[Phpmyadmin-devel] Another security issue in new code

Marc Delisle DelislMa at CollegeSherbrooke.qc.ca
Wed Jun 16 05:19:53 CEST 2004


Michal Čihař a écrit :
> On 15.06.2004 21:43 +0200, Michal Čihař wrote:
> 
>>On 15.06.2004 15:42 -0400, Marc Delisle wrote:
>>
>>>Michal Čihař a écrit :
>>>
>>>>Hi all
>>>>
>>>>Why the hell we need such script?
>>>>
>>>>http://localhost/pma/open.php?get=/etc/passwd
>>>>
>>>
>>>I was looking for a way to have access to the message files, from the 
>>>theme manager (where we see the screenshots): themes/index.php. My 
>>>attempts to do it did not work, so Michael came up with this solution.
>>>
>>>Always open to improvement :)
>>
>>Why not to put that code to themes/index.php. It would mean we have to
>>hardcode $cfg['ThemePath'], but I don't see any problem with this (it
>>will just make config a bit lighter).
> 
> 
> Or just simply move themes/index.php to themes.php and include that code
> inside this script.
> 

Ok, Michael is working on this.

Marc




More information about the Developers mailing list