From 22aee18f0bc4d7d316811cfcf9ddb808440a4df1 Mon Sep 17 00:00:00 2001
From: "Tomas V.V.Cox" <cox@php.net>
Date: Fri, 1 Feb 2002 16:36:32 +0000
Subject: [PATCH] Fix remote security risk, pointed out by Wolfram Kriesing

---
 pear/DB.php | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/pear/DB.php b/pear/DB.php
index 05c871f701..cd89cf75d0 100644
--- a/pear/DB.php
+++ b/pear/DB.php
@@ -534,7 +534,9 @@ class DB
                 }
                 foreach ($opts as $opt) {
                     list($key, $value) = explode('=', $opt);
-                    $parsed[$key] = urldecode($value);
+                    if (!isset($parsed[$key])) { // don't allow params overwrite
+                        $parsed[$key] = urldecode($value);
+                    }
                 }
             }
         }
-- 
2.50.1