[Phpmyadmin-devel] Another security issue in new code
Michal Čihař
michal at cihar.com
Tue Jun 15 12:48:38 CEST 2004
On 15.06.2004 21:43 +0200, Michal Čihař wrote:
> On 15.06.2004 15:42 -0400, Marc Delisle wrote:
> > Michal Čihař a écrit :
> > >Hi all
> > >
> > >Why the hell we need such script?
> > >
> > >http://localhost/pma/open.php?get=/etc/passwd
> > >
> >
> > I was looking for a way to have access to the message files, from the
> > theme manager (where we see the screenshots): themes/index.php. My
> > attempts to do it did not work, so Michael came up with this solution.
> >
> > Always open to improvement :)
>
> Why not to put that code to themes/index.php. It would mean we have to
> hardcode $cfg['ThemePath'], but I don't see any problem with this (it
> will just make config a bit lighter).
Or just simply move themes/index.php to themes.php and include that code
inside this script.
--
Regards
Michal Čihař
http://cihar.com
More information about the Developers
mailing list