1 Jul
2011
1 Jul
'11
3:52 p.m.
Hi all,
While looking into a bug, I came across this piece of code in
display_export.lib.php.
// If the form data is being loaded from GET data, decode it
foreach($_GET as $name => $value) {
if(is_string($value)) {
$_GET[urldecode($name)] = urldecode($value);
}
}
Due to this $_GET is urldecoded twice and + signs in the sql query (which is
passed inside $_GET) are replaced with spaces making it malformed.
Any clue why this piece of code got in here? Or am I not seeing anything?
--
Thanks and Regards,
Madhura Jayaratne
2 Jul
2 Jul
9:03 a.m.
New subject: [Phpmyadmin-devel] Bug ID: 3340151 - Working SQL query exports error page
Le 2011-07-01 14:52, Madhura Jayaratne a écrit :
Hi all,
While looking into a bug, I came across this piece of code in
display_export.lib.php.
// If the form data is being loaded from GET data, decode it
foreach($_GET as $name => $value) {
if(is_string($value)) {
$_GET[urldecode($name)] = urldecode($value);
}
}
Due to this $_GET is urldecoded twice and + signs in the sql query (which is
passed inside $_GET) are replaced with spaces making it malformed.
Any clue why this piece of code got in here? Or am I not seeing anything?
Madhura,
this came from commit 03fdce14c4bb2ac1a91cfb17a4a63b454d811b2e by Lori
Lee, a GSoC 2010 student.
Maybe she remembers about it.
--
Marc Delisle
http://infomarc.info
2:33 p.m.
New subject: [Phpmyadmin-devel] Bug ID: 3340151 - Working SQL query exports error page
On Sat, Jul 2, 2011 at 5:33 PM, Marc Delisle <marc(a)infomarc.info> wrote:
Le 2011-07-01 14:52, Madhura Jayaratne a écrit :
that. But
I'm not sure why it needs to urldecode $_GET once again and infact
it is causing the bug. Let's see if she replies.
--
Thanks and Regards,
Madhura Jayaratne
Hi all,
While looking into a bug, I came across this piece of code in
display_export.lib.php.
// If the form data is being loaded from GET data, decode it
foreach($_GET as $name => $value) {
if(is_string($value)) {
$_GET[urldecode($name)] = urldecode($value);
}
}
Due to this $_GET is urldecoded twice and + signs in the sql query (which
is
passed inside $_GET) are replaced with spaces
making it malformed.
Any clue why this piece of code got in here? Or am I not seeing anything?
Madhura,
this came from commit 03fdce14c4bb2ac1a91cfb17a4a63b454d811b2e by Lori
Lee, a GSoC 2010 student.
Maybe she remembers about it.
Yes Marc, having a look at the git history for the file I also noticed 
7 Jul
7 Jul
10:58 a.m.
New subject: [Phpmyadmin-devel] Bug ID: 3340151 - Working SQL query exports error page
Hi
Dne Sat, 2 Jul 2011 23:03:00 +0530
Madhura Jayaratne <madhura.cj(a)gmail.com> napsal(a):
Yes Marc, having a look at the git history for the
file I also noticed
that. But I'm not sure why it needs to urldecode $_GET once again and infact
it is causing the bug. Let's see if she replies.
In past (and maybe it still the case) some links contained urlencoded
values (for whatever reason), what might lead to this need.
The referenced commit only added is_string check, the originating code
does come from 4482228f
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
4811
days inactive
4817
days old
3 comments
3 participants
participants (3)
-
Madhura Jayaratne -
Marc Delisle -
Michal Čihař