Developers

developers@phpmyadmin.net

2 participants
7003 discussions

Re: [Phpmyadmin-devel] What are the chances that irrelevant translations would go unnoticed?
by Michal Čihař 02 Jul '14

02 Jul '14

Hi Dne Wed, 2 Jul 2014 16:02:23 +0530 Chirayu Chiripal <chirayu.chiripal(a)gmail.com> napsal(a): > I have seen few translations using html tags in them. I was shocked, that > why html tags are allowed in translations. > Isn't it possible that someone can insert tags like this <script src=" > http://www.some-phishing-site.com/simple.js"></script> with the translation > and can be used to attack users of particular language?? Technically it is possible, though markup changes is something I always check (Weblate has flag for this, so it's quite easy to review), so that will not get in. Indeed it would be better to use always just bbcode and pass all strings though PMA_sanitize(), but that means somebody would have to go through the code and fix the messages :-). PS: I hope you don't mind bringing this back to -devel list. -- Michal Čihař | http://cihar.com | http://blog.cihar.com

1 0

[Phpmyadmin-devel] XSS safe checks
by Edward Cheng 02 Jul '14

02 Jul '14

Hi, >From this comment: https://github.com/phpmyadmin/phpmyadmin/commit/fb14e92d62a1d9990bfd4d77970… I find I save a bookmark which label named "<script>alert("XSS");</script>", it runs while I click SQL tab. Is it safe enough? Should we add htmlspecialchars() to INSERT query included functions(e.g. PMA_Bookmark_save)? -- Edward Cheng

3 3

[Phpmyadmin-devel] What are the chances that irrelevant translations would go unnoticed?
by Chirayu Chiripal 02 Jul '14

02 Jul '14

Hi, Just out of curiosity, What I am trying to ask here is that suppose someone makes a non sensible translation of a message in some language then who reviews it for its accuracy? What are the chances that such translations would go unnoticed? -- Regards, Chirayu Chiripal phpMyAdmin Intern - Google Summer of Code 2014 https://chirayuchiripal.wordpress.com/

2 1

[Phpmyadmin-devel] Refactoring: Designer/schema integration
by Bimal Yashodha 01 Jul '14

01 Jul '14

Hi all, As a means of improving the usability of the designer, I'm trying to implement a method to use "designer", without explicitly configuring all the designer related tables, as my next task. For this I'm using the browser local storage technology. After going through all available client side storage mechanisms, I came across with two possible mechanisms. - Web Sql database - Indexed database Although the "Web Sql" provides "SQL" functionalities, I's deprecated now. The Index database would be a ideal solution as it combines the strengths of web storage and web sql. And also, the browser support is good. So for this task I'll be using the indexed DB. I'd like to get any feedback on this. Thanks, Bimal.

3 4

[Phpmyadmin-devel] about the new error reporting at PHP level
by Marc Delisle 01 Jul '14

01 Jul '14

Hi, Since the new error reporting at the PHP level, errors that were "hidden" using the at sign (for example, @fopen) are now displayed, with the possibility of sending a report. Do we now have to handle the situation differently (with try/catch) to avoid this error reporting? In the case I mention, there is no need to show the error report, as the situation is already handled by checking what fopen() returns. -- Marc Delisle | phpMyAdmin

2 1

[Phpmyadmin-devel] Selenium set up and writing tests
by Smita 01 Jul '14

01 Jul '14

Hi All, I wanted to have some starting pointer on how to set up the selenium sever on my system (I use Ubuntu), start with writing the tests and how to run those tests for phpMyAdmin system. It would be great help if anyone can points me to right direction. I browsed the web, but didn't find anything very helpful in starting from scratch. Thanks and Regards - Smita Kumari

2 2

[Phpmyadmin-devel] Normalization and unique keys / primary keys
by Marc Delisle 30 Jun '14

30 Jun '14

Hi Smita, in your blog you are seeking suggestions about asking in the 1NF phase, for unique key or primary key (as the PK will be necessary in the 2NF phase). It will be better to directly ask for a PK in the 1NF phase. You can do this in your next pull request, however; it will be better to finish the pull request 1257 with the issues already discussed, without introducing this new issue right now. -- Marc Delisle | phpMyAdmin

2 1

[Phpmyadmin-devel] Drag and drop sql import - help
by Minhaz A V 29 Jun '14

29 Jun '14

Hi I need some help here, to implement a drag and drop I need to do some UI tweak, like there need to be a <div> to be shown in case of dragover event, and we need another to show the upload status! Also I need help with design here: How I'm planning it is: 1. User drops a file at any page! (logged in) 2. the dropped files if (sql) are uploaded asynchronously and the status of upload is shown somewhere in bottom right corner. 3. At the backend the uploaded sql is parsed and output is sent back as JSON and once the object has been received, the pagecontent is replaced with the received output! (as happens for any other request in PMA) I need help with which file I might need to edit, to add a div to the common UI! for js part I'll add codes to AJAX.js Also I sent few attachments to the same thread, but I guess moderator needs to allow it first. It had screenshots of UI I was planning! Minhaz, minhaz.cistoner.org || cistoner.org

5 23

[Phpmyadmin-devel] Unexpected behavior of 'export' in case of error
by Ashutosh Dhundhara 27 Jun '14

27 Jun '14

Hi, I was looking into RFE #856 (Catch ability for MySQL errors during export.) where I found some unexpected behavior. Scenario: Lets say I have '$cfg['SaveDir'] = 'upload';' directive set in my 'config.inc.php'. So I can now save the exported file directly on the server. I am now exporting a table 'table_1' into 'table_1.sql' with 'Overwrite existing file(s)'checkbox disabled. The file 'table_1.sql' already exists in the 'upload' directory. So now when I click 'Go', I should get an error message: 'File table_1.sql already exists on server, change filename or check overwrite option.' but instead I am being redirected to PMA homepage. I think 'PMA_showExportPage' function on line #317 in 'export.php' is not working properly. Can anybody confirm this issue? -- Ashutosh Dhundhara

2 3

[Phpmyadmin-devel] Field Value Separators in Translation Strings
by Dhananjay Nakrani 27 Jun '14

27 Jun '14

Hi Everyone, I was looking into the translations of PMA. On the translation server, I found strings with colon (:) in them. For example see code at [0]. Shouldn't colon be outside '__()'function? That would keep all the field-value separators like colon away from the translation strings. [0]: https://github.com/phpmyadmin/phpmyadmin/blob/master/index.php#L266 Regards, Dhananjay Nakrani.

3 3

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Developers