Re: [Phpmyadmin-devel] file_echo.php

4 Aug 2011

      Hi
Dne Thu, 4 Aug 2011 19:37:43 +0200
Dieter Adriaenssens dieter.adriaenssens@gmail.com napsal(a):
...
Just a question about the code :
$extension = $allowed[$_REQUEST['type']];
$valid_match = '/^[^\n\r]*\.' . $extension . '$/';
if (! preg_match($valid_match, $_REQUEST['filename'])) {
    if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) {
        /* Add extension */
        $filename = 'dowload.' . $extension;
    } else {
        /* Filename is unsafe, discard it */
        $filename = $_REQUEST['filename'] . '.' . $extension;
    }

Shouldn't the two comments in the then/else be switched?
'dowload', is this a typo?

Both fixed, thanks for spotting it.
-- 
    Michal Čihař | http://cihar.com | http://phpmyadmin.cz

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Re: [Phpmyadmin-devel] file_echo.php