Hi
...resending to the list...
Dne Thu, 4 Aug 2011 21:13:16 +0300
Tyron Madlener <tyronx(a)gmail.com> napsal(a):
On Thu, Aug 4, 2011 at 8:51 PM, Michal Čihař
<michal(a)cihar.com> wrote:
This is just limiting access to file_echo.php to
users who are allowed
to use phpMyAdmin (and thus have login to MySQL). I see no reason
having publicly available echo service in phpMyAdmin.
But don't you need valid mysql credentials to get a session (and token) anyway?
Yes, though the token might be valid longer than MySQL credentials, so
it's better to check both.
Since the file uploading is handled by the browser, I
cannot think of
a case where you can upload a file unintentionally, or in any way get
it uploaded through other means than manually uploading it yourself.
I'd be really curious to know how a hacker can do anything malicious
in this direction.
You can easily place form on other page and redirect it to this file.
This is data you receive from outside, you should never trust it.
If you
don't need any HTML code inside, htmlspecialchars will help
here. Also if you set content type to JSON, browser will not process it
as HTML.
Ah yes, great solution :)
It just didn't into my mind to actually change the http header, even
though its so obvious.
I'll change that today.
Okay, please base changes on current master, I've made numerous changes
to that file.
--
Michal Čihař |
http://cihar.com |
http://blog.cihar.com