Garvin Hicking wrote:
Hi!
https://sourceforge.net/tracker/index.php?func=detail&aid=1312571&gr... 067&atid=377410
i would like to commit this into CVS, if no one is against.
Marc? Michal?
I think this portion:
+foreach( $_GET as $key => $val ) {
- if ( ! in_array( $key, $drops ) ) {
$url_querys[] = $key . '=' . $val;- }
allows for XSS attacks to index.php which outputs remote input HTML/JS code.
uuh, sorry fixed this with
$url_querys[] = urlencode( $key ) . '=' . urlencode( $val );
Added to that, it seems your patch kills the $cfg['LeftFrameTableSeparator'] functionality of nested table groups in non-light mode. It seems you removed all the PMA_nestedSet() functionality without proper replacement of its content?
did you tried? or took you just a look at the code?
$cfg['LeftFrameTableSeparator'] is respected and should be properly displayed - if not pls give me an example of your settings, what you expect and what you got
thnx
Hi!
+foreach( $_GET as $key => $val ) {
- if ( ! in_array( $key, $drops ) ) {
$url_querys[] = $key . '=' . $val;- }
allows for XSS attacks to index.php which outputs remote input HTML/JS code.
uuh, sorry fixed this with
$url_querys[] = urlencode( $key ) . '=' . urlencode( $val );
Okay, I think this should be safe enough (tm) ;)
Added to that, it seems your patch kills the $cfg['LeftFrameTableSeparator'] functionality of nested table groups in non-light mode. It seems you removed all the PMA_nestedSet() functionality without proper replacement of its content?
did you tried? or took you just a look at the code?
I applied the codes, yes. I looked at my main table which contains 266 tables with many "_" separators, which don'T work anymore. But then I looked at a second database with only 4 tables, they were grouped properly - so I think there must just be a bug left in the generation code?
I set theSeparator to "_" and have this list of tables:
access accesslog aggregator_category aggregator_category_feed aggregator_category_item aggregator_feed aggregator_item authmap be_groups be_sessions be_users blocks book boxes cache cache_hash cache_imagesizes cache_md5params cache_pages cache_pagesection cache_typo3temp_log comments contact directory fe_groups fe_session_data fe_sessions fe_users files filter_formats filters flood forum fud26_action_log fud26_ann_forums fud26_announce fud26_attach fud26_avatar fud26_blocked_logins fud26_buddy fud26_cat fud26_custom_tags fud26_email_block fud26_ext_block fud26_fc_view fud26_fl_1 fud26_fl_pm fud26_forum fud26_forum_notify fud26_forum_read fud26_group_cache fud26_group_members fud26_group_resources fud26_groups fud26_index fud26_ip_block fud26_level fud26_mime fud26_mlist fud26_mod fud26_mod_que fud26_msg fud26_msg_report fud26_nntp fud26_pmsg fud26_poll fud26_poll_opt fud26_poll_opt_track fud26_read fud26_replace fud26_search fud26_search_cache fud26_ses fud26_smiley fud26_stats_cache fud26_themes fud26_thr_exchange fud26_thread fud26_thread_notify fud26_thread_rate_track fud26_title_index fud26_tv_1 fud26_user_ignore fud26_users history locales_meta locales_source locales_target menu moderation_filters moderation_roles moderation_votes node node_access node_comment_statistics node_counter node_revisions pages pages_language_overlay permission poll poll_choices profile_fields profile_values role search_index search_total sequences serendipity_GROUPS_authorgroups serendipity_GROUPS_authors serendipity_GROUPS_category serendipity_GROUPS_comments serendipity_GROUPS_config serendipity_GROUPS_entries serendipity_GROUPS_entrycat serendipity_GROUPS_entryproperties serendipity_GROUPS_exits serendipity_GROUPS_groupconfig serendipity_GROUPS_groups serendipity_GROUPS_images serendipity_GROUPS_permalinks serendipity_GROUPS_plugins serendipity_GROUPS_references serendipity_GROUPS_referrers serendipity_GROUPS_suppress serendipity_MERGE_aggregator_feeds serendipity_MERGE_authors serendipity_MERGE_category serendipity_MERGE_comments serendipity_MERGE_config serendipity_MERGE_entries serendipity_MERGE_entrycat serendipity_MERGE_entryproperties serendipity_MERGE_entrytags serendipity_MERGE_exits serendipity_MERGE_images serendipity_MERGE_karma serendipity_MERGE_karmalog serendipity_MERGE_plugins serendipity_MERGE_references serendipity_MERGE_referrers serendipity_MERGE_shoutbox serendipity_MERGE_spamblocklog serendipity_MERGE_suppress serendipity_NOUTF8access serendipity_NOUTF8authorgroups serendipity_NOUTF8authors serendipity_NOUTF8category serendipity_NOUTF8comments serendipity_NOUTF8config serendipity_NOUTF8entries serendipity_NOUTF8entrycat serendipity_NOUTF8entryproperties serendipity_NOUTF8exits serendipity_NOUTF8groupconfig serendipity_NOUTF8groups serendipity_NOUTF8images serendipity_NOUTF8permalinks serendipity_NOUTF8plugincategories serendipity_NOUTF8pluginlist serendipity_NOUTF8plugins serendipity_NOUTF8references serendipity_NOUTF8referrers serendipity_NOUTF8suppress serendipity_SVN_access serendipity_SVN_aggregator_feedcat serendipity_SVN_aggregator_feeds serendipity_SVN_aggregator_md5 serendipity_SVN_authorgroups serendipity_SVN_authors serendipity_SVN_category serendipity_SVN_categorytemplates serendipity_SVN_comments serendipity_SVN_config serendipity_SVN_entries serendipity_SVN_entrycat serendipity_SVN_entryproperties serendipity_SVN_entrytags serendipity_SVN_exits serendipity_SVN_groupconfig serendipity_SVN_groups serendipity_SVN_guestbook serendipity_SVN_images serendipity_SVN_karma serendipity_SVN_karmalog serendipity_SVN_link_category serendipity_SVN_links serendipity_SVN_mycalendar serendipity_SVN_pending_authors serendipity_SVN_percentagedone serendipity_SVN_permalinks