diff options
| author | Michal Čihař <mcihar@suse.cz> | 2011-08-04 17:08:38 +0400 |
|---|---|---|
| committer | Michal Čihař <mcihar@suse.cz> | 2011-08-04 17:08:38 +0400 |
| commit | 6c92b02f81c2296382d60bd66653d296628e926e (patch) | |
| tree | 85f4306cc0044b5fc7aad65a8cffa0fe504db19d /file_echo.php | |
| parent | 8fcb4720e2138429df9f9c3a197187882c0c51ef (diff) | |
Avoid using $_REQUEST all over the code
Diffstat (limited to 'file_echo.php')
| -rw-r--r-- | file_echo.php | 10 |
1 files changed, 6 insertions, 4 deletions
diff --git a/file_echo.php b/file_echo.php index f82985361b..2add078633 100644 --- a/file_echo.php +++ b/file_echo.php @@ -24,13 +24,15 @@ if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) { * Check file name to match mime type and not contain new lines * to prevent response splitting. */ - if (! preg_match('/^[^\n\r]*\.' . $allowed[$_REQUEST['type']] . '$/', $_REQUEST['filename'])) { + $extension = $allowed[$_REQUEST['type']]; + $valid_match = '/^[^\n\r]*\.' . $extension . '$/'; + if (! preg_match($valid_match, $_REQUEST['filename'])) { if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) { /* Add extension */ - $filename = 'dowload.' . $allowed[$_REQUEST['type']]; + $filename = 'dowload.' . $extension; } else { /* Filename is unsafe, discard it */ - $filename = $_REQUEST['filename'] . '.' . $allowed[$_REQUEST['type']]; + $filename = $_REQUEST['filename'] . '.' . $extension; } } else { /* Filename from request should be safe here */ @@ -41,7 +43,7 @@ if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) { PMA_download_header($filename, $_REQUEST['type']); /* Send data */ - if ($allowed[$_REQUEST['type']] != 'svg') { + if ($extension != 'svg') { echo base64_decode(substr($_REQUEST['image'], strpos($_REQUEST['image'],',') + 1)); } else { echo $_REQUEST['image']; |