[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3_1-12961-g4acaf76
Michal Čihař
nijel at users.sourceforge.net
Thu Aug 4 14:58:37 CEST 2011
The branch, master has been updated
via 4acaf763128928760fd47e75de794a288dc99762 (commit)
via f97b5aba9b9458a627503f164fd5dafdac750002 (commit)
from 71db1cb416556dceb50cf984e9f8033d3487f15e (commit)
- Log -----------------------------------------------------------------
commit 4acaf763128928760fd47e75de794a288dc99762
Author: Michal Čihař <mcihar at suse.cz>
Date: Thu Aug 4 14:58:22 2011 +0200
Documentation
commit f97b5aba9b9458a627503f164fd5dafdac750002
Author: Michal Čihař <mcihar at suse.cz>
Date: Thu Aug 4 14:57:16 2011 +0200
Better check for valid filename
-----------------------------------------------------------------------
Summary of changes:
file_echo.php | 22 +++++++++++++++++++---
1 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/file_echo.php b/file_echo.php
index 7b27ffa..f829853 100644
--- a/file_echo.php
+++ b/file_echo.php
@@ -15,16 +15,32 @@ if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) {
'image/svg+xml' => 'svg',
);
+ /* Check whether MIME type is allowed */
if (! isset($allowed[$_REQUEST['type']])) {
die('Invalid export type');
}
- if (! preg_match("/(".implode("|",$allowed).")$/i", $_REQUEST['filename'])) {
- $_REQUEST['filename'] .= '.' . $allowed[$_REQUEST['type']];
+ /*
+ * Check file name to match mime type and not contain new lines
+ * to prevent response splitting.
+ */
+ if (! preg_match('/^[^\n\r]*\.' . $allowed[$_REQUEST['type']] . '$/', $_REQUEST['filename'])) {
+ if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) {
+ /* Add extension */
+ $filename = 'dowload.' . $allowed[$_REQUEST['type']];
+ } else {
+ /* Filename is unsafe, discard it */
+ $filename = $_REQUEST['filename'] . '.' . $allowed[$_REQUEST['type']];
+ }
+ } else {
+ /* Filename from request should be safe here */
+ $filename = $_REQUEST['filename'];
}
- PMA_download_header($_REQUEST['filename'], $_REQUEST['type']);
+ /* Send download header */
+ PMA_download_header($filename, $_REQUEST['type']);
+ /* Send data */
if ($allowed[$_REQUEST['type']] != 'svg') {
echo base64_decode(substr($_REQUEST['image'], strpos($_REQUEST['image'],',') + 1));
} else {
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list