The branch, master has been updated via b9a7ac74251c490c67dae063e3cf4bb637cce288 (commit) from fc7a273edabc88a3b28d0fa6affcf5916435100f (commit)

- Log ----------------------------------------------------------------- commit b9a7ac74251c490c67dae063e3cf4bb637cce288 Author: Michal Čihař mcihar@suse.cz Date: Thu Aug 4 14:06:27 2011 +0200

Avoid skiping authentication and token check

-----------------------------------------------------------------------

Summary of changes: file_echo.php | 17 +++++++---------- 1 files changed, 7 insertions(+), 10 deletions(-)

diff --git a/file_echo.php b/file_echo.php index 95689a4..da8baa0 100644 --- a/file_echo.php +++ b/file_echo.php @@ -5,30 +5,27 @@ * * @package phpMyAdmin */ - - -define('PMA_MINIMUM_COMMON', true);

require_once './libraries/common.inc.php';

if(isset($_REQUEST['filename']) && isset($_REQUEST['image'])) { $allowed = Array( 'image/png'=>'png', 'image/svg+xml'=>'svg'); - + if (! isset($allowed[$_REQUEST['type']])) exit('Invalid export type'); - + if (! preg_match("/(".implode("|",$allowed).")$/i", $_REQUEST['filename'])) $_REQUEST['filename'] .= '.' . $allowed[$_REQUEST['type']]; - + downloadHeader($_REQUEST['filename'],$_REQUEST['type']);

if ($allowed[$_REQUEST['type']] != 'svg') echo base64_decode(substr($_REQUEST['image'], strpos($_REQUEST['image'],',') + 1)); else echo $_REQUEST['image']; - + exit(); } - + if(isset($_REQUEST['monitorconfig'])) { downloadHeader('monitor.cfg','application/force-download'); echo urldecode($_REQUEST['monitorconfig']); @@ -38,7 +35,7 @@ if(isset($_REQUEST['monitorconfig'])) { if(isset($_REQUEST['import'])) { echo '<html><body>' . file_get_contents($_FILES['file']['tmp_name']) . '</body></html>'; exit(); -} +}

exit('Invalid request');

@@ -49,4 +46,4 @@ function downloadHeader($file,$type) { header("Content-Type: ".$type); header("Content-Transfer-Encoding: binary"); } -?> \ No newline at end of file +?>

hooks/post-receive