[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3_1-12967-g6c92b02

Michal Čihař nijel at users.sourceforge.net
Thu Aug 4 15:09:25 CEST 2011 

The branch, master has been updated
       via  6c92b02f81c2296382d60bd66653d296628e926e (commit)
      from  8fcb4720e2138429df9f9c3a197187882c0c51ef (commit)


- Log -----------------------------------------------------------------
commit 6c92b02f81c2296382d60bd66653d296628e926e
Author: Michal Čihař <mcihar at suse.cz>
Date:   Thu Aug 4 15:08:38 2011 +0200

    Avoid using $_REQUEST all over the code

-----------------------------------------------------------------------

Summary of changes:
 file_echo.php |   10 ++++++----
 1 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/file_echo.php b/file_echo.php
index f829853..2add078 100644
--- a/file_echo.php
+++ b/file_echo.php
@@ -24,13 +24,15 @@ if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) {
      * Check file name to match mime type and not contain new lines
      * to prevent response splitting.
      */
-    if (! preg_match('/^[^\n\r]*\.' . $allowed[$_REQUEST['type']] . '$/', $_REQUEST['filename'])) {
+    $extension = $allowed[$_REQUEST['type']];
+    $valid_match = '/^[^\n\r]*\.' . $extension . '$/';
+    if (! preg_match($valid_match, $_REQUEST['filename'])) {
         if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) {
             /* Add extension */
-            $filename = 'dowload.' . $allowed[$_REQUEST['type']];
+            $filename = 'dowload.' . $extension;
         } else {
             /* Filename is unsafe, discard it */
-            $filename = $_REQUEST['filename'] . '.' . $allowed[$_REQUEST['type']];
+            $filename = $_REQUEST['filename'] . '.' . $extension;
         }
     } else {
         /* Filename from request should be safe here */
@@ -41,7 +43,7 @@ if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) {
     PMA_download_header($filename, $_REQUEST['type']);
 
     /* Send data */
-    if ($allowed[$_REQUEST['type']] != 'svg') {
+    if ($extension != 'svg') {
         echo base64_decode(substr($_REQUEST['image'], strpos($_REQUEST['image'],',') + 1));
     } else {
         echo $_REQUEST['image'];


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list