Hi all!
I have to test it some more more time and with the 2.1.0 old release, but it
seems there is a big problem with the script: it uses everywhere the
'htmlspecialchars' function and then can returns valid rows from the db when
this rows contains one of these html special characters.
Ex: if one set a field with the value "<test>", he can't delete/modify it
from the
links at the browse table because the parameter passed by url is "& lt;test
>".
This is also the case with values stored in hidden form fields.
This is really annoying because if this problem is confirmed, it means near
all
of the scripts will have to be modified to fix it and we will restart
testings from
scartch :(
Loïc, disapointed!
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
Hi,
I warn all members of the phpmyadmin-devel list, that we are receiving
from info(a)dizayn.com copies of the messages sent to the list, with a
worm in them.
Thanks.
Marc.
Hi,
I would like to rephrase this part of Documentation.html:
-----------------
If other people have telnet access to your server, it's not a good idea
to store the MySQL password in clear text in your config.inc.php3 file.
You should use phpMyAdmin's advanced authentification feature in this
case.
------------------
Please look at this question:
http://www.phpwizard.net/phorum/read.php?f=1&i=4087&t=4087
and check/comment my answer.
Marc.
Hi,
what are the privileges required for a normal user X to be able to use
the bookmark features?
I added select, insert, update, delete, index, alter to this user X for
database bookmark, table bookmark, and he does not see the bookmarks.
However a user A with global privileges was able to create bookmarks on
the database X.
User X, in mysql, can see the bookmarks.
Marc.
Hi,
The recently integrated patch does not currently limit CSV data. Was it
supposed to only work for ordinary dumps (INSERT)?
If yes, it would be better to show that those 2 fields are not for CSV.
Marc
As you probably noticed, the SF staff finally processed my
support query, and now there is only one CVS tree: "phpMyAdmin".
To continue to use your work tree @home, just update the "Repository"
file in every CVS/ directory, or start with a new cvs checkout.
Just updated all the links under http://phpmyadmin.sourceforge.net
and the devel-demo is now running under
http://phpmyadmin.sourceforge.net/phpMyAdmin/
Just had a week full of exams, and now a "familly-weekend",
so see you on sunday evening for the rc2 :-).
Regards and have a nice week-end!
Olivier
--
_________________________________________________________________
Olivier Mueller - om(a)8304.ch - PGPkeyID: 0E84D2EA - Switzerland
qmail projects: http://omail.omnis.ch - http://webmail.omnis.ch
Hi Olivier!
>what about adding the limit instruction only if it is not in the
>query string yet ? would just be a regexp...
Already done in the CVS ;)
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
Hi All!
Here are two really annoying bugs I've been reported:
1. select * from aTable where afield <123
select * from aTable where afield like "arg"
Before these kind of queries are submitted to MySQL, the 'htmlspecialchars'
function is applied on them (db_readdump.php3, line 62). Then the '<' and
'"'
characters are replaced by their html entities and, of course, MySQL fails
to run the transformed query.
The question is: does anyone of you knows why the 'htmlspecialchars'
funtion is applied at this stage? I've just tried to comment this line and
can't
face any problem!
2. select * from link LIMIT 1,5
This kind of query always fails because of an invalid derived query at lines
82-94 in sql.php3
Greets,
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
Hi Steve & all!
I hope to have fixed bug #1 I've sent a message about
yesterday (select * from aTable where afield <123 or
select * from aTable where afield like "arg").
I have to do some more testings but with a bit of luck
the fix will be on the CVS in the afternoon.
Once upon a time, Steve wrote:
>"show table status from aTable"
>this results a lot of warnings plus
>Can't read dir of './aTable/' (Errcode: 2)
>The Problem is in line 79 in sql.php3.
Well I'm afraid this is not a valid statement. According to the
manual it should look like:
SHOW TABLE STATUS [FROM db_name] [LIKE tbl_name]
Regards,
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
The two bug should have been fixed in the CVS tree.
Hope these changes don't break something else.
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif