diff --git a/ChangeLog b/ChangeLog index fbb729d98..ea308504a 100755 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ phpMyAdmin - Changelog $Id$ $Source$ +2004-02-02 Marc Delisle + * export.php: security fix, thanks to Cedric Cochin for the advisory + 2004-02-02 Alexander M. Turek * libraries/mysql_charsets.lib.php: Use PMA_backquote(). diff --git a/export.php b/export.php index de59b3e5b..150847b79 100644 --- a/export.php +++ b/export.php @@ -21,7 +21,7 @@ if ($what == 'excel') { /** * Defines the url to return to in case of error in a sql statement */ -require('./libraries/export/' . $type . '.php'); +require('./libraries/export/' . preg_replace('@\.\.*@','.',$type) . '.php'); // Generate error url if ($export_type == 'server') {