bug #4594 [security] Path traversal in file inclusion of GIS factory

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>
phpmyadmin · Nov 20, 2014 · 80cd40b · 80cd40b
1 parent 1bc04ec
commit 80cd40b
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 1 deletion.
diff --git a/ChangeLog b/ChangeLog
@@ -17,6 +17,7 @@ phpMyAdmin - ChangeLog
 - bug #4595 [security] Path traversal can lead to leakage of line count
 - bug #4578 [security] XSS vulnerability in table print view
 - bug #4579 [security] XSS vulnerability in zoom search page
+- bug #4594 [security] Path traversal in file inclusion of GIS factory
 
 4.2.11.0 (2014-10-31)
 - bug       ReferenceError: Table_onover is not defined

diff --git a/libraries/gis/GIS_Factory.class.php b/libraries/gis/GIS_Factory.class.php
@@ -33,7 +33,9 @@ public static function factory($type)
         include_once './libraries/gis/GIS_Geometry.class.php';
 
         $type_lower = strtolower($type);
-        if (! file_exists('./libraries/gis/GIS_' . ucfirst($type_lower) . '.class.php')) {
+        if (! PMA_isValid($type_lower, PMA_Util::getGISDatatypes())
+            || ! file_exists('./libraries/gis/GIS_' . ucfirst($type_lower) . '.class.php')
+        ) {
             return false;
         }
         if (include_once './libraries/gis/GIS_' . ucfirst($type_lower) . '.class.php') {