[Phpmyadmin-devel] XHTML compliance patch, PLS TEST!
Sebastian Mendel
lists at sebastianmendel.de
Tue Oct 4 02:30:40 CEST 2005
Garvin Hicking wrote:
> Hi!
>
>>> https://sourceforge.net/tracker/index.php?func=detail&aid=1312571&group_id=23
>>> 067&atid=377410
>>>
>> i would like to commit this into CVS, if no one is against.
>>
>> Marc? Michal?
>
> I think this portion:
>
> +foreach( $_GET as $key => $val ) {
> + if ( ! in_array( $key, $drops ) ) {
> + $url_querys[] = $key . '=' . $val;
> + }
>
> allows for XSS attacks to index.php which outputs remote input HTML/JS code.
uuh, sorry fixed this with
$url_querys[] = urlencode( $key ) . '=' . urlencode( $val );
> Added to that, it seems your patch kills the $cfg['LeftFrameTableSeparator']
> functionality of nested table groups in non-light mode. It seems you removed all
> the PMA_nestedSet() functionality without proper replacement of its content?
did you tried? or took you just a look at the code?
$cfg['LeftFrameTableSeparator'] is respected and should be properly
displayed - if not pls give me an example of your settings, what you
expect and what you got
thnx
--
Sebastian Mendel
www.sebastianmendel.de
www.sf.net/projects/phpdatetime | www.sf.net/projects/phptimesheet
More information about the Developers
mailing list