[Phpmyadmin-devel] token mismatch with server variables

Isaac Bennetch bennetch at gmail.com
Tue Jul 16 16:49:57 CEST 2013


On Tue, Jul 16, 2013 at 10:04 AM, Marc Delisle <marc at infomarc.info> wrote:
> Le 2013-07-16 09:32, Isaac Bennetch a écrit :
>> Hi, I just took a bug report/suggested fix from "an anonymous IRC user"
>> who doesn't have a SourceForge or github account. The thing is, I can't
>> reproduce it. Does anyone have any comment on this?
>
> To be valid XHTML, we have to use & instead of & as the separator.

That's what I thought.

> I cannot reproduce the problem; I wonder which browser this person is using.

IIS 7.5 / PHP 5.2.17 / Firefox 22

My own Firefox is version 22.0, but I don't have an IIS install handy and my
PHP version is 5.3.3. A quick Google search doesn't find anything odd about
the & entity and IIS, so I'm at a bit of a loss at the moment.

>> I 'm running latest 4.0.4.1 and wanted to change a server variable, but
>> every time I clicked on one I got a token mismatch. Turns out, line 128
>> of server_variables.php does:
>>
>> $url = htmlspecialchars('server_variables.php?' .
>> PMA_generate_common_url());
>>
>> The html special chars converts an '&' to & where it shouldn't. This
>> effectively makes it impossible to change any server variables via
>> phpMyAdmin. Changing it to:
>>
>> $url = ('server_variables.php?' . PMA_generate_common_url());
>>
>> (kill the htmlspecialchars())
>>
>> works. But I'm not certain this would be the correct fix.
>
>
>
> --
> Marc Delisle
> http://infomarc.info
>
> ------------------------------------------------------------------------------
> See everything from the browser to the database with AppDynamics
> Get end-to-end visibility with application monitoring from AppDynamics
> Isolate bottlenecks and diagnose root cause in seconds.
> Start your free trial of AppDynamics Pro today!
> http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk
> _______________________________________________
> Phpmyadmin-devel mailing list
> Phpmyadmin-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel




More information about the Developers mailing list