path disclosure
This commit is contained in:
@@ -10,6 +10,11 @@ require('./libraries/grab_globals.lib.php3');
|
|||||||
$js_to_run = 'functions.js';
|
$js_to_run = 'functions.js';
|
||||||
require('./header.inc.php3');
|
require('./header.inc.php3');
|
||||||
|
|
||||||
|
if (!defined('PMA_COMMON_LIB_INCLUDED')) {
|
||||||
|
include('./libraries/common.lib.php3');
|
||||||
|
}
|
||||||
|
|
||||||
|
PMA_checkParameters(array('db'));
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Defines the url to return to in case of error in a sql statement
|
* Defines the url to return to in case of error in a sql statement
|
||||||
|
@@ -15,6 +15,7 @@ if (!defined('PMA_BOOKMARK_LIB_INCLUDED')) {
|
|||||||
include('./libraries/bookmark.lib.php3');
|
include('./libraries/bookmark.lib.php3');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
PMA_checkParameters(array('db'));
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Defines the urls to return to in case of error in a sql statement
|
* Defines the urls to return to in case of error in a sql statement
|
||||||
|
@@ -2,14 +2,11 @@
|
|||||||
/* $Id$ */
|
/* $Id$ */
|
||||||
// vim: expandtab sw=4 ts=4 sts=4:
|
// vim: expandtab sw=4 ts=4 sts=4:
|
||||||
|
|
||||||
error_reporting(E_ALL);
|
|
||||||
/**
|
/**
|
||||||
* Misc stuff and functions used by almost all the scripts.
|
* Misc stuff and functions used by almost all the scripts.
|
||||||
* Among other things, it contains the advanced authentification work.
|
* Among other things, it contains the advanced authentification work.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
if (!defined('PMA_COMMON_LIB_INCLUDED')) {
|
if (!defined('PMA_COMMON_LIB_INCLUDED')) {
|
||||||
define('PMA_COMMON_LIB_INCLUDED', 1);
|
define('PMA_COMMON_LIB_INCLUDED', 1);
|
||||||
|
|
||||||
@@ -1873,6 +1870,44 @@ h1 {font-family: sans-serif; font-size: large; font-weight: bold}
|
|||||||
return $format_string;
|
return $format_string;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Function added to avoid path disclosures.
|
||||||
|
* Called by each script that needs parameters, it displays
|
||||||
|
* an error message and, by defaults, stops the execution.
|
||||||
|
*
|
||||||
|
* @param array The names of the parameters needed by the calling
|
||||||
|
* script.
|
||||||
|
* @param boolean Stop the execution?
|
||||||
|
* (Set this manually to FALSE in the calling script
|
||||||
|
* until you know all needed parameters to check).
|
||||||
|
*
|
||||||
|
* @access public
|
||||||
|
* @author Marc Delisle (lem9@users.sourceforge.net)
|
||||||
|
*/
|
||||||
|
function PMA_checkParameters($params, $die = TRUE) {
|
||||||
|
global $PHP_SELF;
|
||||||
|
|
||||||
|
$reported_script_name = basename($PHP_SELF);
|
||||||
|
$found_error = FALSE;
|
||||||
|
$error_message = '';
|
||||||
|
|
||||||
|
while (list(, $param) = each($params)) {
|
||||||
|
if (!isset($GLOBALS[$param])) {
|
||||||
|
$error_message .= $reported_script_name . ': Missing ' . $param . '<br />';
|
||||||
|
$found_error = TRUE;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ($found_error) {
|
||||||
|
include('./libraries/header_meta_style.inc.php3');
|
||||||
|
echo '</head><body><p>' . $error_message . '</p></body></html>';
|
||||||
|
if ($die) {
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} // end function
|
||||||
|
|
||||||
|
|
||||||
// Kanji encoding convert feature appended by Y.Kawada (2002/2/20)
|
// Kanji encoding convert feature appended by Y.Kawada (2002/2/20)
|
||||||
if (PMA_PHP_INT_VERSION >= 40006
|
if (PMA_PHP_INT_VERSION >= 40006
|
||||||
&& @function_exists('mb_convert_encoding')
|
&& @function_exists('mb_convert_encoding')
|
||||||
|
2
sql.php3
2
sql.php3
@@ -8,6 +8,8 @@
|
|||||||
require('./libraries/grab_globals.lib.php3');
|
require('./libraries/grab_globals.lib.php3');
|
||||||
require('./libraries/common.lib.php3');
|
require('./libraries/common.lib.php3');
|
||||||
|
|
||||||
|
PMA_checkParameters(array('sql_query', 'db'));
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Defines the url to return to in case of error in a sql statement
|
* Defines the url to return to in case of error in a sql statement
|
||||||
*/
|
*/
|
||||||
|
Reference in New Issue
Block a user