#3881 (ok 4.2) Escaped html in error message

4.0.0
fixed
nobody
None
5
2014-07-25
2013-04-18
No

Escaped html in error message. I guess from PMA_fatalError()

  • I had a session go idle while on the result page of a query.
  • The error popup-div came when I clicked a link to let me know that I had to login again.
  • I logged in
  • Error: index.php: Missing parameter: import_type<a href="./url.php?url=http%3A%2F%2F...

Possible resolutions:
redirect to some other page, on such errors
prevent escaping the html in this case

Discussion

  • Ayush Choubey

    Ayush Choubey - 2013-04-22

    Hi,
    yeah you are right its a PMA_fatalerror.

    After many hit and trails, i've reproduced it and probably knows what is the cause, and if this hasn't been fixed, i would like to work on it.

    By the way, out of curiosity, a stupid question.

    How exactly the error should be fixed:

    1)you don't want that error to come after your login(after the timeout)

    2) Or you just don't want those html to come, rather than that, you want that message to get rendered as an actual html.

     
  • Herman van Rink

    Herman van Rink - 2013-04-23

    Well, the worst thing about the current situation is: it's a dead-end.

    As the session is no longer available, going back to the same page is not an option. It would be nice if we could communicate that.

    We should lead the user to some index page. There we could present an informative message.

    And obviously, as a last resort... if we give a fatal error... then the links should work ;)

     
  • Marc Delisle

    Marc Delisle - 2013-04-26

    I have set up my LoginCookieValidity to a very low value, I can make the session expire but I cannot find a scenario to reproduce the error message (even when trying to import). Please guide me.

     
  • Ayush Choubey

    Ayush Choubey - 2013-04-26

    Sure Sir,

    It happens when we submit any external code from any *_import.php file to import.php. Now if in this page timeout occurs, then we are asked to re-enter out username and password. Then as soon as we enter it, we get this message

    In my case i set that value for 20 secs. from server_import.php page i just used to click on Go button then a message used to come "No data was received to import...." . Now after the timeout, when i entered my username and password i got that message.

    The reason was the checkparameter function in import.php(about which i am still unclear what it is doing there) which used to take import_type and format as the parameter and check if they are set or not but since they were not set, so this fatal error occurred.

     
  • Marc Delisle

    Marc Delisle - 2013-04-28

    Ayush,
    thanks for the explanation. I am doing exactly what you are describing, yet I cannot reproduce this problem. So I'll deassign myself from the pull request, hoping that someone else can reproduce, therefore test the pull request.

     
  • Herman van Rink

    Herman van Rink - 2013-05-03

    It seems the third step in the list below is essential.

    • I go to a table, to the search tab
    • search for something
    • click the [refresh] link, after this we get an answer from import.php
    • wait for the php session to timeout, or remove the session file.
    • click the [refresh] link
    • The error popup-div comes up. Please log in again.
    • Click 'Log in'
    • Use the login form ( I have cookie auth)
    • Error: index.php: Missing parameter: import_type<a href="./url.php?url=http%3A%2F%2F...

    The pull request prevents the reported error message. I now get an almost empty page below the topmenucontainer tabs. Only the html div with id selflink is printed.

    I've left some minor codestyle comment on the pullrequest github page.

     
  • Ayush Choubey

    Ayush Choubey - 2013-05-03

    Hello Herman, Thank you for your comment. I just wanted to ask that does blank means complete blank. Can i have a screenshot to see what actually happened.
    I believe there could be a couple of glitch and i would definately like to correct them.

    Thanks

     
  • Ayush Choubey

    Ayush Choubey - 2013-05-03

    Hi Herman,

    I think, i got what you were saying. I have updated the pull request, can you check it again, if the problem still exist. And thanks for those comment i've updated them too.

    Thanks

     
  • Herman van Rink

    Herman van Rink - 2013-05-07

    Now I get the same type of error:
    index.php: Missing parameter: table
    index.php: Missing parameter: db

     
  • Ayush Choubey

    Ayush Choubey - 2013-05-07

    Hey Herman,

    Thanks for informing me.
    I will double check that commit and find if i have set all the GLOBALS variables properly or not.

    By the way, can you check that if the same error is coming with the steps that i wrote earlier.

    Thanks

     
  • Lakshit Arora

    Lakshit Arora - 2014-01-02

    I think after the above fix a new problem arises, below are the screenshot for better understanding:
    1. I did same as above to reproduce the error (see the image step1.png)
    2. It prompted me for login (see the image step2.png)
    3. I logged in (see the image step3.png)
    4. Now when within the timeout period I click on any table, in my case "information_schema", it gave me the timeout error (see the image4.png)
    5. Now even when I login again (see image step2.png again), I am on step3 above and then step4, samething happens, so you see we are stuck in a loop.

    Thanks,
    Lakshit

     
  • Marc Delisle

    Marc Delisle - 2014-07-25
     
  • Marc Delisle

    Marc Delisle - 2014-07-25

    It seems that this is no longer reproducible in 4.2. Closing for now.

     
  • Marc Delisle

    Marc Delisle - 2014-07-25
    • summary: Escaped html in error message --> (ok 4.2) Escaped html in error message
    • status: open --> fixed
     

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks