Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released.
Downloads: http://www.phpmyadmin.net
Marc Delisle, for the team
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released.
It seems to break setup script somehow...
Michal ?iha? wrote:
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released.
It seems to break setup script somehow...
-- Michal ?iha? | http://cihar.com | http://blog.cihar.com
Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=D... _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
it's in common.lib.php line 2879: if (empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { should be 'PMA_token' instedd
=?ANSI_X3.4-1968?Q?J=3Frgen_Wind?= schrieb:
Michal ?iha? wrote:
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released.
It seems to break setup script somehow...
it's in common.lib.php line 2879: if (empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { should be 'PMA_token' instedd
no, this is intentionally
no, this is intentionally
hmmm, and what is the intention?
it is refereced in setup.php as $_SESSION['PMA_token']
Sebastian Mendel a écrit :
=?ANSI_X3.4-1968?Q?J=3Frgen_Wind?= schrieb:
Michal ?iha? wrote:
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released.
It seems to break setup script somehow...
it's in common.lib.php line 2879: if (empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { should be 'PMA_token' instedd
no, this is intentionally
I forgot to change $_SESSION['PMA_token'] to $_SESSION[' PMA_token '] in scripts/setup.php.
Can someone confirm this fix, I am busy right now. Then I'll release 2.9.0.2 later today.
Marc
On Tue, 03 Oct 2006 08:16:10 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
I forgot to change $_SESSION['PMA_token'] to $_SESSION[' PMA_token '] in scripts/setup.php.
What was reason to add spaces?
Can someone confirm this fix, I am busy right now. Then I'll release 2.9.0.2 later today.
It seems to work fine then.
Michal Čihař schrieb:
On Tue, 03 Oct 2006 08:16:10 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
I forgot to change $_SESSION['PMA_token'] to $_SESSION[' PMA_token '] in scripts/setup.php.
What was reason to add spaces?
$_SESSION variables can be overwritten with register_globals on
you cannot overwrite variable with spaces
script.php?%20var%20
becomes
$_REQUST['_var']
so you have no possibility to overwrite any variable with spaces in its name from outside
On Tue, 03 Oct 2006 14:32:44 +0200 Sebastian Mendel lists@sebastianmendel.de wrote:
$_SESSION variables can be overwritten with register_globals on
you cannot overwrite variable with spaces
script.php?%20var%20
becomes
$_REQUST['_var']
so you have no possibility to overwrite any variable with spaces in its name from outside
Thanks for explanation!
Marc Delisle wrote:
Sebastian Mendel a ?crit :
=?ANSI_X3.4-1968?Q?J=3Frgen_Wind?= schrieb:
Michal ?iha? wrote:
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released.
It seems to break setup script somehow...
it's in common.lib.php line 2879: if (empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { should be 'PMA_token' instedd
no, this is intentionally
I forgot to change $_SESSION['PMA_token'] to $_SESSION[' PMA_token '] in scripts/setup.php.
Can someone confirm this fix, I am busy right now. Then I'll release 2.9.0.2 later today.
Marc
Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=D... _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
maybe it has to be changed in auth/signon... too ( line 108 )
On Tue, 3 Oct 2006 05:53:33 -0700 (PDT) "J?rgen Wind" jwind@ngi.de wrote:
maybe it has to be changed in auth/signon... too ( line 108 )
Yes, it should be!
On Tue, 03 Oct 2006 08:16:10 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
Can someone confirm this fix, I am busy right now. Then I'll release 2.9.0.2 later today.
I just commited fix to CVS (hopefully for all branches).
Sebastian Mendel wrote:
=?ANSI_X3.4-1968?Q?J=3Frgen_Wind?= schrieb:
Michal ?iha? wrote:
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle Marc.Delisle@cegepsherbrooke.qc.ca wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released.
It seems to break setup script somehow...
it's in common.lib.php line 2879: if (empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { should be 'PMA_token' instedd
no, this is intentionally
-- Sebastian
Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=D... _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
ok, i don't understand the intention yet, but if you replace 'PMA_token' with ' PMA_token ' in setup.php, setup seems to work again.
-
J?rgen Wind -
Marc Delisle -
Michal Čihař -
Sebastian Mendel