Fixed a possible security issue with uploaded files

This commit is contained in:
Loïc Chapeaux
2001-11-25 13:12:07 +00:00
parent 0b1fea0ae4
commit d09b82e84a
2 changed files with 26 additions and 1 deletions

View File

@@ -9,6 +9,7 @@ $Source$
* index.php3; libraries/common.lib.php3; libraries/defines.lib.php3;
libraries/grab_globals.lib.php3; libraries/select_lang.lib.php3:
taken into account the new $_* globals arrays defined with php 4.1+.
* read_dump.php3, lines 131-152 & 217: fixed a possible security issue.
2001-11-24 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* main.php3, line 200: fixed bug #485116 - No logout option for users.

View File

@@ -128,6 +128,30 @@ function PMA_splitSqlFile(&$ret, $sql, $release)
} // end of the 'PMA_splitSqlFile()' function
if (!function_exists('is_uploaded_file')) {
/**
* Emulates the 'is_uploaded_file()' function for old php versions.
* Grabbed at the php manual:
* http://www.php.net/manual/en/features.file-upload.php
*
* @param string the name of the file to check
*
* @return boolean wether the file has been uploaded or not
*
* @access public
*/
function is_uploaded_file($filename) {
if (!$tmp_file = @get_cfg_var('upload_tmp_dir')) {
$tmp_file = dirname(tempnam('', ''));
}
$tmp_file .= '/' . basename($filename);
// User might have trailing slash in php.ini...
return (ereg_replace('/+', '/', $tmp_file) == $filename);
} // end of the 'is_uploaded_file()' emulated function
} // end if
/**
* Increases the max. allowed time to run a script
@@ -190,7 +214,7 @@ if (!empty($id_bookmark)) {
*/
// Gets the query from a file if required
if ($sql_file != 'none') {
if (file_exists($sql_file)) {
if (file_exists($sql_file) && is_uploaded_file($sql_file)) {
$sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file));
if (get_magic_quotes_runtime() == 1) {
$sql_query = stripslashes($sql_query);