Hi all!
I have to test it some more more time and with the 2.1.0 old release, but it seems there is a big problem with the script: it uses everywhere the 'htmlspecialchars' function and then can returns valid rows from the db when this rows contains one of these html special characters.
Ex: if one set a field with the value "<test>", he can't delete/modify it from the links at the browse table because the parameter passed by url is "& lt;test >". This is also the case with values stored in hidden form fields.
This is really annoying because if this problem is confirmed, it means near all of the scripts will have to be modified to fix it and we will restart testings from scartch :(
Loïc, disapointed!
______________________________________________________________________________ ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif
Hi Loic :)
In this case, why not trying :
$variable=preg_replace("/&#/","&#",$variable);
I think it's a good turnaround for the < and > problem.
Joce
----- Original Message ----- From: "Loïc" loic-div@ifrance.com To: "phpMyAdmin" phpmyadmin-devel@lists.sourceforge.net Sent: Saturday, July 14, 2001 2:12 PM Subject: [Phpmyadmin-devel] Big problem :(
Hi all!
I have to test it some more more time and with the 2.1.0 old release, but
it
seems there is a big problem with the script: it uses everywhere the 'htmlspecialchars' function and then can returns valid rows from the db
when
this rows contains one of these html special characters.
Ex: if one set a field with the value "<test>", he can't delete/modify it from the links at the browse table because the parameter passed by url is "&
lt;test
>". This is also the case with values stored in hidden form fields.
This is really annoying because if this problem is confirmed, it means
near
all of the scripts will have to be modified to fix it and we will restart testings from scartch :(
Loïc, disapointed!
____________________________________________________________________________ __
ifrance.com, l'email gratuit le plus complet de l'Internet ! vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP... http://www.ifrance.com/_reloc/email.emailif
Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
-
Fournier Jocelyn [Presence-PC] -
Loïc