The branch, master has been updated
via 4acaf763128928760fd47e75de794a288dc99762 (commit)
via f97b5aba9b9458a627503f164fd5dafdac750002 (commit)
from 71db1cb416556dceb50cf984e9f8033d3487f15e (commit)
- Log -----------------------------------------------------------------
commit 4acaf763128928760fd47e75de794a288dc99762
Author: Michal Čihař <[email protected]>
Date: Thu Aug 4 14:58:22 2011 +0200
Documentation
commit f97b5aba9b9458a627503f164fd5dafdac750002
Author: Michal Čihař <[email protected]>
Date: Thu Aug 4 14:57:16 2011 +0200
Better check for valid filename
-----------------------------------------------------------------------
Summary of changes:
file_echo.php | 22 +++++++++++++++++++---
1 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/file_echo.php b/file_echo.php
index 7b27ffa..f829853 100644
--- a/file_echo.php
+++ b/file_echo.php
@@ -15,16 +15,32 @@ if (isset($_REQUEST['filename']) &&
isset($_REQUEST['image'])) {
'image/svg+xml' => 'svg',
);
+ /* Check whether MIME type is allowed */
if (! isset($allowed[$_REQUEST['type']])) {
die('Invalid export type');
}
- if (! preg_match("/(".implode("|",$allowed).")$/i",
$_REQUEST['filename'])) {
- $_REQUEST['filename'] .= '.' . $allowed[$_REQUEST['type']];
+ /*
+ * Check file name to match mime type and not contain new lines
+ * to prevent response splitting.
+ */
+ if (! preg_match('/^[^\n\r]*\.' . $allowed[$_REQUEST['type']] . '$/',
$_REQUEST['filename'])) {
+ if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) {
+ /* Add extension */
+ $filename = 'dowload.' . $allowed[$_REQUEST['type']];
+ } else {
+ /* Filename is unsafe, discard it */
+ $filename = $_REQUEST['filename'] . '.' .
$allowed[$_REQUEST['type']];
+ }
+ } else {
+ /* Filename from request should be safe here */
+ $filename = $_REQUEST['filename'];
}
- PMA_download_header($_REQUEST['filename'], $_REQUEST['type']);
+ /* Send download header */
+ PMA_download_header($filename, $_REQUEST['type']);
+ /* Send data */
if ($allowed[$_REQUEST['type']] != 'svg') {
echo base64_decode(substr($_REQUEST['image'],
strpos($_REQUEST['image'],',') + 1));
} else {
hooks/post-receive
--
phpMyAdmin
------------------------------------------------------------------------------
BlackBerry® DevCon Americas, Oct. 18-20, San Francisco, CA
The must-attend event for mobile developers. Connect with experts.
Get tools for creating Super Apps. See the latest technologies.
Sessions, hands-on labs, demos & much more. Register early & save!
http://p.sf.net/sfu/rim-blackberry-1
_______________________________________________
Phpmyadmin-git mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-git
