diff options
| author | Tomas V.V.Cox <cox@php.net> | 2002-02-01 16:36:32 +0000 |
|---|---|---|
| committer | Tomas V.V.Cox <cox@php.net> | 2002-02-01 16:36:32 +0000 |
| commit | 22aee18f0bc4d7d316811cfcf9ddb808440a4df1 (patch) | |
| tree | a0aab92be323d5a79bde1744a6236c1c46956896 | |
| parent | 1cb07caf6308efb06ce7341a54391354bb8a92de (diff) | |
| download | php-git-22aee18f0bc4d7d316811cfcf9ddb808440a4df1.tar.gz | |
Fix remote security risk, pointed out by Wolfram Kriesing
| -rw-r--r-- | pear/DB.php | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/pear/DB.php b/pear/DB.php index 05c871f701..cd89cf75d0 100644 --- a/pear/DB.php +++ b/pear/DB.php @@ -534,7 +534,9 @@ class DB } foreach ($opts as $opt) { list($key, $value) = explode('=', $opt); - $parsed[$key] = urldecode($value); + if (!isset($parsed[$key])) { // don't allow params overwrite + $parsed[$key] = urldecode($value); + } } } } |