Hi
Dne Thu, 3 Oct 2013 15:34:16 +0200
Mohamed Ashraf <mohamed.ashraf.213(a)gmail.com> napsal(a):
yes normally it is but during logout the token is
reset multiple times and
is changed after the page is loaded somewhere so when the
get_scripts.js.php is being fetched an old and invalid token is used thus
the page is not displayed.
here is what happens:
1 - the logout page is requested,
2 - token is reset since the user is not logged in
3 - then the html is created to load the get_scripts file using this new
token which is correct
4 - some time after this the token is reset again. I dont know where this
happens. I output the token in the end of the response class response
method and it is still the same.
5 - the request to the get_script file is made using the old token which is
rejected
I don't see need to load anything from common.inc or do token protection
on get_script, please comment:
https://github.com/phpmyadmin/phpmyadmin/pull/729
--
Michal Čihař |
http://cihar.com |
http://blog.cihar.com