nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

block if PMA_token is empty

Browse Source
This commit is contained in:
Marc Delisle
2006-09-26 19:37:18 +00:00
parent b3906852bb
commit ac2f606a21
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
libraries/common.lib.php
View File

@@ -2876,7 +2876,7 @@ if (PMA_checkPageValidity($_REQUEST['back'], $goto_whitelist)) {
* Check whether user supplied token is valid, if not remove any
* possibly dangerous stuff from request.
*/
if (!isset($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) {
if (!isset($_REQUEST['token']) || empty($_SESSION[' PMA_token ']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) {
/* List of parameters which are allowed from unsafe source */
$allow_list = array(
'db', 'table', 'lang', 'server', 'convcharset', 'collation_connection', 'target',