security fix

This commit is contained in:
Marc Delisle
2004-02-02 17:07:55 +00:00
parent f6b3a15202
commit cf8d1d330f
2 changed files with 4 additions and 1 deletions

View File

@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
$Id$
$Source$
2004-02-02 Marc Delisle <lem9@users.sourceforge.net>
* export.php: security fix, thanks to Cedric Cochin for the advisory
2004-02-02 Alexander M. Turek <supposedformerinfatuationjunkie@derrabus.de>
* libraries/mysql_charsets.lib.php: Use PMA_backquote().

View File

@@ -21,7 +21,7 @@ if ($what == 'excel') {
/**
* Defines the url to return to in case of error in a sql statement
*/
require('./libraries/export/' . $type . '.php');
require('./libraries/export/' . preg_replace('@\.\.*@','.',$type) . '.php');
// Generate error url
if ($export_type == 'server') {