Hi everybody,
Well, the version 2.1.0.1 was by me and I'm glad to see after
a whole year that you included my fixes to start this branch
on sourceforge.
I saw in ChangeLog (2001-04-28) and in the archive of this
list (Olivier 2001-04-28) that you had problems with
split_string() that is now renamed split_sql_file()...
I saw (in lib.inc.php3 rev 1.1) that you had tried to add
code to remove comments, but as far as I know, comments
can be left out because they don't interfeer, do they ?
The current version (in lib.inc.php3 1.56) is exactly mine
(without my comments though :)) except one line that was added
and that introduces a bug :
if($last_char == $in_string && $char == ")") $in_string = false;
The bug appears if you try to exec 2 SQL queries like that
(from an uploaded file or directly in the query field because
both are handled by the same code) :
INSERT INTO foo(id, text) VALUES ('1', 'I\'m sure that \')# will cause a bug');
INSERT INTO foo(id, text) VALUES ('2', 'Indeed \'); that\'s the case');
ChangeLog says it's the last revewers are :
- 2001-05-30 Pete Kelly for #421889
- 2001-07-02 Marc Delisle for #436108
So what did they mean to do with the line of code ?
Another thing about fame and celebrity (just joking :)):
It would be nice if someone added my name in the ChangeLog
for version 2.1.0.1 ; at that time I didn't dare adding it
because the release was the very first unofficial one...
But it isn't anymore. :)
Benjamin Gandon
Hi again!
>phpMyAdmin have problem with table names like 1234,
>because the table names are not included in
>`` (!not ').
Yep, there is some inconstencies all among the scripts:
sometimes backtits are used for database and table names,
sometimes not. And they aren't used for fields names.
I'm also fixing this while rewriting the scripts to fix the "big
annoying bug".
>i'm not sure if phpMyAdmin on windows systems works
>with this charactars. (`)
Yep, it does.
>can anybody test it and change the code?
I'm afraid too many changes are required to fix this bug now :(
Regards,
Loïc
Hi Stevae & list!
>we have another new problem with binary data inside of
>fields.
>Older phpMyAdmin Versions without the 'htmlspecialchars'
>changes works fine (pre5).
Arg....
>i think it's a problem with 'primary_key' building.
>In lib.inc.php3 we use currently
>addslashes(htmlspecialchars($row[$i]))
>instead of addslashes($row[$i]) ...
Yep, we need some kind of transformations because a primary
key name may contains "annoying" characters, but
htmlspecialchars is not the good function to use: it's urlencode.
And this means lots of changes all among the scripts (I'm
currently working on).
>I hope we have enough time to fix all current problems ...
Well, I'm afraid not if the dead-line is the next week-end :(
Regards,
Loïc
Hi,
we have another new problem with binary data
inside of fields.
Older phpMyAdmin Versions without the 'htmlspecialchars'
changes works fine (pre5).
i think it's a problem with 'primary_key' building.
In lib.inc.php3 we use currently addslashes(htmlspecialchars($row[$i]))
instead of addslashes($row[$i]) ...
to retrace the problem look at the follow code.
