Skip to content
Permalink
Browse files Browse the repository at this point in the history
Fix path disclosure, items 1.4.x, 1.5 and 1.6
Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
  • Loading branch information
madhuracj committed Jan 18, 2016
1 parent 75a5582 commit 5aee503
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 6 deletions.
4 changes: 2 additions & 2 deletions setup/frames/form.inc.php
Expand Up @@ -19,9 +19,9 @@

require './libraries/config/setup.forms.php';

$formset_id = isset($_GET['formset']) ? $_GET['formset'] : null;
$formset_id = PMA_isValid($_GET['formset'], 'scalar') ? $_GET['formset'] : null;
$mode = isset($_GET['mode']) ? $_GET['mode'] : null;
if (! isset($forms[$formset_id])) {
if (! isset($forms[$formset_id]) || substr($formset_id, 0, 1) === '_') {
PMA_fatalError(__('Incorrect formset, check $formsets array in setup/frames/form.inc.php!'));
}

Expand Down
4 changes: 2 additions & 2 deletions setup/index.php
Expand Up @@ -12,7 +12,7 @@
*/
require './lib/common.inc.php';

$page = isset($_GET['page']) ? $_GET['page'] : null;
$page = PMA_isValid($_GET['page'], 'scalar') ? $_GET['page'] : null;
$page = preg_replace('/[^a-z]/', '', $page);
if ($page === '') {
$page = 'index';
Expand All @@ -23,7 +23,7 @@
}

// Handle done action info
$action_done = isset($_GET['action_done']) ? $_GET['action_done'] : null;
$action_done = PMA_isValid($_GET['action_done'], 'scalar') ? $_GET['action_done'] : null;
$action_done = preg_replace('/[^a-z_]/', '', $action_done);

PMA_noCacheHeader();
Expand Down
4 changes: 2 additions & 2 deletions setup/validate.php
Expand Up @@ -16,9 +16,9 @@

header('Content-type: application/json');

$ids = isset($_POST['id']) ? $_POST['id'] : null;
$ids = PMA_isValid($_POST['id'], 'scalar') ? $_POST['id'] : null;
$vids = explode(',', $ids);
$vals = isset($_POST['values']) ? $_POST['values'] : null;
$vals = PMA_isValid($_POST['values'], 'scalar') ? $_POST['values'] : null;
$values = json_decode($vals);
if (!($values instanceof stdClass)) {
PMA_fatalError(__('Wrong data'));
Expand Down

0 comments on commit 5aee503

Please sign in to comment.