[Phpmyadmin-devel] Big problem :(
Fournier Jocelyn [Presence-PC]
joc at presence-pc.com
Sat Jul 14 14:21:09 CEST 2001
Hi Loic :)
In this case, why not trying :
$variable=preg_replace("/&#/","&#",$variable);
I think it's a good turnaround for the < and > problem.
Joce
----- Original Message -----
From: "Loïc" <loic-div at ifrance.com>
To: "phpMyAdmin" <phpmyadmin-devel at lists.sourceforge.net>
Sent: Saturday, July 14, 2001 2:12 PM
Subject: [Phpmyadmin-devel] Big problem :(
> Hi all!
>
> I have to test it some more more time and with the 2.1.0 old release, but
it
> seems there is a big problem with the script: it uses everywhere the
> 'htmlspecialchars' function and then can returns valid rows from the db
when
> this rows contains one of these html special characters.
>
> Ex: if one set a field with the value "<test>", he can't delete/modify it
> from the
> links at the browse table because the parameter passed by url is "&
lt;test
> >".
> This is also the case with values stored in hidden form fields.
>
> This is really annoying because if this problem is confirmed, it means
near
> all
> of the scripts will have to be modified to fix it and we will restart
> testings from
> scartch :(
>
> Loïc, disapointed!
>
>
>
____________________________________________________________________________
__
> ifrance.com, l'email gratuit le plus complet de l'Internet !
> vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
> http://www.ifrance.com/_reloc/email.emailif
>
>
>
> _______________________________________________
> Phpmyadmin-devel mailing list
> Phpmyadmin-devel at lists.sourceforge.net
> http://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
>
More information about the Developers
mailing list