Hi!
+foreach( $_GET as $key => $val ) {
- if ( ! in_array( $key, $drops ) ) {
$url_querys[] = $key . '=' . $val;- }
allows for XSS attacks to index.php which outputs remote input HTML/JS code.
uuh, sorry fixed this with
$url_querys[] = urlencode( $key ) . '=' . urlencode( $val );
Okay, I think this should be safe enough (tm) ;)
Added to that, it seems your patch kills the $cfg['LeftFrameTableSeparator'] functionality of nested table groups in non-light mode. It seems you removed all the PMA_nestedSet() functionality without proper replacement of its content?
did you tried? or took you just a look at the code?
I applied the codes, yes. I looked at my main table which contains 266 tables with many "_" separators, which don'T work anymore. But then I looked at a second database with only 4 tables, they were grouped properly - so I think there must just be a bug left in the generation code?
I set theSeparator to "_" and have this list of tables:
access accesslog aggregator_category aggregator_category_feed aggregator_category_item aggregator_feed aggregator_item authmap be_groups be_sessions be_users blocks book boxes cache cache_hash cache_imagesizes cache_md5params cache_pages cache_pagesection cache_typo3temp_log comments contact directory fe_groups fe_session_data fe_sessions fe_users files filter_formats filters flood forum fud26_action_log fud26_ann_forums fud26_announce fud26_attach fud26_avatar fud26_blocked_logins fud26_buddy fud26_cat fud26_custom_tags fud26_email_block fud26_ext_block fud26_fc_view fud26_fl_1 fud26_fl_pm fud26_forum fud26_forum_notify fud26_forum_read fud26_group_cache fud26_group_members fud26_group_resources fud26_groups fud26_index fud26_ip_block fud26_level fud26_mime fud26_mlist fud26_mod fud26_mod_que fud26_msg fud26_msg_report fud26_nntp fud26_pmsg fud26_poll fud26_poll_opt fud26_poll_opt_track fud26_read fud26_replace fud26_search fud26_search_cache fud26_ses fud26_smiley fud26_stats_cache fud26_themes fud26_thr_exchange fud26_thread fud26_thread_notify fud26_thread_rate_track fud26_title_index fud26_tv_1 fud26_user_ignore fud26_users history locales_meta locales_source locales_target menu moderation_filters moderation_roles moderation_votes node node_access node_comment_statistics node_counter node_revisions pages pages_language_overlay permission poll poll_choices profile_fields profile_values role search_index search_total sequences serendipity_GROUPS_authorgroups serendipity_GROUPS_authors serendipity_GROUPS_category serendipity_GROUPS_comments serendipity_GROUPS_config serendipity_GROUPS_entries serendipity_GROUPS_entrycat serendipity_GROUPS_entryproperties serendipity_GROUPS_exits serendipity_GROUPS_groupconfig serendipity_GROUPS_groups serendipity_GROUPS_images serendipity_GROUPS_permalinks serendipity_GROUPS_plugins serendipity_GROUPS_references serendipity_GROUPS_referrers serendipity_GROUPS_suppress serendipity_MERGE_aggregator_feeds serendipity_MERGE_authors serendipity_MERGE_category serendipity_MERGE_comments serendipity_MERGE_config serendipity_MERGE_entries serendipity_MERGE_entrycat serendipity_MERGE_entryproperties serendipity_MERGE_entrytags serendipity_MERGE_exits serendipity_MERGE_images serendipity_MERGE_karma serendipity_MERGE_karmalog serendipity_MERGE_plugins serendipity_MERGE_references serendipity_MERGE_referrers serendipity_MERGE_shoutbox serendipity_MERGE_spamblocklog serendipity_MERGE_suppress serendipity_NOUTF8access serendipity_NOUTF8authorgroups serendipity_NOUTF8authors serendipity_NOUTF8category serendipity_NOUTF8comments serendipity_NOUTF8config serendipity_NOUTF8entries serendipity_NOUTF8entrycat serendipity_NOUTF8entryproperties serendipity_NOUTF8exits serendipity_NOUTF8groupconfig serendipity_NOUTF8groups serendipity_NOUTF8images serendipity_NOUTF8permalinks serendipity_NOUTF8plugincategories serendipity_NOUTF8pluginlist serendipity_NOUTF8plugins serendipity_NOUTF8references serendipity_NOUTF8referrers serendipity_NOUTF8suppress serendipity_SVN_access serendipity_SVN_aggregator_feedcat serendipity_SVN_aggregator_feeds serendipity_SVN_aggregator_md5 serendipity_SVN_authorgroups serendipity_SVN_authors serendipity_SVN_category serendipity_SVN_categorytemplates serendipity_SVN_comments serendipity_SVN_config serendipity_SVN_entries serendipity_SVN_entrycat serendipity_SVN_entryproperties serendipity_SVN_entrytags serendipity_SVN_exits serendipity_SVN_groupconfig serendipity_SVN_groups serendipity_SVN_guestbook serendipity_SVN_images serendipity_SVN_karma serendipity_SVN_karmalog serendipity_SVN_link_category serendipity_SVN_links serendipity_SVN_mycalendar serendipity_SVN_pending_authors serendipity_SVN_percentagedone serendipity_SVN_permalinks serendipity_SVN_plugincategories serendipity_SVN_pluginlist serendipity_SVN_plugins serendipity_SVN_polls serendipity_SVN_polls_options serendipity_SVN_profiles serendipity_SVN_project_category serendipity_SVN_project_colors serendipity_SVN_references serendipity_SVN_referrers serendipity_SVN_spamblocklog serendipity_SVN_staticblocks serendipity_SVN_staticpages serendipity_SVN_suppress serendipity_UTF8_access serendipity_UTF8_authorgroups serendipity_UTF8_authors serendipity_UTF8_category serendipity_UTF8_comments serendipity_UTF8_config serendipity_UTF8_entries serendipity_UTF8_entrycat serendipity_UTF8_entryproperties serendipity_UTF8_exits serendipity_UTF8_groupconfig serendipity_UTF8_groups serendipity_UTF8_images serendipity_UTF8_permalinks serendipity_UTF8_plugincategories serendipity_UTF8_pluginlist serendipity_UTF8_plugins serendipity_UTF8_references serendipity_UTF8_referrers serendipity_UTF8_suppress serendipity_authors serendipity_category serendipity_comments serendipity_config serendipity_entries serendipity_entrycat serendipity_entryproperties serendipity_exits serendipity_images serendipity_plugins serendipity_references serendipity_referrers serendipity_suppress sessions static_template static_tsconfig_help sys_be_shortcuts sys_domain sys_filemounts sys_history sys_language sys_lockedrecords sys_log sys_note sys_notepad sys_template system term_data term_hierarchy term_node term_relation term_synonym tt_content tx_impexp_presets url_alias users users_roles variable vocabulary vocabulary_node_types watchdog
So I would expect to get at least groups "serendipity" and "sys" for example, but instead they show up in a singular flat listing...?!
My $cfg['LeftFrameTableLevel'] is set to "2".
If you can't reproduce that I could give you a full SQL dump of my tablesa and send you my config files?
Best regards, Garvin