first, create this table:
---snip---
CREATE TABLE `Universal_Cache` (
`CID` int(10) unsigned NOT NULL default '0',
`Type` enum('Nexus') NOT NULL default 'Nexus',
`Num` tinyint(3) unsigned NOT NULL default '0',
`LastModify` timestamp(14) NOT NULL,
`Cache` blob NOT NULL
) TYPE=MyISAM COMMENT='Cache';
---snap---
in the second place try to execute this code,
to insert a column with all characters (0-255)
---snip---
for ($all="",$i=0;$i<=255;$i++,$all.=chr($i)){}
$query="insert into Universal_Cache (Cache) values('".AddSlashes($all)."')";
$result=mysql_query($query);
---snap---
this row a now unselectable with phpMyAdmin ... :-(
the current version produce the follow corrupt link:
http://serade/phpMyAdmin/tbl_change.php3?primary_key=+CID+%3D+%270%27+AND+Ty
pe+%3D+%27Nexus%27+AND+Num+%3D+%270%27+AND+LastModify+%3D+%2720010627110806%
27+AND+Cache+%3D+%27%5C0%01%02%03%04%05%06%07%08%09%0A%0B%0C%0D%0E%0F%10%11%
12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F+%21%26quot%3B%23%24%25%26amp%3B%5C
%27%28%29%2A%2B%2C-.%2F0123456789%3A%3B%26lt%3B%3D%26gt%3B%3F%40ABCDEFGHIJKL
MNOPQRSTUVWXYZ%5B%5C%5C%5D%5E_%60abcdefghijklmnopqrstuvwxyz%7B%7C%7D%7E%7F%8
0%81%82%83%84%85%86%87%88%89%8A%8B%8C%8D%8E%8F%90%91%92%93%94%95%96%97%98%99
%9A%9B%9C%9D%9E%9F%A0%A1%A2%A3%A4%A5%A6%A7%A8%A9%AA%AB%AC%AD%AE%AF%B0%B1%B2%
B3%B4%B5%B6%B7%B8%B9%BA%BB%BC%BD%BE%BF%C0%C1%C2%C3%C4%C5%C6%C7%C8%C9%CA%CB%C
C%CD%CE%CF%D0%D1%D2%D3%D4%D5%D6%D7%D8%D9%DA%DB%DC%DD%DE%DF%E0%E1%E2%E3%E4%E5
%E6%E7%E8%E9%EA%EB%EC%ED%EE%EF%F0%F1%F2%F3%F4%F5%F6%F7%F8%F9%FA%FB%FC%FD%FE%
FF%27+&server=1&lang=de&db=Katalogsystem_Main&table=Universal_Cache&pos=0&sq
l_query=SELECT+%2A+FROM+Universal_Cache&goto=tbl_properties.php3
old version:
http://serade/phpMyAdmin/tbl_change.php3?primary_key=+CID+%3D+%270%27+AND+Ty
pe+%3D+%27Nexus%27+AND+Num+%3D+%270%27+AND+LastModify+%3D+%2720010627110806%
27+AND+Cache+%3D+%27%5C0%01%02%03%04%05%06%07%08%09%0A%0B%0C%0D%0E%0F%10%11%
12%13%14%15%16%17%18%19%1A%1B%1C%1D%1E%1F+%21%5C%22%23%24%25%26%5C%27%28%29%
2A%2B%2C-.%2F0123456789%3A%3B%3C%3D%3E%3F%40ABCDEFGHIJKLMNOPQRSTUVWXYZ%5B%5C
%5C%5D%5E_%60abcdefghijklmnopqrstuvwxyz%7B%7C%7D%7E%7F%80%81%82%83%84%85%86%
87%88%89%8A%8B%8C%8D%8E%8F%90%91%92%93%94%95%96%97%98%99%9A%9B%9C%9D%9E%9F%A
0%A1%A2%A3%A4%A5%A6%A7%A8%A9%AA%AB%AC%AD%AE%AF%B0%B1%B2%B3%B4%B5%B6%B7%B8%B9
%BA%BB%BC%BD%BE%BF%C0%C1%C2%C3%C4%C5%C6%C7%C8%C9%CA%CB%CC%CD%CE%CF%D0%D1%D2%
D3%D4%D5%D6%D7%D8%D9%DA%DB%DC%DD%DE%DF%E0%E1%E2%E3%E4%E5%E6%E7%E8%E9%EA%EB%E
C%ED%EE%EF%F0%F1%F2%F3%F4%F5%F6%F7%F8%F9%FA%FB%FC%FD%FE%FF%27+&server=1&lang
=de&db=Katalogsystem_Main&table=Universal_Cache&pos=0&sql_query=SELECT+%2A+F
ROM+Universal_Cache&goto=tbl_properties.php3
I hope we have enough time to fix all current problems ...
Regards,
--
Steve
Just seen under http://sourceforge.net/project/showfiles.php?group_id=23067:
2.2.0rc1 2001-07-04 17:00
phpMyAdmin-2.2.0rc1.tar.gz 128432 8,181
phpMyAdmin-2.2.0rc1.zip 193737 14,967
==========
23'148
Wow, more than 23'000 downloads for the rc1, what will it be
with the final version :-). Conclusion: we'd better prepare
a "perfect" release!
Cheers,
Olivier
--
_________________________________________________________________
Olivier Mueller - om(a)8304.ch - PGPkeyID: 0E84D2EA - Switzerland
qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch
On Sun, 6 May 2001, Robin wrote:
>For the majority of my recent projects I have validating
>against the XHTML 1.0 Transitional DTD, and I find it
>renders nicely in the great majority of browsers out there,
>bar a few really old netscapes and IE's.
