[Phpmyadmin-devel] Another security issue in new code - Developers - phpmyadmin.net

List overview All Threads
Download

[Phpmyadmin-devel] Another security issue in new code

[Phpmyadmin-devel] about...

[Phpmyadmin-devel] about queryframe

Michal Čihař

15 Jun 2004 15 Jun '04

3:32 p.m.

Hi all Why the hell we need such script? http://localhost/pma/open.php?get=/etc/passwd -- Regards Michal Čihař http://cihar.com

Reply

Show replies by date

Marc Delisle

15 Jun 15 Jun

3:38 p.m.

Michal Čihař a écrit :

Hi all Why the hell we need such script? http://localhost/pma/open.php?get=/etc/passwd

I was looking for a way to have access to the message files, from the theme manager (where we see the screenshots): themes/index.php. My attempts to do it did not work, so Michael came up with this solution. Always open to improvement :) Marc

Reply

Michal Čihař

3:44 p.m.

On 15.06.2004 15:42 -0400, Marc Delisle wrote:

Michal Čihař a écrit :

Hi all Why the hell we need such script? http://localhost/pma/open.php?get=/etc/passwd

I was looking for a way to have access to the message files, from the theme manager (where we see the screenshots): themes/index.php. My attempts to do it did not work, so Michael came up with this solution. Always open to improvement :)

Why not to put that code to themes/index.php. It would mean we have to hardcode $cfg['ThemePath'], but I don't see any problem with this (it will just make config a bit lighter). -- Regards Michal Čihař http://cihar.com

Reply

Michal Čihař

3:48 p.m.

On 15.06.2004 21:43 +0200, Michal Čihař wrote:

On 15.06.2004 15:42 -0400, Marc Delisle wrote:

Michal Čihař a écrit :

Hi all Why the hell we need such script? http://localhost/pma/open.php?get=/etc/passwd

I was looking for a way to have access to the message files, from the theme manager (where we see the screenshots): themes/index.php. My attempts to do it did not work, so Michael came up with this solution. Always open to improvement :)

Why not to put that code to themes/index.php. It would mean we have to hardcode $cfg['ThemePath'], but I don't see any problem with this (it will just make config a bit lighter).

Or just simply move themes/index.php to themes.php and include that code inside this script. -- Regards Michal Čihař http://cihar.com

Reply

Marc Delisle

16 Jun 16 Jun

8:19 a.m.

Michal Čihař a écrit :

On 15.06.2004 21:43 +0200, Michal Čihař wrote:

On 15.06.2004 15:42 -0400, Marc Delisle wrote:

Michal Čihař a écrit :

Hi all Why the hell we need such script? http://localhost/pma/open.php?get=/etc/passwd

I was looking for a way to have access to the message files, from the theme manager (where we see the screenshots): themes/index.php. My attempts to do it did not work, so Michael came up with this solution. Always open to improvement :)

Why not to put that code to themes/index.php. It would mean we have to hardcode $cfg['ThemePath'], but I don't see any problem with this (it will just make config a bit lighter).

Or just simply move themes/index.php to themes.php and include that code inside this script.

Ok, Michael is working on this. Marc

Reply

7397

days inactive

7398

days old

developers@phpmyadmin.net

Manage subscription

4 comments

2 participants

tags (0)

participants (2)

Marc Delisle
Michal Čihař