[Phpmyadmin-devel] file_echo.php
Michal Čihař
michal at cihar.com
Thu Aug 4 19:45:27 CEST 2011
Hi
Dne Thu, 4 Aug 2011 19:37:43 +0200
Dieter Adriaenssens <dieter.adriaenssens at gmail.com> napsal(a):
> Just a question about the code :
>
> $extension = $allowed[$_REQUEST['type']];
> $valid_match = '/^[^\n\r]*\.' . $extension . '$/';
> if (! preg_match($valid_match, $_REQUEST['filename'])) {
> if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) {
> /* Add extension */
> $filename = 'dowload.' . $extension;
> } else {
> /* Filename is unsafe, discard it */
> $filename = $_REQUEST['filename'] . '.' . $extension;
> }
>
> 1) Shouldn't the two comments in the then/else be switched?
> 2) 'dowload', is this a typo?
Both fixed, thanks for spotting it.
--
Michal Čihař | http://cihar.com | http://phpmyadmin.cz
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20110804/c5b4fa52/attachment.sig>
More information about the Developers
mailing list