bug #4594 [security] Path traversal in file inclusion of GIS factory

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
phpmyadmin · Nov 17, 2014 · 2e3f0b9 · 2e3f0b9
1 parent 58cdd91
commit 2e3f0b9
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/ChangeLog b/ChangeLog
@@ -4,6 +4,7 @@ phpMyAdmin - ChangeLog
 4.0.10.6 (not yet released)
 - bug #4578 [security] XSS vulnerability in table print view
 - bug #4579 [security] XSS vulnerability in zoom search page
+- bug #4594 [security] Path traversal in file inclusion of GIS factory
 
 4.0.10.5 (2014-10-21)
 - bug #4562 [security] XSS in debug SQL output

diff --git a/libraries/gis/pma_gis_factory.php b/libraries/gis/pma_gis_factory.php
@@ -31,7 +31,9 @@ public static function factory($type)
         include_once './libraries/gis/pma_gis_geometry.php';
 
         $type_lower = strtolower($type);
-        if (! file_exists('./libraries/gis/pma_gis_' . $type_lower . '.php')) {
+        if (! PMA_isValid($type_lower, PMA_Util::getGISDatatypes())
+            || ! file_exists('./libraries/gis/pma_gis_' . $type_lower . '.php')
+        ) {
             return false;
         }
         if (include_once './libraries/gis/pma_gis_' . $type_lower . '.php') {