serendipity_SVN_plugincategories serendipity_SVN_pluginlist serendipity_SVN_plugins serendipity_SVN_polls serendipity_SVN_polls_options serendipity_SVN_profiles serendipity_SVN_project_category serendipity_SVN_project_colors serendipity_SVN_references serendipity_SVN_referrers serendipity_SVN_spamblocklog serendipity_SVN_staticblocks serendipity_SVN_staticpages serendipity_SVN_suppress serendipity_UTF8_access serendipity_UTF8_authorgroups serendipity_UTF8_authors serendipity_UTF8_category serendipity_UTF8_comments serendipity_UTF8_config serendipity_UTF8_entries serendipity_UTF8_entrycat serendipity_UTF8_entryproperties serendipity_UTF8_exits serendipity_UTF8_groupconfig serendipity_UTF8_groups serendipity_UTF8_images serendipity_UTF8_permalinks serendipity_UTF8_plugincategories serendipity_UTF8_pluginlist serendipity_UTF8_plugins serendipity_UTF8_references serendipity_UTF8_referrers serendipity_UTF8_suppress serendipity_authors serendipity_category serendipity_comments serendipity_config serendipity_entries serendipity_entrycat serendipity_entryproperties serendipity_exits serendipity_images serendipity_plugins serendipity_references serendipity_referrers serendipity_suppress sessions static_template static_tsconfig_help sys_be_shortcuts sys_domain sys_filemounts sys_history sys_language sys_lockedrecords sys_log sys_note sys_notepad sys_template system term_data term_hierarchy term_node term_relation term_synonym tt_content tx_impexp_presets url_alias users users_roles variable vocabulary vocabulary_node_types watchdog
So I would expect to get at least groups "serendipity" and "sys" for example, but instead they show up in a singular flat listing...?!
My $cfg['LeftFrameTableLevel'] is set to "2".
If you can't reproduce that I could give you a full SQL dump of my tablesa and send you my config files?
Best regards, Garvin
Hi
On Tue 4. 10. 2005 11:42, Garvin Hicking wrote:
If you can't reproduce that I could give you a full SQL dump of my tablesa and send you my config files?
Well nesting works fine for me with the patch. What config file are you changing? :-)
Garvin Hicking wrote:
Added to that, it seems your patch kills the $cfg['LeftFrameTableSeparator'] functionality of nested table groups in non-light mode. It seems you removed all the PMA_nestedSet() functionality without proper replacement of its content?
did you tried? or took you just a look at the code?
I applied the codes, yes. I looked at my main table which contains 266 tables with many "_" separators, which don'T work anymore. But then I looked at a second database with only 4 tables, they were grouped properly - so I think there must just be a bug left in the generation code?
I set theSeparator to "_" and have this list of tables:
[much much much tables]
So I would expect to get at least groups "serendipity" and "sys" for example, but instead they show up in a singular flat listing...?!
My $cfg['LeftFrameTableLevel'] is set to "2".
same to me, generated tables above, and works perfectly for me
If you can't reproduce that I could give you a full SQL dump of my tablesa and send you my config files?
did you tried my patch against latest CVS and edited the right config file (config.inc.php) ?
Hi Sebastian!
same to me, generated tables above, and works perfectly for me
Oh, that is strange. I have several more databases, maybe one of them is causing confusion; especially funny is that one of the DBs "Backuptest" is shown in a different font than the others. I will try to investigate.
If you can't reproduce that I could give you a full SQL dump of my tablesa and send you my config files?
did you tried my patch against latest CVS and edited the right config file (config.inc.php) ?
Yes, against latest CVS, and I did edit config.inc.php.
Another thing I just noticed; don't know if your patch introduced it or if it was previously included: When I choose a table in my lengthy left frame, the right frame shows the table but the left frame refreshes! This is very annoying as the page is then scrolled to the top and not to the place where I just clicked. So I need to scroll down all the way to get to the table I just selected. This is very confusing - there is no apparent reason to me why the left frame should be reloaded in this case, when just selecting a table.
Regards, Garvin
Garvin Hicking wrote:
Another thing I just noticed; don't know if your patch introduced it or if it was previously included: When I choose a table in my lengthy left frame, the right frame shows the table but the left frame refreshes! This is very annoying as the page is then scrolled to the top and not to the place where I just clicked. So I need to scroll down all the way to get to the table I just selected. This is very confusing - there is no apparent reason to me why the left frame should be reloaded in this case, when just selecting a table.
this is a known limitation im working on ...
Hi!
this is a known limitation im working on ...
Ah, okay. Are there any other known limitations before I check the implementation out?
Regards, Garvin
Garvin Hicking wrote:
Hi!
this is a known limitation im working on ...
Ah, okay. Are there any other known limitations before I check the implementation out?
no
Garvin Hicking wrote:
Hi Sebastian!
same to me, generated tables above, and works perfectly for me
Oh, that is strange. I have several more databases, maybe one of them is causing confusion; especially funny is that one of the DBs "Backuptest" is shown in a different font than the others. I will try to investigate.
just send the source of the genreated html page, i will take a look into this.
-
Garvin Hicking -
Michal Čihař -
Sebastian Mendel