diff options
author | Michal Čihař <mcihar@suse.cz> | 2011-08-04 16:58:22 +0400 |
---|---|---|
committer | Michal Čihař <mcihar@suse.cz> | 2011-08-04 16:58:22 +0400 |
commit | 4acaf763128928760fd47e75de794a288dc99762 (patch) | |
tree | e25fcd65afcf11bc8c8469f27925b2f2bd0046f6 /file_echo.php | |
parent | f97b5aba9b9458a627503f164fd5dafdac750002 (diff) |
Documentation
Diffstat (limited to 'file_echo.php')
-rw-r--r-- | file_echo.php | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/file_echo.php b/file_echo.php index 00aaee5662..f82985361b 100644 --- a/file_echo.php +++ b/file_echo.php @@ -15,10 +15,15 @@ if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) { 'image/svg+xml' => 'svg', ); + /* Check whether MIME type is allowed */ if (! isset($allowed[$_REQUEST['type']])) { die('Invalid export type'); } + /* + * Check file name to match mime type and not contain new lines + * to prevent response splitting. + */ if (! preg_match('/^[^\n\r]*\.' . $allowed[$_REQUEST['type']] . '$/', $_REQUEST['filename'])) { if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) { /* Add extension */ @@ -32,8 +37,10 @@ if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) { $filename = $_REQUEST['filename']; } + /* Send download header */ PMA_download_header($filename, $_REQUEST['type']); + /* Send data */ if ($allowed[$_REQUEST['type']] != 'svg') { echo base64_decode(substr($_REQUEST['image'], strpos($_REQUEST['image'],',') + 1)); } else { |