nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sanitize filenames before using in Content-Disposition header

Browse Source
This commit is contained in:
Herman van Rink
2011-08-08 20:07:09 +02:00
parent b659fbeb12
commit c547703b10
9 changed files with 29 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
tbl_tracking.php
View File

@@ -111,7 +111,8 @@ if (isset($_REQUEST['report_export']) && $_REQUEST['export_type'] == 'sqldumpfil
foreach($entries as $entry) {
$dump .= $entry['statement'];
}
$filename = 'log_' . str_replace(';', '', htmlspecialchars($_REQUEST['table'])) . '.sql';
//$filename = 'log_' . str_replace(';', '', htmlspecialchars($_REQUEST['table'])) . '.sql';
$filename = PMA_sanitize_filename('log_' . $_REQUEST['table'] . '.sql');
header('Content-Type: text/x-sql');
header('Expires: ' . gmdate('D, d M Y H:i:s') . ' GMT');
header('Content-Disposition: attachment; filename="' . $filename . '"');