[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_3_1-12967-g6c92b02
Michal Čihař
nijel at users.sourceforge.net
Thu Aug 4 15:09:25 CEST 2011
The branch, master has been updated
via 6c92b02f81c2296382d60bd66653d296628e926e (commit)
from 8fcb4720e2138429df9f9c3a197187882c0c51ef (commit)
- Log -----------------------------------------------------------------
commit 6c92b02f81c2296382d60bd66653d296628e926e
Author: Michal Čihař <mcihar at suse.cz>
Date: Thu Aug 4 15:08:38 2011 +0200
Avoid using $_REQUEST all over the code
-----------------------------------------------------------------------
Summary of changes:
file_echo.php | 10 ++++++----
1 files changed, 6 insertions(+), 4 deletions(-)
diff --git a/file_echo.php b/file_echo.php
index f829853..2add078 100644
--- a/file_echo.php
+++ b/file_echo.php
@@ -24,13 +24,15 @@ if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) {
* Check file name to match mime type and not contain new lines
* to prevent response splitting.
*/
- if (! preg_match('/^[^\n\r]*\.' . $allowed[$_REQUEST['type']] . '$/', $_REQUEST['filename'])) {
+ $extension = $allowed[$_REQUEST['type']];
+ $valid_match = '/^[^\n\r]*\.' . $extension . '$/';
+ if (! preg_match($valid_match, $_REQUEST['filename'])) {
if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) {
/* Add extension */
- $filename = 'dowload.' . $allowed[$_REQUEST['type']];
+ $filename = 'dowload.' . $extension;
} else {
/* Filename is unsafe, discard it */
- $filename = $_REQUEST['filename'] . '.' . $allowed[$_REQUEST['type']];
+ $filename = $_REQUEST['filename'] . '.' . $extension;
}
} else {
/* Filename from request should be safe here */
@@ -41,7 +43,7 @@ if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) {
PMA_download_header($filename, $_REQUEST['type']);
/* Send data */
- if ($allowed[$_REQUEST['type']] != 'svg') {
+ if ($extension != 'svg') {
echo base64_decode(substr($_REQUEST['image'], strpos($_REQUEST['image'],',') + 1));
} else {
echo $_REQUEST['image'];
hooks/post-receive
--
phpMyAdmin
More information about the Git
mailing list