From ebbab4b03559103d95200aff7615346f665422d4 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Sat, 19 Jul 2003 12:47:00 +0000 Subject: [PATCH] path disclosure --- tbl_properties_table_info.php3 | 2 +- tbl_replace.php3 | 2 ++ tbl_replace_fields.php3 | 9 +++++++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/tbl_properties_table_info.php3 b/tbl_properties_table_info.php3 index 4645e7edf..8faf3474e 100755 --- a/tbl_properties_table_info.php3 +++ b/tbl_properties_table_info.php3 @@ -11,7 +11,7 @@ if (!defined('PMA_COMMON_LIB_INCLUDED')) { include('./libraries/common.lib.php3'); } -PMA_checkParameters(array('db', 'table', 'err_url_0')); +PMA_checkParameters(array('db', 'table')); /** * Gets table informations diff --git a/tbl_replace.php3 b/tbl_replace.php3 index 44ed9bb0d..26280a5f6 100755 --- a/tbl_replace.php3 +++ b/tbl_replace.php3 @@ -9,6 +9,8 @@ require('./libraries/grab_globals.lib.php3'); require('./libraries/common.lib.php3'); +// Check parameters +PMA_checkParameters(array('db','table','goto')); /** * Initializes some variables diff --git a/tbl_replace_fields.php3 b/tbl_replace_fields.php3 index a966de29d..0723253bd 100755 --- a/tbl_replace_fields.php3 +++ b/tbl_replace_fields.php3 @@ -5,6 +5,15 @@ // note: grab_globals has extracted the fields from _FILES // or HTTP_POST_FILES +// Check parameters + +if (!defined('PMA_COMMON_LIB_INCLUDED')) { + include('./libraries/common.lib.php3'); +} + +PMA_checkParameters(array('db','encoded_key')); + + // f i e l d u p l o a d e d f r o m a f i l e // garvin: original if-clause checked, whether input was stored in a possible fields_upload_XX var.