Permalink
Browse files

Security: remove dots in template to avoid a remote code execution vu…

…lnerability
  • Loading branch information...
lem9 committed Apr 20, 2013
1 parent ffa720d commit d3fafdfba0807068196655e9b6d16c5d1d3ccf8a
Showing with 2 additions and 0 deletions.
  1. +2 −0 export.php
View
@@ -272,6 +272,8 @@ function PMA_exportOutputHandler($line)
'Export/file_template_table', $filename_template);
}
}
+ // remove dots in template to avoid a remote code execution vulnerability
+ $filename_template = str_replace('.', '', $filename_template);
$filename = PMA_expandUserString($filename_template);
$filename = PMA_sanitize_filename($filename);

0 comments on commit d3fafdf

Please sign in to comment.