[Phpmyadmin-devel] Fwd: Log-in screen and problem with file ./libraries/common.inc.php

Michal Čihař michal at cihar.com
Mon Mar 29 13:48:25 CEST 2010 

Hi

Dne Mon, 29 Mar 2010 02:11:47 +0530
Rohit Kalhans <rohit.kalhans at gmail.com> napsal(a):

> Well i have made some changes towards implementing the AJAX UI in form of a
> plug-in with slight change to the native code.
> 
> 1. Created the folder ajaxUI in the root directory which will house all the
> files related to the AJAX UI. This folder will be helpful as this will house
> all the code for the ajax UI.
> 
> 2. Added 2 new variables in the $cfg array in config.default.php. here is a
> snippet of the added code
> 
> /****************************************************************************************
>  * Ajax UI config variables
>  *
>  */
> 
>  /**
>  * Advanced Ajax UI feature can be disable by the Admin
>  *
>  * @global boolean cfg['advancedAjaxInterface']
>  */
> 
> $cfg['advancedAjaxInterface']    = TRUE;
> 
>  /**
>  * Advanced Ajax UI feature can be disable by the Admin
>  *
>  * @global string cfg['pma_current_UI']
>  * @possible values   'advanced' 'standard'
>  * @default "standard"
>  */
> 
> $cfg['pma_current_UI'] = 'standard';
> 
> The Administrator can choose to enable or disable the ajax interface  using
> the config variable and in that case the option (mentioned in the next
> point) will not be displayed.

What would be reason for enabling/disabling AJAX? AJAX should not be
intrusive and when user does not have enabled javascript, all should
work as it works right now. I also don't get the difference between
these two configuration options.

> 3. Added the user option to select his current interface according to his
> need. (check the attached image).

Same applies as above.

> 4, Modified files like sql.php to get the desired html output suitable for
> the Ajax interface if selected by the user (BY checking the value of
> $cfg['pma_current_UI'] ).
> 
> but I am struck in the *./libraries/common.inc.php *becoz this file converts
> the all the POST and GET variables in to $_REQUEST variables and loads the
> $cfg variables into $GLOBALS.
> 
> The thing is that I want to modify the value of one of $GLOBALS['cfg']
> ['pma_current_UI'] variable but could not do that as my $_POST variable is
> disappearing mysteriously ;)

Probably you are missing token for XSS protection and request variables
are filtered.

-- 
	Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20100329/10b6170b/attachment.sig>

More information about the Developers mailing list