[Phpmyadmin-devel] token mismatch with server variables
Marc Delisle
marc at infomarc.info
Tue Jul 16 16:04:47 CEST 2013
Le 2013-07-16 09:32, Isaac Bennetch a écrit :
> Hi, I just took a bug report/suggested fix from "an anonymous IRC user"
> who doesn't have a SourceForge or github account. The thing is, I can't
> reproduce it. Does anyone have any comment on this?
To be valid XHTML, we have to use & instead of & as the separator.
I cannot reproduce the problem; I wonder which browser this person is using.
>
> I 'm running latest 4.0.4.1 and wanted to change a server variable, but
> every time I clicked on one I got a token mismatch. Turns out, line 128
> of server_variables.php does:
>
> $url = htmlspecialchars('server_variables.php?' .
> PMA_generate_common_url());
>
> The html special chars converts an '&' to & where it shouldn't. This
> effectively makes it impossible to change any server variables via
> phpMyAdmin. Changing it to:
>
> $url = ('server_variables.php?' . PMA_generate_common_url());
>
> (kill the htmlspecialchars())
>
> works. But I'm not certain this would be the correct fix.
--
Marc Delisle
http://infomarc.info
More information about the Developers
mailing list