Sent from my HTC
----- Reply message -----
From: phpmyadmin-devel-request(a)lists.sourceforge.net
To: <phpmyadmin-devel(a)lists.sourceforge.net>
Subject: Phpmyadmin-devel Digest, Vol 87, Issue 7
Date: Mon, Oct 7, 2013 4:45 PM
Send Phpmyadmin-devel mailing list submissions to
phpmyadmin-devel(a)lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
or, via email, send a message with subject or body 'help' to
phpmyadmin-devel-request(a)lists.sourceforge.net
You can reach the person managing the list at
phpmyadmin-devel-owner(a)lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Phpmyadmin-devel digest..."
Today's Topics:
1. Re: how to allow access to page without token (Michal ?iha?)
2. Re: how to allow access to page without token (Marc Delisle)
3. Re: phpMyAdmin 4.1.0-alpha1 is released (Marc Delisle)
4. Re: how to allow access to page without token (Mohamed Ashraf)
5. phpMyAdmin 4.1.0-alpha2 is released (Marc Delisle)
6. phpMyAdmin 4.0.8 is released (Marc Delisle)
7. phpMyAdmin joins Software Freedom Conservancy (Michal ?iha?)
----------------------------------------------------------------------
Message: 1
Date: Thu, 3 Oct 2013 15:43:47 +0200
From: Michal ?iha? <michal(a)cihar.com>
Subject: Re: [Phpmyadmin-devel] how to allow access to page without
token
To: phpmyadmin-devel(a)lists.sourceforge.net
Message-ID: <20131003154347.3867b599(a)rincewind.suse.cz>
Content-Type: text/plain; charset="utf-8"
Hi
Dne Thu, 3 Oct 2013 15:34:16 +0200
Mohamed Ashraf <mohamed.ashraf.213(a)gmail.com> napsal(a):
yes normally it is but during logout the token is
reset multiple times and
is changed after the page is loaded somewhere so when the
get_scripts.js.php is being fetched an old and invalid token is used thus
the page is not displayed.
here is what happens:
1 - the logout page is requested,
2 - token is reset since the user is not logged in
3 - then the html is created to load the get_scripts file using this new
token which is correct
4 - some time after this the token is reset again. I dont know where this
happens. I output the token in the end of the response class response
method and it is still the same.
5 - the request to the get_script file is made using the old token which is
rejected
I don't see need to load anything from common.inc or do token protection
on get_script, please comment:
https://github.com/phpmyadmin/phpmyadmin/pull/729
--
Michal ?iha? |
http://cihar.com |
http://blog.cihar.com