diff --git a/export.php b/export.php index 7da25fc05..100269f5a 100644 --- a/export.php +++ b/export.php @@ -343,6 +343,7 @@ if (!$save_on_server) { // (avoid rewriting data containing HTML with anchors and forms; // this was reported to happen under Plesk) @ini_set('url_rewriter.tags',''); + $filename = PMA_sanitize_filename($filename); header('Content-Type: ' . $mime_type); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); diff --git a/libraries/sanitizing.lib.php b/libraries/sanitizing.lib.php index a362ebdea..a65f8ba7c 100644 --- a/libraries/sanitizing.lib.php +++ b/libraries/sanitizing.lib.php @@ -86,4 +86,22 @@ function PMA_sanitize($message, $escape = false, $safe = false) return $message; } + + +/** + * Sanitize a filename by removing anything besides A-Za-z0-9_.- + * + * Intended usecase: + * When using a filename in a Content-Disposition header the value should not contain ; or " + * + * @param string The filename + * + * @return string the sanitized filename + * + */ +function PMA_sanitize_filename($filename) { + $filename = preg_replace('/[^A-Za-z0-9_.-]/', '_', $filename); + return $filename; +} + ?> diff --git a/libraries/schema/Dia_Relation_Schema.class.php b/libraries/schema/Dia_Relation_Schema.class.php index e58381e91..2f6373e63 100644 --- a/libraries/schema/Dia_Relation_Schema.class.php +++ b/libraries/schema/Dia_Relation_Schema.class.php @@ -173,6 +173,7 @@ class PMA_DIA extends XMLWriter if(ob_get_clean()){ ob_end_clean(); } + $fileName = PMA_sanitize_filename($fileName); header('Content-type: application/x-dia-diagram'); header('Content-Disposition: attachment; filename="'.$fileName.'.dia"'); $output = $this->flush(); diff --git a/libraries/schema/Eps_Relation_Schema.class.php b/libraries/schema/Eps_Relation_Schema.class.php index 5435db447..7f1c34d33 100644 --- a/libraries/schema/Eps_Relation_Schema.class.php +++ b/libraries/schema/Eps_Relation_Schema.class.php @@ -336,6 +336,7 @@ class PMA_EPS // if(ob_get_clean()){ //ob_end_clean(); //} + $fileName = PMA_sanitize_filename($fileName); header('Content-type: image/x-eps'); header('Content-Disposition: attachment; filename="'.$fileName.'.eps"'); $output = $this->stringCommands; diff --git a/libraries/schema/Pdf_Relation_Schema.class.php b/libraries/schema/Pdf_Relation_Schema.class.php index 607853709..ad0fe7a11 100644 --- a/libraries/schema/Pdf_Relation_Schema.class.php +++ b/libraries/schema/Pdf_Relation_Schema.class.php @@ -1075,6 +1075,8 @@ class PMA_Pdf_Relation_Schema extends PMA_Export_Relation_Schema if (empty($filename)) { $filename = $pageNumber . '.pdf'; } + $fileName = PMA_sanitize_filename($fileName); + // instead of $pdf->Output(): $pdfData = $pdf->getPDFData(); header('Content-Type: application/pdf'); diff --git a/libraries/schema/Svg_Relation_Schema.class.php b/libraries/schema/Svg_Relation_Schema.class.php index afafda7fb..52eb4394b 100644 --- a/libraries/schema/Svg_Relation_Schema.class.php +++ b/libraries/schema/Svg_Relation_Schema.class.php @@ -171,6 +171,7 @@ class PMA_SVG extends XMLWriter function showOutput($fileName) { //ob_get_clean(); + $fileName = PMA_sanitize_filename($fileName); header('Content-type: image/svg+xml'); header('Content-Disposition: attachment; filename="'.$fileName.'.svg"'); $output = $this->flush(); diff --git a/libraries/schema/Visio_Relation_Schema.class.php b/libraries/schema/Visio_Relation_Schema.class.php index ab45b13b9..0c3f7eca6 100644 --- a/libraries/schema/Visio_Relation_Schema.class.php +++ b/libraries/schema/Visio_Relation_Schema.class.php @@ -158,6 +158,7 @@ class PMA_VISIO extends XMLWriter //if(ob_get_clean()){ //ob_end_clean(); //} + $fileName = PMA_sanitize_filename($fileName); header('Content-type: application/visio'); header('Content-Disposition: attachment; filename="'.$fileName.'.vdx"'); $output = $this->flush(); diff --git a/tbl_get_field.php b/tbl_get_field.php index a58eb5117..be0bdded6 100644 --- a/tbl_get_field.php +++ b/tbl_get_field.php @@ -39,7 +39,8 @@ if ($result === false) { header('Content-Type: ' . PMA_detectMIME($result)); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); -header('Content-Disposition: attachment; filename="' . $table . '-' . $transform_key . '.bin"'); +$filename = PMA_sanitize_filename($table . '-' . $transform_key . '.bin'); +header('Content-Disposition: attachment; filename="' . $filename . '"'); if (PMA_USR_BROWSER_AGENT == 'IE') { header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); diff --git a/tbl_tracking.php b/tbl_tracking.php index 36e5f668a..047066384 100644 --- a/tbl_tracking.php +++ b/tbl_tracking.php @@ -111,7 +111,8 @@ if (isset($_REQUEST['report_export']) && $_REQUEST['export_type'] == 'sqldumpfil foreach($entries as $entry) { $dump .= $entry['statement']; } - $filename = 'log_' . str_replace(';', '', htmlspecialchars($_REQUEST['table'])) . '.sql'; + //$filename = 'log_' . str_replace(';', '', htmlspecialchars($_REQUEST['table'])) . '.sql'; + $filename = PMA_sanitize_filename('log_' . $_REQUEST['table'] . '.sql'); header('Content-Type: text/x-sql'); header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Content-Disposition: attachment; filename="' . $filename . '"');