[Phpmyadmin-devel] Issue with event editing
Rouslan Placella
rouslan at placella.com
Sun Aug 25 20:50:40 CEST 2013
On 08/25/2013 10:14 AM, Ayush Chaudhary wrote:
> Hi,
>
> I was writing Selenium tests for editing an event. While creating an
> event, I created it with the clause 'EVERY 2 MINUTE_SECOND' and it
> worked fine. However, MySQL stores it as '0:2', so when I go to edit the
> event, the default value for interval field is '0:2', and then when I
> submit the edit form, our code takes the intval from 0:2 and forms the
> query 'EVERY 0 MINUTE_SECOND' and this creates an error.
>
> Is there a specific reason why intval is being used in
> rte_events.lib.php on Line 585? If not, should I remove that and issue a
> pull request?
IIRC, intval was used there to sanitize user input. If you remove it,
you'll need to add something else to avoid sql injections.
Bye,
Rouslan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20130825/7e3aff81/attachment.sig>
More information about the Developers
mailing list