Re: [Phpmyadmin-devel] Bug with properties system

On 16/08/2012 15:57, Alex Marin wrote:

Ok, this is one of the weirdest bugs I've seen.

If you insert an alert(1), indeed it works, but if you put a $(function() { alert(1); } it doesn't pop up, which means the page isn't fully loaded. So, if you try an alert(document.readyState); it will show you "loading", which means something prevents the page from being fully loaded. The errors shown in the chrome console are:

4Unrecognized Content-Security-Policy directive 'allow' 4Unrecognized Content-Security-Policy directive 'options' 2Uncaught SyntaxError: Unexpected token ILLEGAL (get_image.js.php:239) Uncaught ReferenceError: PMA_getImage is not defined (functions.js:3033)

The first 2 types of errors are related to my chrome version I think (20.0), the illegal characters are some weird � after the last line of code and PMA_getImage() was used before in functions.js, but the first error occurs only at line 3033. The most accessible error seemed to be the one with illegal characters, so I put a comment on the last line, hoping to ignore that unknown string, but with no success.

Taking a look in the get_image.js.php file, I saw that there is a mix of js and php, and, at the end, the js function PMA_getImage() is declared outside of <?php ?> tags. This file is included in the PMA_Header class with: $this->_scripts->addFile( 'get_image.js.php?theme=' . urlencode($_SESSION['PMA_Theme']->getId()) ); Then I noticed that $_SESSION['PMA_Theme']->getPath() was used in get_image.js.php and I remembered that Michal said something earlier about an error with getPath(), so I removed that, but with no success. At this point I was already delusional, so I figured if I remove the theme=PMAHomme variable from the url, maybe I'll avoid something evil. Most shockingly, this worked. But when I wanted to commit, I deleted the comment at the end of get_image.js.php, and the js functions did not trigger again.

This doesn't make much sense to me anymore, but turns out a solution is a combo of commenting the last empty line in get_image.js.php and removing the "theme" GET variable, which I did here [0]. I think there are more rational ways of getting rid of those unknown chars, but I did not manage to find any.

PS: I wouldn't have mistakenly reached this without the already famous rubber duck debugging technique [1].

[0] https://github.com/alexukf/phpmyadmin/commit/6867d605aeb63ddd55e31f18b665d7d... [1] http://en.wikipedia.org/wiki/Rubber_duck_debugging

For me chromium 18 only throws the CSP errors...

I don't see anything weird at the end of get_image.js.php. In your commit, you have one addition and no deletions for that file, so your not commenting anything out, you're just adding a comment. Perhaps you could try to simply add a newline character at the end of the file?

The "theme=someid" parameter is necessary and must not be removed. The idea there is that different themes have different icons embedded in the sprite and that js file is cached on the client side. So the theme id is necessary to invalidate the cache when a user switches themes.

Bye, Rouslan