bug #4594 [security] Path traversal in file inclusion of GIS factory

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
phpmyadmin · Nov 20, 2014 · 59557b5 · 59557b5
1 parent 816fa88
commit 59557b5
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/ChangeLog b/ChangeLog
@@ -6,6 +6,7 @@ phpMyAdmin - ChangeLog
 - bug #4595 [security] Path traversal can lead to leakage of line count
 - bug #4578 [security] XSS vulnerability in table print view
 - bug #4579 [security] XSS vulnerability in zoom search page
+- bug #4594 [security] Path traversal in file inclusion of GIS factory
 
 4.1.14.6 (2014-10-21)
 - bug #4562 [security] XSS in debug SQL output

diff --git a/libraries/gis/pma_gis_factory.php b/libraries/gis/pma_gis_factory.php
@@ -33,7 +33,9 @@ public static function factory($type)
         include_once './libraries/gis/pma_gis_geometry.php';
 
         $type_lower = strtolower($type);
-        if (! file_exists('./libraries/gis/pma_gis_' . $type_lower . '.php')) {
+        if (! PMA_isValid($type_lower, PMA_Util::getGISDatatypes())
+            || ! file_exists('./libraries/gis/pma_gis_' . $type_lower . '.php')
+        ) {
             return false;
         }
         if (include_once './libraries/gis/pma_gis_' . $type_lower . '.php') {