Security: remove dots in template to avoid a remote code execution vu…

…lnerability
phpmyadmin · Apr 24, 2013 · d3fafdf · d3fafdf
1 parent ffa720d
commit d3fafdf
Showing 1 changed file with 2 additions and 0 deletions.
diff --git a/export.php b/export.php
@@ -272,6 +272,8 @@ function PMA_exportOutputHandler($line)
                 'Export/file_template_table', $filename_template);
         }
     }
+    // remove dots in template to avoid a remote code execution vulnerability
+    $filename_template = str_replace('.', '', $filename_template);
     $filename = PMA_expandUserString($filename_template);
     $filename = PMA_sanitize_filename($filename);