GLOBALS['session_name']) && isset($_COOKIE[$GLOBALS['session_name']])) {
PMA_removeCookie($GLOBALS['session_name']);
}
require('./libraries/error.inc.php');
exit;
}