Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix #12607: LFI/FD and XSS in the upgrade_unattended.php
  • Loading branch information
vboctor committed Dec 14, 2010
1 parent 2a7fe6d commit 2af6e8d
Showing 1 changed file with 8 additions and 2 deletions.
10 changes: 8 additions & 2 deletions admin/upgrade_unattended.php
Expand Up @@ -92,9 +92,15 @@ function print_test_result( $p_result, $p_hard_fail = true, $p_message = '' ) {
$f_db_exists = gpc_get_bool( 'db_exists', false );

# install the tables
$GLOBALS['g_db_type'] = $f_db_type; # database_api references this
$c_db_type = string_attribute( $f_db_type );
if ( !file_exists( dirname( dirname( __FILE__ ) ) . DIRECTORY_SEPARATOR . 'library' . DIRECTORY_SEPARATOR . 'adodb' . DIRECTORY_SEPARATOR . 'drivers' . DIRECTORY_SEPARATOR . 'adodb-' . $c_db_type . '.php' ) ) {
echo "Invalid db type '$c_db_type'.";
exit;
}

$GLOBALS['g_db_type'] = $c_db_type; # database_api references this
require_once( dirname( __FILE__ ) . DIRECTORY_SEPARATOR . 'schema.php' );
$g_db = ADONewConnection( $f_db_type );
$g_db = ADONewConnection( $c_db_type );

echo "\nPost 1.0 schema changes\n";
echo "Connecting to database... ";
Expand Down

0 comments on commit 2af6e8d

Please sign in to comment.