Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Disable creating SQLite databases with extension other than db, sdb, …

…sqlite
  • Loading branch information...
commit 51e609c4619e366856941e47fb22e3d2f7b8349f 1 parent 644c355
Jakub Vrána authored
Showing with 19 additions and 1 deletion.
  1. +18 −1 adminer/drivers/sqlite.inc.php
  2. +1 −0  changes.txt
19 adminer/drivers/sqlite.inc.php
View
@@ -344,13 +344,27 @@ function error() {
function exact_value($val) {
return q($val);
}
-
+
+ function check_sqlite_name($name) {
+ // avoid creating PHP files on unsecured servers
+ global $connection;
+ $extensions = "db|sdb|sqlite";
+ if (!preg_match("~^[^\\0]*\\.($extensions)\$~", $name)) {
+ $connection->error = lang('Please use one of the extensions %s.', str_replace("|", ", ", $extensions));
+ return false;
+ }
+ return true;
+ }
+
function create_database($db, $collation) {
global $connection;
if (file_exists($db)) {
$connection->error = lang('File exists.');
return false;
}
+ if (!check_sqlite_name($db)) {
+ return false;
+ }
$link = new Min_SQLite($db); //! exception handler
$link->query('PRAGMA encoding = "UTF-8"');
$link->query('CREATE TABLE adminer (i)'); // otherwise creates empty file
@@ -372,6 +386,9 @@ function drop_databases($databases) {
function rename_database($name, $collation) {
global $connection;
+ if (!check_sqlite_name($name)) {
+ return false;
+ }
$connection->Min_SQLite(":memory:");
$connection->error = lang('File exists.');
return @rename(DB, $name);
1  changes.txt
View
@@ -1,5 +1,6 @@
Adminer 3.0.1-dev:
Send the form by Ctrl+Enter in all textareas
+Disable creating SQLite databases with extension other than db, sdb, sqlite
Catalan translation
Adminer 3.0.0 (released 2010-10-15):
Please sign in to comment.
Something went wrong with that request. Please try again.