[Phpmyadmin-devel] how to allow access to page without token
Mohamed Ashraf
mohamed.ashraf.213 at gmail.com
Thu Oct 3 16:51:54 CEST 2013
On Thu, Oct 3, 2013 at 3:43 PM, Michal Čihař <michal at cihar.com> wrote:
> Hi
>
> Dne Thu, 3 Oct 2013 15:34:16 +0200
> Mohamed Ashraf <mohamed.ashraf.213 at gmail.com> napsal(a):
>
> > yes normally it is but during logout the token is reset multiple times
> and
> > is changed after the page is loaded somewhere so when the
> > get_scripts.js.php is being fetched an old and invalid token is used thus
> > the page is not displayed.
> >
> > here is what happens:
> > 1 - the logout page is requested,
> > 2 - token is reset since the user is not logged in
> > 3 - then the html is created to load the get_scripts file using this new
> > token which is correct
> > 4 - some time after this the token is reset again. I dont know where this
> > happens. I output the token in the end of the response class response
> > method and it is still the same.
> > 5 - the request to the get_script file is made using the old token which
> is
> > rejected
>
> I don't see need to load anything from common.inc or do token protection
> on get_script, please comment:
>
> https://github.com/phpmyadmin/phpmyadmin/pull/729
I didnt realize that we removed js minification entirely. Since we actually
stopped minifying files I no longer need to access the config. This should
work perfectly
>
>
> --
> Michal Čihař | http://cihar.com | http://blog.cihar.com
>
>
> ------------------------------------------------------------------------------
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most
> from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
> _______________________________________________
> Phpmyadmin-devel mailing list
> Phpmyadmin-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
>
>
--
Mohamed Ashraf
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20131003/9c153f58/attachment.html>
More information about the Developers
mailing list