[Phpmyadmin-devel] new grab_globals and 2.6.1-pl1

Marc Delisle DelislMa at collegesherbrooke.qc.ca
Thu Feb 24 08:45:55 CET 2005


Marc Delisle a écrit :
> Alexander M. Turek a écrit :
> 
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Hi Marc & list,
>>
>> Marc Delisle wrote:
>>
>>> there is a problem with the new grab_globals.lib.php
>>> as released in 2.6.1-pl1. For example, the Search
>>> page no longer works.
>>>
>>> I'm looking at this right now.
>>
>>
>>
>> Strange... as long as the search page does rely on GET / POST parameters
>> that are named 'cfg', 'GLOBALS', '_something' or 'strSomething', this
>> should not happen.
>>
> 
> The bug does not happen with this code:
> 
> if (       //$key == 'cfg'
>             //$key == 'GLOBALS'
>             substr($key, 0, 3) == 'str'
>             || $key{0} == '_') {
>             continue;
> }
> 
> but happens if I activate the first or the second comparison!
> 
> Marc (scratching his head)

This solves the bug for me, please comment:

if ( is_string($key)
          && ($key == 'cfg'
           || $key == 'GLOBALS'
           || substr($key, 0, 3) == 'str'
           || $key{0} == '_')) {
             continue;
}

Without the first test, each [0] is lost.

Marc





More information about the Developers mailing list