[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3_1-12928-gb9a7ac7
Michal Čihař
nijel at users.sourceforge.net
Thu Aug 4 14:06:46 CEST 2011
The branch, master has been updated
via b9a7ac74251c490c67dae063e3cf4bb637cce288 (commit)
from fc7a273edabc88a3b28d0fa6affcf5916435100f (commit)
- Log -----------------------------------------------------------------
commit b9a7ac74251c490c67dae063e3cf4bb637cce288
Author: Michal Čihař <mcihar at suse.cz>
Date: Thu Aug 4 14:06:27 2011 +0200
Avoid skiping authentication and token check
-----------------------------------------------------------------------
Summary of changes:
file_echo.php | 17 +++++++----------
1 files changed, 7 insertions(+), 10 deletions(-)
diff --git a/file_echo.php b/file_echo.php
index 95689a4..da8baa0 100644
--- a/file_echo.php
+++ b/file_echo.php
@@ -5,30 +5,27 @@
*
* @package phpMyAdmin
*/
-
-
-define('PMA_MINIMUM_COMMON', true);
require_once './libraries/common.inc.php';
if(isset($_REQUEST['filename']) && isset($_REQUEST['image'])) {
$allowed = Array( 'image/png'=>'png', 'image/svg+xml'=>'svg');
-
+
if (! isset($allowed[$_REQUEST['type']])) exit('Invalid export type');
-
+
if (! preg_match("/(".implode("|",$allowed).")$/i", $_REQUEST['filename']))
$_REQUEST['filename'] .= '.' . $allowed[$_REQUEST['type']];
-
+
downloadHeader($_REQUEST['filename'],$_REQUEST['type']);
if ($allowed[$_REQUEST['type']] != 'svg')
echo base64_decode(substr($_REQUEST['image'], strpos($_REQUEST['image'],',') + 1));
else
echo $_REQUEST['image'];
-
+
exit();
}
-
+
if(isset($_REQUEST['monitorconfig'])) {
downloadHeader('monitor.cfg','application/force-download');
echo urldecode($_REQUEST['monitorconfig']);
@@ -38,7 +35,7 @@ if(isset($_REQUEST['monitorconfig'])) {
if(isset($_REQUEST['import'])) {
echo '<html><body>' . file_get_contents($_FILES['file']['tmp_name']) . '</body></html>';
exit();
-}
+}
exit('Invalid request');
@@ -49,4 +46,4 @@ function downloadHeader($file,$type) {
header("Content-Type: ".$type);
header("Content-Transfer-Encoding: binary");
}
-?>
\ No newline at end of file
+?>
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list