[Phpmyadmin-devel] Passing POST variables
Michal Čihař
michal at cihar.com
Wed Mar 24 23:02:03 CET 2010
Hi
Dne Wed, 24 Mar 2010 07:16:30 +0530
Ninad Pundalik <ninadsp16289 at gmail.com> napsal(a):
> For the last few hours, I've been trying to use jQuery to implement
> pagination via AJAX in phpMyAdmin. The page I've selected for
> experimenting is the sql.php page, where one can view a table from a
> database. I've right now created a javascript file, included it in
> the DOM via the $GLOBALS['js_include'] array, and bound an AJAX call
> on the navigation buttons.
>
> When I execute the call for a particular table, sql.php replies with
> the results for the next 30 rows, but it also outputs a lot of other
> html. As a way around this, I plan to use a variable 'ajax_request',
> which is set to true when an AJAX call is being made, and accordingly,
> wrote the jQuery script. If ajax_request is set to true in $_POST, I
> will modify the output of sql.php and print only the table containing
> the data from the table, the profiling data, (and any other necessary
> part) and prevent the printing of the header, footer and other tabs.
> However, due to the sanitization of $_GET, $_POST and $_REQUEST, I am
> unable to access the variable.
>
> I tried adding the variable name to variables_whitelist and the
> array_list arrays in libraries/common.inc.php, but I guess those are
> the wrong places. Could someone please tell me where I'm going wrong,
> or which is the right php file/function to check?
The correct way is to include token in your request. It is there for
protecting against XSS.
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20100324/6d802dc9/attachment.sig>
More information about the Developers
mailing list