Fix remote security risk, pointed out by Wolfram Kriesing

author Tomas V.V.Cox <cox@php.net>

Fri, 1 Feb 2002 16:36:32 +0000 (16:36 +0000)

committer Tomas V.V.Cox <cox@php.net>

Fri, 1 Feb 2002 16:36:32 +0000 (16:36 +0000)
author Tomas V.V.Cox <cox@php.net>
Fri, 1 Feb 2002 16:36:32 +0000 (16:36 +0000)
committer Tomas V.V.Cox <cox@php.net>
Fri, 1 Feb 2002 16:36:32 +0000 (16:36 +0000)
diff --git a/pear/DB.php b/pear/DB.php

index 05c871f7012ce9b23fbbb0e9b2ad1ed5bb2032f5..cd89cf75d060a96217a7a1ad73d1dbc0a1acdc45 100644 (file)
--- a/pear/DB.php
+++ b/pear/DB.php
@@ -534,7 +534,9 @@ class DB
                  }
                  foreach ($opts as $opt) {
                      list($key, $value) = explode('=', $opt);
-                    $parsed[$key] = urldecode($value);
+                    if (!isset($parsed[$key])) { // don't allow params overwrite
+                        $parsed[$key] = urldecode($value);
+                    }
                  }
              }
          }
author	Tomas V.V.Cox <cox@php.net>
	Fri, 1 Feb 2002 16:36:32 +0000 (16:36 +0000)
committer	Tomas V.V.Cox <cox@php.net>
	Fri, 1 Feb 2002 16:36:32 +0000 (16:36 +0000)