diff --git a/ChangeLog b/ChangeLog index 1676c2709..b61142f41 100755 --- a/ChangeLog +++ b/ChangeLog @@ -9,6 +9,7 @@ $Source$ * index.php3; libraries/common.lib.php3; libraries/defines.lib.php3; libraries/grab_globals.lib.php3; libraries/select_lang.lib.php3: taken into account the new $_* globals arrays defined with php 4.1+. + * read_dump.php3, lines 131-152 & 217: fixed a possible security issue. 2001-11-24 Loïc Chapeaux * main.php3, line 200: fixed bug #485116 - No logout option for users. diff --git a/read_dump.php3 b/read_dump.php3 index 298e4e869..f4f062aa8 100644 --- a/read_dump.php3 +++ b/read_dump.php3 @@ -128,6 +128,30 @@ function PMA_splitSqlFile(&$ret, $sql, $release) } // end of the 'PMA_splitSqlFile()' function +if (!function_exists('is_uploaded_file')) { + /** + * Emulates the 'is_uploaded_file()' function for old php versions. + * Grabbed at the php manual: + * http://www.php.net/manual/en/features.file-upload.php + * + * @param string the name of the file to check + * + * @return boolean wether the file has been uploaded or not + * + * @access public + */ + function is_uploaded_file($filename) { + if (!$tmp_file = @get_cfg_var('upload_tmp_dir')) { + $tmp_file = dirname(tempnam('', '')); + } + $tmp_file .= '/' . basename($filename); + + // User might have trailing slash in php.ini... + return (ereg_replace('/+', '/', $tmp_file) == $filename); + } // end of the 'is_uploaded_file()' emulated function +} // end if + + /** * Increases the max. allowed time to run a script @@ -190,7 +214,7 @@ if (!empty($id_bookmark)) { */ // Gets the query from a file if required if ($sql_file != 'none') { - if (file_exists($sql_file)) { + if (file_exists($sql_file) && is_uploaded_file($sql_file)) { $sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file)); if (get_magic_quotes_runtime() == 1) { $sql_query = stripslashes($sql_query);