nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Local file inclusion vulnerability

Browse Source
This commit is contained in:
Marc Delisle
2011-07-07 14:50:37 -04:00
parent 951fb4dd79
commit f63e1bb42a
2 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -3,6 +3,7 @@ phpMyAdmin - ChangeLog
3.4.3.2 (2011-07-XX)
- [security] Fixed XSS vulnerability, see PMASA-2011-9
- [security] Fixed local file inclusion vulnerability, see PMASA-2011-10
3.4.3.1 (2011-07-02)
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5

2
sql.php
View File

@@ -719,7 +719,7 @@ if (0 == $num_rows || $is_affected) {
parse_str($_REQUEST['transform_fields_list'], $edited_values);
foreach($mime_map as $transformation) {
$include_file = $transformation['transformation'];
$include_file = PMA_securePath($transformation['transformation']);
$column_name = $transformation['column_name'];
$column_data = $edited_values[$column_name];