On Thu, Oct 3, 2013 at 3:25 PM, Michal Čihař michal@cihar.com wrote:
Hi
Dne Thu, 3 Oct 2013 14:49:35 +0200 Mohamed Ashraf mohamed.ashraf.213@gmail.com napsal(a):
I want to allow access to the scripts page without a token and at the
same
time I want to check the current config settings.
Maybe it's better to describe what you want to actually achieve.
I want to know if the user has enabled error reporting or not.
The current method I use to check config settings is by including common.inc.php to the script but the problem is that common.inc.php removes all GET params if the token is incorrect.
That's exactly purpose of token. In case you're doing the request from phpMyAdmin the token is available in session, so including it should not be hard...
yes normally it is but during logout the token is reset multiple times and is changed after the page is loaded somewhere so when the get_scripts.js.php is being fetched an old and invalid token is used thus the page is not displayed.
here is what happens: 1 - the logout page is requested, 2 - token is reset since the user is not logged in 3 - then the html is created to load the get_scripts file using this new token which is correct 4 - some time after this the token is reset again. I dont know where this happens. I output the token in the end of the response class response method and it is still the same. 5 - the request to the get_script file is made using the old token which is rejected
-- Michal Čihař | http://cihar.com | http://blog.cihar.com
October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clk... _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel