[Phpmyadmin-devel] Another security issue in new code

Michal Čihař michal at cihar.com
Tue Jun 15 12:44:06 CEST 2004

On 15.06.2004 15:42 -0400, Marc Delisle wrote:
> Michal Čihař a écrit :
> >Hi all
> >
> >Why the hell we need such script?
> >
> >http://localhost/pma/open.php?get=/etc/passwd
> >
> I was looking for a way to have access to the message files, from the 
> theme manager (where we see the screenshots): themes/index.php. My 
> attempts to do it did not work, so Michael came up with this solution.
> Always open to improvement :)

Why not to put that code to themes/index.php. It would mean we have to
hardcode $cfg['ThemePath'], but I don't see any problem with this (it
will just make config a bit lighter).

	Michal Čihař

More information about the Developers mailing list