mirror/php-adminer
1
0
Fork 0
mirror of https://github.com/vrana/adminer.git synced 2025-08-07 23:27:17 +02:00
Code Issues Releases Wiki Activity

Security: Disallow writing temporary files to symlinks (bug #855)

Browse Source 
Cc @peterpp
This commit is contained in:
Jakub Vrana
2025-03-16 20:49:52 +01:00
parent 28535bf384
commit 6576fa6a73
3 changed files with 24 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
adminer/include/functions.inc.php
View File

@@ -799,6 +799,9 @@ function get_temp_dir() {
* @return resource or null for error
*/
function file_open_lock($filename) {
if (is_link($filename)) {
return; // https://cwe.mitre.org/data/definitions/61.html
}
$fp = @fopen($filename, "c+"); // @ - may not be writable
if (!$fp) {
return;