[Phpmyadmin-devel] Themes: Artic Ocean and Smooth Yellow

Marc Delisle marc at infomarc.info
Mon Mar 8 17:08:20 CET 2010 

Rohit Kalhans a écrit :
> 
> 
> On Mon, Mar 8, 2010 at 9:28 PM, Michal Čihař <michal at cihar.com 
> <mailto:michal at cihar.com>> wrote:
> 
>     Hi
> 
>     Dne Sun, 07 Mar 2010 10:32:30 +0100
>     Michael Keck <sfnet at michaelkeck.de <mailto:sfnet at michaelkeck.de>>
>     napsal(a):
> 
>      > That was the problem. Now I've fixed it with this hack:
>      >
>      > if (isset($GLOBALS['PMA_Config']) &&
>     $GLOBALS['PMA_Config']->get('fontsize') !== null) {
>      >     $pma_fsize = $GLOBALS['PMA_Config']->get('fontsize');
>      > } else if (isset($_SESSION['PMA_Config']) &&
>     $_SESSION['PMA_Config']->get('fontsize')) {
>      >     $pma_fsize = $_SESSION['PMA_Config']->get('fontsize');
>      > } else {
>      >     if (isset($_COOKIE['pma_fontsize'])) {
>      >         $pma_fsize = $_COOKIE['pma_fontsize'];
>      >     }
>      > }
>      > $pma_fsize = preg_replace("/[^0-9]/", "", $pma_fsize);
>      > if (!empty($pma_fsize)) {
>      >     $pma_fsize = ($pma_fsize * 0.01);
>      > } else {
>      >     $pma_fsize = 1;
>      > }
>      >
>      > This can be a solution on many themes at the moment.
>      > But - why do we have so many different things to store PMA_Configs?
> 
>     It used to be in session data, but it turned out to be wrong decision -
>     we don't want to store sensitive data in session (eg. user password
>     would end up there).
> 
> 
> Please pardon my ignorance if this question is too trivial but what 
> exactly is the problem in storing sensitive user information in the 
> Session variables. I mean is it only that when running on a local 
> machine someone might see the password in the temporary  session file 
> generated in the temp folder or something else? 

The problem is that we do not control the exact location of the session 
store. Some admins put it in /tmp (for example) so on a shared server, 
other users can peek at the files.

>  
> 
>     That's why it has been moved to globals (in
>     trunk, targeted for 3.4).
> 
>     Anyway I think that this code should be rather in some functions and
>     all themes would use it.
> 
>     --
>            Michal Čihař | http://cihar.com | http://blog.cihar.com
> 
>     ------------------------------------------------------------------------------
>     Download Intel® Parallel Studio Eval
>     Try the new software tools for yourself. Speed compiling, find bugs
>     proactively, and fine-tune applications for parallel performance.
>     See why Intel Parallel Studio got high marks during beta.
>     http://p.sf.net/sfu/intel-sw-dev
>     _______________________________________________
>     Phpmyadmin-devel mailing list
>     Phpmyadmin-devel at lists.sourceforge.net
>     <mailto:Phpmyadmin-devel at lists.sourceforge.net>
>     https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
> 
> 
> 
> 
> -- 
> Rohit Kalhans
> 
> 
> ------------------------------------------------------------------------
> 
> ------------------------------------------------------------------------------
> Download Intel® Parallel Studio Eval
> Try the new software tools for yourself. Speed compiling, find bugs
> proactively, and fine-tune applications for parallel performance.
> See why Intel Parallel Studio got high marks during beta.
> http://p.sf.net/sfu/intel-sw-dev
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Phpmyadmin-devel mailing list
> Phpmyadmin-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel


-- 
Marc Delisle
http://infomarc.info

More information about the Developers mailing list