[Phpmyadmin-devel] token mismatch with server variables

Marc Delisle marc at infomarc.info
Tue Jul 16 16:04:47 CEST 2013

Le 2013-07-16 09:32, Isaac Bennetch a écrit :
> Hi, I just took a bug report/suggested fix from "an anonymous IRC user"
> who doesn't have a SourceForge or github account. The thing is, I can't
> reproduce it. Does anyone have any comment on this?

To be valid XHTML, we have to use & instead of & as the separator.

I cannot reproduce the problem; I wonder which browser this person is using.

> I 'm running latest and wanted to change a server variable, but
> every time I clicked on one I got a token mismatch. Turns out, line 128
> of server_variables.php does:
> $url = htmlspecialchars('server_variables.php?' .
> PMA_generate_common_url());
> The html special chars converts an '&' to & where it shouldn't. This
> effectively makes it impossible to change any server variables via
> phpMyAdmin. Changing it to:
> $url = ('server_variables.php?' . PMA_generate_common_url());
> (kill the htmlspecialchars())
> works. But I'm not certain this would be the correct fix.

Marc Delisle

More information about the Developers mailing list