[CK-Ledger-users] Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.1
Status: Beta
Brought to you by:
ckwu
Menu
▾
▴
[CK-Ledger-users] Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1
|
From: <chi...@ya...> - 2003-09-17 04:39:07
|
Hello, Dave, I think I've found what's going on. With 0.9.14.006, ../phpgwapi/inc/class.sessions_php4.inc.php (line 951) and ../phpgwapi/inc/class.sessions_db.inc.php (line 977) read, $new_extravars .= "$key=$value" ; With 0.9.16RC1, ../phpgwapi/inc/class.sessions.inc.php (line 1194) reads, $new_extravars .= $key.'='.urlencode($value) ; So, apparently, with earlier versions, it is the application script's responsibility to url_encode GET variables before sending it on. However, with 0.9.16RC1, the sessions facility handles the url_encode-ing when it receives the GET variables from the application script. With CK-Ledger v.0.7.1 running against phpgw 0.9.16RC1, it means double url_encoding and therefore the callee scripts need to url_decode the GET variable one more time to recover the correct value. I think this will break a lot of the addon module codes. However, if the GET variable passed contains pure alphanumeric chars, no error will be detected, since urlencode/urldecode in these cases do not alter the GET variables. So, there may be quite a fair bit of spurious 0.9.16RC1 errors being the result of the above. Cheers, CK Dave Hall: >CK Wu <chi...@ya...> wrote: > >>Hello, folks, >> >>While testing CK-Ledger v.0.7.1 against >>phpgroupware-0.9.16.RC1, >>I came across the following, >> >>When calling, >> >> >http://localhost/.../loglist.php?filter=%2BWHERE%2B1%253D1%2B&sessionid=...&kp3=...&domain=default&click_history=... > >Is this >http://localhost/phpgroupware/loglist.php?filter=%2BWHERE%2B1%253D1%2B&... > >or > >http://localhost/ck-ledger/loglist.php?filter=%2BWHERE%2B1%253D1%2B&... > >Looking at that code ... there are several problems .... > >firstly the $_POST/$_GET hack won't work with register_globals = off > >Also phpgroupware has never processed the external variables, I think it >is a PHP problem. IIRC php will url_decode all $_GET vars for you. > >Bit more info about where this code is will probably help us track this >down. > >Cheers > >Dave > _________________________________________________________ 最新鈴聲推介:遇見,亂世佳人,假如愛有天意... http://ringtone.yahoo.com.hk |
