[Phpmyadmin-devel] Another security issue in new code
Hi all Why the hell we need such script? http://localhost/pma/open.php?get=/etc/passwd -- Regards Michal Čihař http://cihar.com
Michal Čihař a écrit :
Hi all
Why the hell we need such script?
I was looking for a way to have access to the message files, from the theme manager (where we see the screenshots): themes/index.php. My attempts to do it did not work, so Michael came up with this solution. Always open to improvement :) Marc
On 15.06.2004 15:42 -0400, Marc Delisle wrote:
Michal Čihař a écrit :
Hi all
Why the hell we need such script?
I was looking for a way to have access to the message files, from the theme manager (where we see the screenshots): themes/index.php. My attempts to do it did not work, so Michael came up with this solution.
Always open to improvement :)
Why not to put that code to themes/index.php. It would mean we have to hardcode $cfg['ThemePath'], but I don't see any problem with this (it will just make config a bit lighter). -- Regards Michal Čihař http://cihar.com
On 15.06.2004 21:43 +0200, Michal Čihař wrote:
On 15.06.2004 15:42 -0400, Marc Delisle wrote:
Michal Čihař a écrit :
Hi all
Why the hell we need such script?
I was looking for a way to have access to the message files, from the theme manager (where we see the screenshots): themes/index.php. My attempts to do it did not work, so Michael came up with this solution.
Always open to improvement :)
Why not to put that code to themes/index.php. It would mean we have to hardcode $cfg['ThemePath'], but I don't see any problem with this (it will just make config a bit lighter).
Or just simply move themes/index.php to themes.php and include that code inside this script. -- Regards Michal Čihař http://cihar.com
Michal Čihař a écrit :
On 15.06.2004 21:43 +0200, Michal Čihař wrote:
On 15.06.2004 15:42 -0400, Marc Delisle wrote:
Michal Čihař a écrit :
Hi all
Why the hell we need such script?
I was looking for a way to have access to the message files, from the theme manager (where we see the screenshots): themes/index.php. My attempts to do it did not work, so Michael came up with this solution.
Always open to improvement :)
Why not to put that code to themes/index.php. It would mean we have to hardcode $cfg['ThemePath'], but I don't see any problem with this (it will just make config a bit lighter).
Or just simply move themes/index.php to themes.php and include that code inside this script.
Ok, Michael is working on this. Marc
participants (2)
-
Marc Delisle -
Michal Čihař