[Phpmyadmin-devel] Another security issue in new code
Michal Čihař
michal at cihar.com
Tue Jun 15 12:44:06 CEST 2004
On 15.06.2004 15:42 -0400, Marc Delisle wrote:
> Michal Čihař a écrit :
> >Hi all
> >
> >Why the hell we need such script?
> >
> >http://localhost/pma/open.php?get=/etc/passwd
> >
>
> I was looking for a way to have access to the message files, from the
> theme manager (where we see the screenshots): themes/index.php. My
> attempts to do it did not work, so Michael came up with this solution.
>
> Always open to improvement :)
Why not to put that code to themes/index.php. It would mean we have to
hardcode $cfg['ThemePath'], but I don't see any problem with this (it
will just make config a bit lighter).
--
Regards
Michal Čihař
http://cihar.com
More information about the Developers
mailing list