[Phpmyadmin-devel] token mismatch with server variables
Marc Delisle
marc at infomarc.info
Tue Jul 16 20:23:19 CEST 2013
Le 2013-07-16 10:49, Isaac Bennetch a écrit :
> On Tue, Jul 16, 2013 at 10:04 AM, Marc Delisle <marc at infomarc.info> wrote:
>> Le 2013-07-16 09:32, Isaac Bennetch a écrit :
>>> Hi, I just took a bug report/suggested fix from "an anonymous IRC user"
>>> who doesn't have a SourceForge or github account. The thing is, I can't
>>> reproduce it. Does anyone have any comment on this?
>>
>> To be valid XHTML, we have to use & instead of & as the separator.
>
> That's what I thought.
>
>> I cannot reproduce the problem; I wonder which browser this person is using.
>
> IIS 7.5 / PHP 5.2.17 / Firefox 22
>
> My own Firefox is version 22.0, but I don't have an IIS install handy and my
> PHP version is 5.3.3. A quick Google search doesn't find anything odd about
> the & entity and IIS, so I'm at a bit of a loss at the moment.
Please open a bug ticket about this, with "IIS 7.5" somewhere in the
title. Maybe we'll gather more info from other IIS users.
>
>>> I 'm running latest 4.0.4.1 and wanted to change a server variable, but
>>> every time I clicked on one I got a token mismatch. Turns out, line 128
>>> of server_variables.php does:
>>>
>>> $url = htmlspecialchars('server_variables.php?' .
>>> PMA_generate_common_url());
>>>
>>> The html special chars converts an '&' to & where it shouldn't. This
>>> effectively makes it impossible to change any server variables via
>>> phpMyAdmin. Changing it to:
>>>
>>> $url = ('server_variables.php?' . PMA_generate_common_url());
>>>
>>> (kill the htmlspecialchars())
>>>
>>> works. But I'm not certain this would be the correct fix.
--
Marc Delisle
http://infomarc.info
More information about the Developers
mailing list