Hi,
>From this comment:
https://github.com/phpmyadmin/phpmyadmin/commit/fb14e92d62a1d9990bfd4d77970…
I find I save a bookmark which label named
"<script>alert("XSS");</script>", it runs while I click SQL tab.
Is it safe enough? Should we add htmlspecialchars() to INSERT query
included functions(e.g. PMA_Bookmark_save)?
--
Edward Cheng
Hi,
Just out of curiosity,
What I am trying to ask here is that suppose someone makes a non sensible
translation of a message in some language then who reviews it for its
accuracy?
What are the chances that such translations would go unnoticed?
--
Regards,
Chirayu Chiripal
phpMyAdmin Intern - Google Summer of Code 2014
https://chirayuchiripal.wordpress.com/
Hi all,
As a means of improving the usability of the designer, I'm trying to
implement a method to use "designer", without explicitly configuring all
the designer related tables, as my next task. For this I'm using the
browser local storage technology. After going through all available client
side storage mechanisms, I came across with two possible mechanisms.
- Web Sql database
- Indexed database
Although the "Web Sql" provides "SQL" functionalities, I's deprecated now.
The Index database would be a ideal solution as it combines the strengths
of web storage and web sql. And also, the browser support is good.
So for this task I'll be using the indexed DB.
I'd like to get any feedback on this.
Thanks,
Bimal.
Hi,
Since the new error reporting at the PHP level, errors that were
"hidden" using the at sign (for example, @fopen) are now displayed, with
the possibility of sending a report.
Do we now have to handle the situation differently (with try/catch) to
avoid this error reporting? In the case I mention, there is no need to
show the error report, as the situation is already handled by checking
what fopen() returns.
--
Marc Delisle | phpMyAdmin
Hi All,
I wanted to have some starting pointer on how to set up the selenium sever
on my system (I use Ubuntu), start with writing the tests and how to run
those tests for phpMyAdmin system.
It would be great help if anyone can points me to right direction. I
browsed the web, but didn't find anything very helpful in starting from
scratch.
Thanks and Regards
- Smita Kumari
Hi Smita,
in your blog you are seeking suggestions about asking in the 1NF phase,
for unique key or primary key (as the PK will be necessary in the 2NF
phase).
It will be better to directly ask for a PK in the 1NF phase. You can do
this in your next pull request, however; it will be better to finish the
pull request 1257 with the issues already discussed, without introducing
this new issue right now.
--
Marc Delisle | phpMyAdmin
Hi I need some help here, to implement a drag and drop I need to do some UI
tweak, like there need to be a <div> to be shown in case of dragover event,
and we need another to show the upload status!
Also I need help with design here: How I'm planning it is:
1. User drops a file at any page! (logged in)
2. the dropped files if (sql) are uploaded asynchronously and the status of
upload is shown somewhere in bottom right corner.
3. At the backend the uploaded sql is parsed and output is sent back as
JSON and once the object has been received, the pagecontent is replaced
with the received output! (as happens for any other request in PMA)
I need help with which file I might need to edit, to add a div to the
common UI! for js part I'll add codes to AJAX.js
Also I sent few attachments to the same thread, but I guess moderator needs
to allow it first. It had screenshots of UI I was planning!
Minhaz,
minhaz.cistoner.org || cistoner.org
Hi,
I was looking into RFE #856Â (Catch ability for MySQL errors during export.) where I found some unexpected behavior.
Scenario:
Lets say I have '$cfg['SaveDir'] = 'upload';' directive set in my 'config.inc.php'. So I can now save the exported file directly on the server. I am now exporting a table 'table_1' into 'table_1.sql' with 'Overwrite existing file(s)'checkbox disabled. The file 'table_1.sql' already exists in the 'upload' directory.Â
So now when I click 'Go', I should get an error message:
'File table_1.sql already exists on server, change filename or check overwrite option.'
but instead I am being redirected to PMA homepage.
I think 'PMA_showExportPage' function on line #317 in 'export.php' is not working properly. Can anybody confirm this issue?
Â
--
Ashutosh Dhundhara
Hi Everyone,
I was looking into the translations of PMA. On the translation server, I
found strings with colon (:) in them.
For example see code at [0].
Shouldn't colon be outside '__()'function? That would keep all the
field-value separators like colon away from the translation strings.
[0]: https://github.com/phpmyadmin/phpmyadmin/blob/master/index.php#L266
Regards,
Dhananjay Nakrani.