nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

argh! now really!

Browse Source
This commit is contained in:
Sebastian Mendel
2005-11-26 06:11:48 +00:00
parent 1a00815881
commit af66555969
1 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
libraries/grab_globals.lib.php
View File

@@ -184,19 +184,16 @@ if ( $__redirect || ! defined( 'PMA_NO_VARIABLES_IMPORT' ) ) {
} else { } else {
echo $goto . "-<br />\n";
echo $_REQUEST['goto'] . "-<br />\n";
echo $_GET['goto'] . "-<br />\n";
echo $_POST['goto'] . "-<br />\n";
// Security fix: disallow accessing serious server files via "?goto=" // Security fix: disallow accessing serious server files via "?goto="
if ( isset( $_REQUEST['goto'] ) if ( isset( $_REQUEST['goto'] )
&& strpos( $_REQUEST['goto'], '\\' ) !== false && strpos( $_REQUEST['goto'], '\\' ) !== false
&& strpos( $_REQUEST['goto'], '/' ) !== false ) { && strpos( $_REQUEST['goto'], '/' ) !== false ) {
unset( $_REQUEST['goto'], $_GET['goto'], $_POST['goto'] ); unset( $_REQUEST['goto'], $_GET['goto'], $_POST['goto'],
$_COOKIE['goto'] );
} // end if } // end if
echo $_REQUEST['goto'] . "-<br />\n";
echo $_GET['goto'] . "-<br />\n"; array_walk( $_SERVER, 'strip_tags' );
echo $_POST['goto'] . "-<br />\n"; array_walk( $_ENV, 'strip_tags' );
} }
?> ?>