diff options
author | Herman van Rink <rink@initfour.nl> | 2011-07-08 23:41:05 +0400 |
---|---|---|
committer | Herman van Rink <rink@initfour.nl> | 2011-07-08 23:43:38 +0400 |
commit | 3ae58f0cd6b89ad4767920f9b214c38d3f6d4393 (patch) | |
tree | b0c59c43972695e596efc90f7ee793f9c757cec4 /schema_export.php | |
parent | 3caa6cbb7ed1b1933c3bded493a2fbc8273d746f (diff) |
[security] Fixed local file inclusion vulnerability and code execution, see PMASA-2011-11
Diffstat (limited to 'schema_export.php')
-rw-r--r-- | schema_export.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/schema_export.php b/schema_export.php index 0a21d3296c..3e1067d55e 100644 --- a/schema_export.php +++ b/schema_export.php @@ -37,7 +37,9 @@ include_once("./libraries/schema/Export_Relation_Schema.class.php"); * default is PDF */ global $db,$export_type; -$export_type = isset($export_type) ? $export_type : 'pdf'; +if (!isset($export_type) || !preg_match('/^[a-zA-Z]+$/', $export_type)) { + $export_type = 'pdf'; +} PMA_DBI_select_db($db); $path = PMA_securePath(ucfirst($export_type)); |