diff options
author | Michal Čihař <mcihar@suse.cz> | 2011-08-04 16:57:16 +0400 |
---|---|---|
committer | Michal Čihař <mcihar@suse.cz> | 2011-08-04 16:57:16 +0400 |
commit | f97b5aba9b9458a627503f164fd5dafdac750002 (patch) | |
tree | ad59a2849314cad9160b899b16995583774ffb53 /file_echo.php | |
parent | 71db1cb416556dceb50cf984e9f8033d3487f15e (diff) |
Better check for valid filename
Diffstat (limited to 'file_echo.php')
-rw-r--r-- | file_echo.php | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/file_echo.php b/file_echo.php index 7b27ffa3ce..00aaee5662 100644 --- a/file_echo.php +++ b/file_echo.php @@ -19,11 +19,20 @@ if (isset($_REQUEST['filename']) && isset($_REQUEST['image'])) { die('Invalid export type'); } - if (! preg_match("/(".implode("|",$allowed).")$/i", $_REQUEST['filename'])) { - $_REQUEST['filename'] .= '.' . $allowed[$_REQUEST['type']]; + if (! preg_match('/^[^\n\r]*\.' . $allowed[$_REQUEST['type']] . '$/', $_REQUEST['filename'])) { + if (! preg_match('/^[^\n\r]*$/', $_REQUEST['filename'])) { + /* Add extension */ + $filename = 'dowload.' . $allowed[$_REQUEST['type']]; + } else { + /* Filename is unsafe, discard it */ + $filename = $_REQUEST['filename'] . '.' . $allowed[$_REQUEST['type']]; + } + } else { + /* Filename from request should be safe here */ + $filename = $_REQUEST['filename']; } - PMA_download_header($_REQUEST['filename'], $_REQUEST['type']); + PMA_download_header($filename, $_REQUEST['type']); if ($allowed[$_REQUEST['type']] != 'svg') { echo base64_decode(substr($_REQUEST['image'], strpos($_REQUEST['image'],',') + 1)); |