3 Oct
2013
3 Oct
'13
3:49 p.m.
I want to allow access to the scripts page without a token and at the same
time I want to check the current config settings. The current method I use
to check config settings is by including common.inc.php to the script but
the problem is that common.inc.php removes all GET params if the token is
incorrect.
Is there another way to get the config settings other than including
common.inc.php
--
Mohamed Ashraf
3 Oct
3 Oct
4:17 p.m.
Mohamed Ashraf a écrit :
I want to allow access to the scripts page without a
token and at the same
time I want to check the current config settings. The current method I use
to check config settings is by including common.inc.php to the script but
the problem is that common.inc.php removes all GET params if the token is
incorrect.
Is there another way to get the config settings other than including
common.inc.php
Did you try
require_once './libraries/Config.class.php';
$GLOBALS['PMA_Config'] = new PMA_Config(CONFIG_FILE);
--
Marc Delisle
http://infomarc.info
4:25 p.m.
Hi
Dne Thu, 3 Oct 2013 14:49:35 +0200
Mohamed Ashraf <mohamed.ashraf.213(a)gmail.com> napsal(a):
I want to allow access to the scripts page without a
token and at the same
time I want to check the current config settings.
Maybe it's better to describe what you want to actually achieve.
The current method I use
to check config settings is by including common.inc.php to the script but
the problem is that common.inc.php removes all GET params if the token is
incorrect.
That's exactly purpose of token. In case you're doing the request from
phpMyAdmin the token is available in session, so including it should
not be hard...
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
4:34 p.m.
On Thu, Oct 3, 2013 at 3:25 PM, Michal Čihař <michal(a)cihar.com> wrote:
yes normally it is but during logout the token is reset multiple times and
is changed after the page is loaded somewhere so when the
get_scripts.js.php is being fetched an old and invalid token is used thus
the page is not displayed.
here is what happens:
1 - the logout page is requested,
2 - token is reset since the user is not logged in
3 - then the html is created to load the get_scripts file using this new
token which is correct
4 - some time after this the token is reset again. I dont know where this
happens. I output the token in the end of the response class response
method and it is still the same.
5 - the request to the get_script file is made using the old token which is
rejected
Hi
Dne Thu, 3 Oct 2013 14:49:35 +0200
Mohamed Ashraf <mohamed.ashraf.213(a)gmail.com> napsal(a):
I want to know if the user has enabled error reporting or not.
I want to allow access to the scripts page
without a token and at the
same
time I want to check the current config settings.
Maybe it's better to describe what you want to actually achieve.
The current method I use
to check config settings is by including common.inc.php to the script but
the problem is that common.inc.php removes all GET params if the token is
incorrect.
That's exactly purpose of token. In case you're doing the request from
phpMyAdmin the token is available in session, so including it should
not be hard...
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.cl…
_______________________________________________
Phpmyadmin-devel mailing list
Phpmyadmin-devel(a)lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
--
Mohamed Ashraf
4:43 p.m.
Hi
Dne Thu, 3 Oct 2013 15:34:16 +0200
Mohamed Ashraf <mohamed.ashraf.213(a)gmail.com> napsal(a):
yes normally it is but during logout the token is
reset multiple times and
is changed after the page is loaded somewhere so when the
get_scripts.js.php is being fetched an old and invalid token is used thus
the page is not displayed.
here is what happens:
1 - the logout page is requested,
2 - token is reset since the user is not logged in
3 - then the html is created to load the get_scripts file using this new
token which is correct
4 - some time after this the token is reset again. I dont know where this
happens. I output the token in the end of the response class response
method and it is still the same.
5 - the request to the get_script file is made using the old token which is
rejected
I don't see need to load anything from common.inc or do token protection
on get_script, please comment:
https://github.com/phpmyadmin/phpmyadmin/pull/729
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
5:51 p.m.
On Thu, Oct 3, 2013 at 3:43 PM, Michal Čihař <michal(a)cihar.com> wrote:
Hi
Dne Thu, 3 Oct 2013 15:34:16 +0200
Mohamed Ashraf <mohamed.ashraf.213(a)gmail.com> napsal(a):
I didnt realize that we removed js minification entirely. Since we actually
stopped minifying files I no longer need to access the config. This should
work perfectly
yes normally it is but during logout the token is
reset multiple times
and
is changed after the page is loaded somewhere so
when the
get_scripts.js.php is being fetched an old and invalid token is used thus
the page is not displayed.
here is what happens:
1 - the logout page is requested,
2 - token is reset since the user is not logged in
3 - then the html is created to load the get_scripts file using this new
token which is correct
4 - some time after this the token is reset again. I dont know where this
happens. I output the token in the end of the response class response
method and it is still the same.
5 - the request to the get_script file is made using the old token which
is
rejected
I don't see need to load anything from common.inc or do token protection
on get_script, please comment:
https://github.com/phpmyadmin/phpmyadmin/pull/729
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.cl…
_______________________________________________
Phpmyadmin-devel mailing list
Phpmyadmin-devel(a)lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
--
Mohamed Ashraf
4005
days inactive
4005
days old
5 comments
3 participants
participants (3)
-
Marc Delisle -
Michal Čihař -
Mohamed Ashraf