Fixed a possible security issue with uploaded files

ChangeLog

@@ -9,6 +9,7 @@ $Source$
 	* index.php3; libraries/common.lib.php3; libraries/defines.lib.php3;
 	  libraries/grab_globals.lib.php3; libraries/select_lang.lib.php3:
 	  taken into account the new $_* globals arrays defined with php 4.1+.
+	* read_dump.php3, lines 131-152 & 217: fixed a possible security issue.
 
 2001-11-24  Lo<4C>c Chapeaux  <lolo@phpheaven.net>
 	* main.php3, line 200: fixed bug #485116 - No logout option for users.

read_dump.php3

@@ -128,6 +128,30 @@ function PMA_splitSqlFile(&$ret, $sql, $release)
 } // end of the 'PMA_splitSqlFile()' function
 
 
+if (!function_exists('is_uploaded_file')) {
+    /**
+     * Emulates the 'is_uploaded_file()' function for old php versions.
+     * Grabbed at the php manual:
+     *     http://www.php.net/manual/en/features.file-upload.php
+     *
+     * @param   string    the name of the file to check
+     *
+     * @return  boolean   wether the file has been uploaded or not
+     *
+     * @access  public
+     */
+    function is_uploaded_file($filename) {
+        if (!$tmp_file = @get_cfg_var('upload_tmp_dir')) {
+            $tmp_file = dirname(tempnam('', ''));
+        }
+        $tmp_file     .= '/' . basename($filename);
+
+        // User might have trailing slash in php.ini...
+        return (ereg_replace('/+', '/', $tmp_file) == $filename);
+    } // end of the 'is_uploaded_file()' emulated function
+} // end if
+
+
 
 /**
  * Increases the max. allowed time to run a script
@@ -190,7 +214,7 @@ if (!empty($id_bookmark)) {
  */
 // Gets the query from a file if required 
 if ($sql_file != 'none') {
-    if (file_exists($sql_file)) {
+    if (file_exists($sql_file) && is_uploaded_file($sql_file)) {
         $sql_query = fread(fopen($sql_file, 'r'), filesize($sql_file));
         if (get_magic_quotes_runtime() == 1) {
             $sql_query = stripslashes($sql_query);