>Having a DTD and conforming to it 100% would be a
>majority improvment to our code.
You have my fully agreement on this point :)
>I would suggest:
>/stylesheet.php
>/css/common.css
>/css/(charset|language|some-identifer).css
>Stylesheet.php should include common and the correct
>other stylesheet.
>And it would be called as:
><link rel="STYLESHEET" type="text/css" href="/stylesheet.php?charset=en" />
Well the only things that may differ inside the stylesheet
from one language to another are the font face and the
font size. Then I'm not sure three file are required.
Moreover you know how crappy is NN4 with CSS:
for example a child selector rarely inherit the rules applied
to its parent. In our case it means the font face may have
to be repeated inside each of the selector defnition.
With this is mind, I'm unfortunatly not sure a common css can be used.
Actually we faced the problem with
phpMyChat, that's the reason why I can detail.
My suggestion is only one file (let's say 'stylesheet.php') called this way:
<?php
$css_url = urlencode("/stylesheet.php?fontFace=$strFontFace&
textDirection=$strTextDirection");
?>
<link rel="stylesheet" type="text/css" href="<?php echo $css_url; ?>" />
>Veni, Vidi, Conferotuli
Veni, Vidi, Vinci... quid nomino leo :p
(I came, I saw, I won... because I'm the Lion)
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
Hello, bonsoir,
The second Release Candidate for version 2.2.0 is available from:
http://phpmyadmin.sourceforge.net/
ChangeLog (huge!): http://phpmyadmin.sourceforge.net/ChangeLog.txt
Final release is scheduled on the 22. July, so that's the last
moment to submit your bug reports on the sourceforge trackers!
Thanks in advance.
Regards,
Olivier/swix, for the devel team.
--
_________________________________________________________________
Olivier Mueller - om(a)8304.ch - PGPkeyID: 0E84D2EA - Switzerland
qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch
Hi Olivier & list!
>Just came back from week-end. Is the cvs tree "rc2-ready",
>or should I rather wait until the "Big Problem-bug" is solved ? :)
I'm afraid the "Big Problem-bug" won't be solved in the 2.2.0 release:
it requires too much work to be fixed within a few days :(
So roll the rc2 BUT before it would be nice that someone with a *x
OS removes all the remaining "^M" characters at the end of some
lines among the scripts.
Greets,
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
Hallo,
Just came back from week-end. Is the cvs tree "rc2-ready",
or should I rather wait until the "Big Problem-bug" is solved ? :)
Greetings from a 200% rainy day in Switzerland,
Olivier
--
_________________________________________________________________
Olivier Mueller - om(a)8304.ch - PGPkeyID: 0E84D2EA - Switzerland
qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch
Hi Jocelyn!
>In this case, why not trying :
>$variable=preg_replace("/&#/","&#",$variable);
>I think it's a good turnaround for the < and > problem.
Well that's not really the problem: using 'htmlspecialchars' each time a
field
value is passed by url or by a form means that (from the php manual):
'&' (ampersand) becomes '&'
'"' (double quote) becomes '"' when ENT_NOQUOTES is not set.
''' (single quote) becomes ''' only when ENT_QUOTES is set.
'<' (less than) becomes '<'
'>' (greater than) becomes '>'
As you can see the result is that, depending on some configuration settings
(first annoyance), cetrains values will contain '&#', others '&' only.
But there is a second problem: if you submit from the dedicated textarea the
query:
"DELETE from a_table WHERE a_field = '<test>'"
.... it won't be applied the 'htmlspecialchars' function, but the hidden
field
defines in the same form does!
So a patch for the problem we are facing must take into account the way
the query has been submitted.
Here is the scheme of what has to be done :
1. since...:
- ... the only problem with these html special characters is actually the
double quotes when they are contained in the value of a form input...
- ... and ENT_NOQUOTES may be set...
... no long use htmlspecialchars but "str_replace('"', '"',
$the_value)"
and this only if $the_value is used as the value of a form input.
2. When 'sql.php3' is run and for each of the variables this script is sent,
detect if the variable has been submitted as a predefined value of a
form and, in this case, do a "str_replace('"', '"', $the_value)"
to use this value in the SQL query.
As you may imagine, that's not so trivial to do!
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif