Menu

#4026 (ok 4.0.6) IIS 7.5 token mismatch changing server variables

4.0.4
fixed
Michal Čihař
IIS (1)
1
2015-01-05
2013-07-18
Isaac Bennetch
No

As reported by an anonymous IRC user:

I 'm running latest 4.0.4.1 with IIS 7.5 / PHP 5.2.17 / Firefox 22 and wanted to change a server variable, but every time I clicked on one I got a token mismatch. Turns out, line 128 of server_variables.php does:

$url = htmlspecialchars('server_variables.php?' . PMA_generate_common_url());

The html special chars converts an & (literal ampersand) to & (the character entity) where it shouldn't. This effectively makes it impossible to change any server variables via phpMyAdmin. Changing it to:

$url = ('server_variables.php?' . PMA_generate_common_url());

(kill the htmlspecialchars()) works. But I'm not certain this would be the correct fix.

On phpmyadmin-devel, Marc points out:

To be valid XHTML, we have to use & instead of & as the separator.

So far we've tested Firefox 22 with a Linux server and have no problems.

Discussion

  • Michal Čihař

    Michal Čihař - 2013-08-07
    • summary: IIS 7.5 token mismatch changing server variables --> (ok 4.0.6) IIS 7.5 token mismatch changing server variables
    • status: open --> resolved
    • assigned_to: Michal Čihař
    • Priority: 5 --> 1
     

  • Michal Čihař

    Michal Čihař - 2013-08-07

    The htmlspecialchars should not be needed, PMA_generate_common_url already does all the escaping.

     

  • Marc Delisle

    Marc Delisle - 2013-09-05
    • Status: resolved --> fixed
     
MongoDB Logo MongoDB