security fix

2004-02-02 17:07:55 +00:00
parent f6b3a15202
commit cf8d1d330f
2 changed files with 4 additions and 1 deletions
--- a/3
+++ b/3
@@ -5,6 +5,9 @@ phpMyAdmin - Changelog
 $Id$
 $Source$

+2004-02-02 Marc Delisle  <lem9@users.sourceforge.net>
+    * export.php: security fix, thanks to Cedric Cochin for the advisory
+
 2004-02-02 Alexander M. Turek  <supposedformerinfatuationjunkie@derrabus.de>
    * libraries/mysql_charsets.lib.php: Use PMA_backquote().

--- a/export.php
+++ b/export.php
@@ -21,7 +21,7 @@ if ($what == 'excel') {
 /**
 * Defines the url to return to in case of error in a sql statement
 */
-require('./libraries/export/' . $type . '.php');
+require('./libraries/export/' . preg_replace('@\.\.*@','.',$type) . '.php');

 // Generate error url
 if ($export_type == 'server') {