[Phpmyadmin-devel] new grab_globals and 2.6.1-pl1
Marc Delisle
DelislMa at collegesherbrooke.qc.ca
Thu Feb 24 08:45:55 CET 2005
Marc Delisle a écrit :
> Alexander M. Turek a écrit :
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi Marc & list,
>>
>> Marc Delisle wrote:
>>
>>> there is a problem with the new grab_globals.lib.php
>>> as released in 2.6.1-pl1. For example, the Search
>>> page no longer works.
>>>
>>> I'm looking at this right now.
>>
>>
>>
>> Strange... as long as the search page does rely on GET / POST parameters
>> that are named 'cfg', 'GLOBALS', '_something' or 'strSomething', this
>> should not happen.
>>
>
> The bug does not happen with this code:
>
> if ( //$key == 'cfg'
> //$key == 'GLOBALS'
> substr($key, 0, 3) == 'str'
> || $key{0} == '_') {
> continue;
> }
>
> but happens if I activate the first or the second comparison!
>
> Marc (scratching his head)
This solves the bug for me, please comment:
if ( is_string($key)
&& ($key == 'cfg'
|| $key == 'GLOBALS'
|| substr($key, 0, 3) == 'str'
|| $key{0} == '_')) {
continue;
}
Without the first test, each [0] is lost.
Marc
More information about the Developers
mailing list