nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Do not automatically set and create TempDir, it might lead to secrity issue (thanks to Thijs Kinkhorst).

Browse Source
This commit is contained in:
Michal Čihař
2008-09-02 17:35:48 +00:00
parent 300ac33342
commit e903114c58
2 changed files with 5 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
ChangeLog
View File

@@ -81,7 +81,10 @@ danbarry
+ [lang] Belarusian update, thanks to Jaska Zedlik + [lang] Belarusian update, thanks to Jaska Zedlik
+ [lang] Norwegian update, thanks to Sven-Erik Andersen + [lang] Norwegian update, thanks to Sven-Erik Andersen
+ [lang] Italian update, thanks to Luca Rebellato + [lang] Italian update, thanks to Luca Rebellato
- [core] safer handling of temporary files with open_basedir (thanks to Thijs Kinkhorst) - [core] safer handling of temporary files with open_basedir (thanks to Thijs
Kinkhorst)
- [core] do not automatically set and create TempDir, it might lead to secrity
issue (thanks to Thijs Kinkhorst)
+ [lang] Czech update + [lang] Czech update
- bug #2066923 [display] Navi browse icon does not go to page 1 - bug #2066923 [display] Navi browse icon does not go to page 1
- patch #2075263 [auth] Single sign-on and cookie clearing, - patch #2075263 [auth] Single sign-on and cookie clearing,

29
libraries/File.class.php
View File

@@ -903,34 +903,7 @@ class PMA_File
return true; return true;
} }
/** if (empty($GLOBALS['cfg']['TempDir']) || ! is_writable($GLOBALS['cfg']['TempDir'])) {
* it is not important if open_basedir is set - we just cannot read the file
* so we try to move it
if ('' != ini_get('open_basedir')) {
*/
// check tmp dir config
if (empty($GLOBALS['cfg']['TempDir'])) {
$GLOBALS['cfg']['TempDir'] = 'tmp/';
}
// suppress warnings from being displayed, but not from being logged
ob_start();
// check tmp dir
if (! is_dir($GLOBALS['cfg']['TempDir'])) {
// try to create the tmp directory
if (@mkdir($GLOBALS['cfg']['TempDir'], 0777)) {
chmod($GLOBALS['cfg']['TempDir'], 0777);
} else {
// create tmp dir failed
$this->_error_message = $GLOBALS['strFieldInsertFromFileTempDirNotExists'];
ob_end_clean();
return false;
}
}
ob_end_clean();
if (! is_writable($GLOBALS['cfg']['TempDir'])) {
// cannot create directory or access, point user to FAQ 1.11 // cannot create directory or access, point user to FAQ 1.11
$this->_error_message = $GLOBALS['strFieldInsertFromFileTempDirNotExists']; $this->_error_message = $GLOBALS['strFieldInsertFromFileTempDirNotExists'];
return false; return false;