diff options
author | Michal Čihař <mcihar@suse.cz> | 2011-08-04 16:06:27 +0400 |
---|---|---|
committer | Michal Čihař <mcihar@suse.cz> | 2011-08-04 16:06:27 +0400 |
commit | b9a7ac74251c490c67dae063e3cf4bb637cce288 (patch) | |
tree | c0ed9fada249d326126142f19f8d050c9c5a86e7 /file_echo.php | |
parent | fc7a273edabc88a3b28d0fa6affcf5916435100f (diff) |
Avoid skiping authentication and token check
Diffstat (limited to 'file_echo.php')
-rw-r--r-- | file_echo.php | 17 |
1 files changed, 7 insertions, 10 deletions
diff --git a/file_echo.php b/file_echo.php index 95689a4e3a..da8baa0529 100644 --- a/file_echo.php +++ b/file_echo.php @@ -5,30 +5,27 @@ * * @package phpMyAdmin */ - - -define('PMA_MINIMUM_COMMON', true); require_once './libraries/common.inc.php'; if(isset($_REQUEST['filename']) && isset($_REQUEST['image'])) { $allowed = Array( 'image/png'=>'png', 'image/svg+xml'=>'svg'); - + if (! isset($allowed[$_REQUEST['type']])) exit('Invalid export type'); - + if (! preg_match("/(".implode("|",$allowed).")$/i", $_REQUEST['filename'])) $_REQUEST['filename'] .= '.' . $allowed[$_REQUEST['type']]; - + downloadHeader($_REQUEST['filename'],$_REQUEST['type']); if ($allowed[$_REQUEST['type']] != 'svg') echo base64_decode(substr($_REQUEST['image'], strpos($_REQUEST['image'],',') + 1)); else echo $_REQUEST['image']; - + exit(); } - + if(isset($_REQUEST['monitorconfig'])) { downloadHeader('monitor.cfg','application/force-download'); echo urldecode($_REQUEST['monitorconfig']); @@ -38,7 +35,7 @@ if(isset($_REQUEST['monitorconfig'])) { if(isset($_REQUEST['import'])) { echo '<html><body>' . file_get_contents($_FILES['file']['tmp_name']) . '</body></html>'; exit(); -} +} exit('Invalid request'); @@ -49,4 +46,4 @@ function downloadHeader($file,$type) { header("Content-Type: ".$type); header("Content-Transfer-Encoding: binary"); } -?>
\ No newline at end of file +?> |