-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Garvin Hicking schrieb:
> Hi!
>
>>> i don't know ... if this is really a security problem we should consider give
>>> our forms a token - and proceed only with valid token
>> IMHO SQL should be escaped (and I wonder it is not).
>
> Actually that's not a solution to the problem. PMA needs to be fed SQL commands,
> and we need to accept the via POST.
yes, but we should escape it before displaying in browser
> The only way to not allow XSRF/CSRF is to put tokens into the form. BUT putting
> token into the form means to things:
>
> 1. We need to utilize sessions. Only via sessions, form tokens could be easily
> implemented, because a server-token needs to be compared with a client-token.
sessions already utilized
> 2. Implementing the tokens might be needed on virtually every <form> PMA has.
> That'a a buttload full of work to do. ;)
this can easily be implemented via PMA_generate_common_hidden_inputs();
also this token needs to be sent with get-requests/links
- --
Sebastian Mendel
www.sebastianmendel.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
iD8DBQFER0dNX/0lClpZDr4RAmOiAJoD8jw4y+7/2/ieyeBkkx++iEB+NACfQxUL
JN5eU9DXDHT79piRTZxem4c=
=qRtC
-----END PGP SIGNATURE-----
Hi,
please try this:
echo MYSQLI_TYPE_TINY . " " . MYSQLI_TYPE_CHAR;
On my server (client lib 4.1.12) I get
1 1
This means I cannot detect correctly a TINYINT, leading to a weird
$primary_key condition that thinks it has to convert a string.
Marc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
did i miss something or is a call to PMA_safe_db_list(true, ...)
absolute senseless?
- --
Sebastian Mendel
www.sebastianmendel.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
iD8DBQFEPofYX/0lClpZDr4RAn3hAJ4rU0aSappmh321HmmXxrWhUFYeoACgp1qk
wQMtkfBw9HBaL8JmMMQhhMI=
=+kCM
-----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
can you please test the server_databases.php?
the list is now limited to $GLOBALS['cfg']['MaxDbList']
and has navigation
the most speed improvement should be for MySQL 5 and natural order
disabled in phpMyAdmin
- --
Sebastian Mendel
www.sebastianmendel.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
iD8DBQFEPlfGX/0lClpZDr4RAmXYAKCvrszjtvZKBJlOoeOoo9k7SsnEdwCgt7m1
BvjFUYLQrHTeMFrllKuTSWo=
=1c+i
-----END PGP SIGNATURE-----
Hi,
trying to debug the case of slow behavior with 4400 databases.
http://sourceforge.net/tracker/index.php?func=detail&aid=1466527&group_id=2…
In header.inc.php:
require_once './libraries/header_http.inc.php';
echo "trace before";
require_once './libraries/header_meta_style.inc.php';
echo "trace after";
When I click a db name on the left panel, I get 20 seconds between the
"before" and "after". Can't find what is happening in
header_meta_style.inc.php. There are some calls to
PMA_generate_commun_url() but it does not seem to be the problem.
Of course, on a server with 20 databases the transition between "before"
and "after" is immediate.
Ideas, someone?
Marc
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi (Marc),
how do decide or where do you look for the changes you note in the
release note?
just to be sure if i commit something and i think its important it is
noted in the release note.
- --
Sebastian Mendel
www.sebastianmendel.de
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (MingW32)
iD8DBQFEPizfX/0lClpZDr4RAqFSAJ9C/UZOS0DdY8Mg0cbcUJqfGeKHIwCfeni8
XEAdX4eQKm2QxAjtBW0UAs8=
=na7r
-----END PGP SIGNATURE-----
Hi,
looks like today's commits broke something. Trying to browse a table:
Warning: mysqli_fetch_fields() [function.mysqli-fetch-fields]: Couldn't
fetch mysqli_result in /libraries/dbi/mysqli.dbi.lib.php on line 399
Notice: Trying to get property of non-object in
/libraries/display_tbl.lib.php on line 127
I get problems in mysql or mysqli.
Confirm, anyone?
Marc
Hi,
our CVS has been migrated to https://svn.sourceforge.net/svnroot/phpmyadmin.
Remember, this is for test purposes only.
I think it's better to not activate the "subversion" menu on our project
page for now. SVN data is accessible even without this menu being active.
Marc
Hi all
what about moving to subversion? ;-)
It is a bit better than CVS (eg. handles renames, handles changesets
per repository and not per file), SF provides migration, there should
be no delay between anonymous and developer access (there is single
server for both).
--
Michal Čihař | http://cihar.com