From cf8d1d330fc91afcc6be2d27d85bdc1e57d5b30a Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Mon, 2 Feb 2004 17:07:55 +0000
Subject: [PATCH] security fix

---
 ChangeLog  | 3 +++
 export.php | 2 +-
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index fbb729d98..ea308504a 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 
+2004-02-02 Marc Delisle  <lem9@users.sourceforge.net>
+    * export.php: security fix, thanks to Cedric Cochin for the advisory
+
 2004-02-02 Alexander M. Turek  <supposedformerinfatuationjunkie@derrabus.de>
     * libraries/mysql_charsets.lib.php: Use PMA_backquote().
 
diff --git a/export.php b/export.php
index de59b3e5b..150847b79 100644
--- a/export.php
+++ b/export.php
@@ -21,7 +21,7 @@ if ($what == 'excel') {
 /**
  * Defines the url to return to in case of error in a sql statement
  */
-require('./libraries/export/' . $type . '.php');
+require('./libraries/export/' . preg_replace('@\.\.*@','.',$type) . '.php');
 
 // Generate error url
 if ($export_type == 'server') {