[Phpmyadmin-devel] phpMyAdmin 2.9.0.1 is released
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net. The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released. Downloads: http://www.phpmyadmin.net Marc Delisle, for the team
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released.
It seems to break setup script somehow... -- Michal Čihař | http://cihar.com | http://blog.cihar.com
Michal ?iha? wrote:
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released.
It seems to break setup script somehow...
-- Michal ?iha? | http://cihar.com | http://blog.cihar.com
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
it's in common.lib.php line 2879: if (empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { should be 'PMA_token' instedd -- View this message in context: http://www.nabble.com/phpMyAdmin-2.9.0.1-is-released-tf2364809.html#a6618320 Sent from the phpmyadmin-devel mailing list archive at Nabble.com.
=?ANSI_X3.4-1968?Q?J=3Frgen_Wind?= schrieb:
Michal ?iha? wrote:
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released. It seems to break setup script somehow...
it's in common.lib.php line 2879: if (empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { should be 'PMA_token' instedd
no, this is intentionally -- Sebastian
no, this is intentionally
hmmm, and what is the intention? it is refereced in setup.php as $_SESSION['PMA_token'] -- View this message in context: http://www.nabble.com/phpMyAdmin-2.9.0.1-is-released-tf2364809.html#a6618805 Sent from the phpmyadmin-devel mailing list archive at Nabble.com.
Sebastian Mendel a écrit :
=?ANSI_X3.4-1968?Q?J=3Frgen_Wind?= schrieb:
Michal ?iha? wrote:
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released. It seems to break setup script somehow... it's in common.lib.php line 2879: if (empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { should be 'PMA_token' instedd
no, this is intentionally
I forgot to change $_SESSION['PMA_token'] to $_SESSION[' PMA_token '] in scripts/setup.php. Can someone confirm this fix, I am busy right now. Then I'll release 2.9.0.2 later today. Marc
On Tue, 03 Oct 2006 08:16:10 -0400 Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
I forgot to change $_SESSION['PMA_token'] to $_SESSION[' PMA_token '] in scripts/setup.php.
What was reason to add spaces?
Can someone confirm this fix, I am busy right now. Then I'll release 2.9.0.2 later today.
It seems to work fine then. -- Michal Čihař | http://cihar.com | http://blog.cihar.com
Michal Čihař schrieb:
On Tue, 03 Oct 2006 08:16:10 -0400 Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
I forgot to change $_SESSION['PMA_token'] to $_SESSION[' PMA_token '] in scripts/setup.php.
What was reason to add spaces?
$_SESSION variables can be overwritten with register_globals on you cannot overwrite variable with spaces script.php?%20var%20 becomes $_REQUST['_var'] so you have no possibility to overwrite any variable with spaces in its name from outside -- Sebastian
On Tue, 03 Oct 2006 14:32:44 +0200 Sebastian Mendel <lists@sebastianmendel.de> wrote:
$_SESSION variables can be overwritten with register_globals on
you cannot overwrite variable with spaces
script.php?%20var%20
becomes
$_REQUST['_var']
so you have no possibility to overwrite any variable with spaces in its name from outside
Thanks for explanation! -- Michal Čihař | http://cihar.com | http://blog.cihar.com
Marc Delisle wrote:
Sebastian Mendel a ?crit :
=?ANSI_X3.4-1968?Q?J=3Frgen_Wind?= schrieb:
Michal ?iha? wrote:
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released. It seems to break setup script somehow... it's in common.lib.php line 2879: if (empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { should be 'PMA_token' instedd
no, this is intentionally
I forgot to change $_SESSION['PMA_token'] to $_SESSION[' PMA_token '] in scripts/setup.php.
Can someone confirm this fix, I am busy right now. Then I'll release 2.9.0.2 later today.
Marc
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
maybe it has to be changed in auth/signon... too ( line 108 ) -- View this message in context: http://www.nabble.com/phpMyAdmin-2.9.0.1-is-released-tf2364809.html#a6619486 Sent from the phpmyadmin-devel mailing list archive at Nabble.com.
On Tue, 3 Oct 2006 05:53:33 -0700 (PDT) "J?rgen Wind" <jwind@ngi.de> wrote:
maybe it has to be changed in auth/signon... too ( line 108 )
Yes, it should be! -- Michal Čihař | http://cihar.com | http://blog.cihar.com
On Tue, 03 Oct 2006 08:16:10 -0400 Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
Can someone confirm this fix, I am busy right now. Then I'll release 2.9.0.2 later today.
I just commited fix to CVS (hopefully for all branches). -- Michal Čihař | http://cihar.com | http://blog.cihar.com
Sebastian Mendel wrote:
=?ANSI_X3.4-1968?Q?J=3Frgen_Wind?= schrieb:
Michal ?iha? wrote:
On Sun, 01 Oct 2006 08:29:09 -0400 Marc Delisle <Marc.Delisle@cegepsherbrooke.qc.ca> wrote:
Welcome to phpMyAdmin 2.9.0.1 which contains security fixes. Details will follow on the security page of phpmyadmin.net.
The release candidate for this version was called 2.9.1-rc1, but 2.9.1 is not ready to be released. It seems to break setup script somehow...
it's in common.lib.php line 2879: if (empty($_REQUEST['token']) || $_SESSION[' PMA_token '] != $_REQUEST['token']) { should be 'PMA_token' instedd
no, this is intentionally
-- Sebastian
------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys -- and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
ok, i don't understand the intention yet, but if you replace 'PMA_token' with ' PMA_token ' in setup.php, setup seems to work again. -- View this message in context: http://www.nabble.com/phpMyAdmin-2.9.0.1-is-released-tf2364809.html#a6619006 Sent from the phpmyadmin-devel mailing list archive at Nabble.com.
participants (4)
-
J?rgen Wind -
Marc Delisle -
Michal Čihař -
Sebastian Mendel