#4702 (ok 4.3.7) URL is non RFC-2396 compatible in get_scripts.js.php.
Hi,
there is non RFC ULR encoding in get_scripts.js.php.
From https://www.ietf.org/rfc/rfc2396.txt
============
2.4.3. Excluded US-ASCII Characters
Other characters are excluded because gateways and other transport
agents are known to sometimes modify such characters, or they are
used as delimiters.
unwise = "{" | "}" | "|" | "\" | "^" | "[" | "]" | "`"
Data corresponding to excluded characters must be escaped in order to
be properly represented within a URI.
==============
The problem is in parameter "scripts[]". It is not RFC compatible. In previous version of phpMyAdmin (3.X) there wasn't such problem.
https://XXX/YYY/phpMyAdmin/js/get_scripts.js.php?scripts[]=jquery/jquery-1.8.3.min.js&scripts[]=sprintf.js&scripts[]=ajax.js&scripts[]=keyhandler.js&scripts[]=jquery/jquery-ui-1.9.2.custom.min.js&scripts[]=jquery/jquery.cookie.js&scripts[]=jquery/jquery.mousewheel.js&scripts[]=jquery/jquery.event.drag-2.2.js&scripts[]=jquery/jquery-ui-timepicker-addon.js&scripts[]=jquery/jquery.ba-hashchange-1.3.js&scripts[]=jquery/jquery.debounce-1.0.5.js&scripts[]=menu-resizer.js&scripts[]=cross_framing_protection.js&scripts[]=rte.js&scripts[]=tracekit/tracekit.js&scripts[]=error_report.js&scripts[]=doclinks.js&scripts[]=functions.js&scripts[]=navigation.js&scripts[]=indexes.js&scripts[]=common.js&scripts[]=codemirror/lib/codemirror.js&scripts[]=codemirror/mode/sql/sql.js&scripts[]=codemirror/addon/runmode/runmode.js&scripts[]=codemirror/addon/hint/show-hint.js&scripts[]=codemirror/addon/hint/sql-hint.js
Due to this RFC our hardware SSL terminator and L7 firewall is dropping connection to this request while others are OK.
Isn't this how php array variables are passed in a GET request?
Yes,
but you should (maybe) use serialize and unserialize PHP function. This function giving you storable (string) version of array type.
Fixed with https://github.com/phpmyadmin/phpmyadmin/commit/8cdaf81e2783fd27dece1624ae32df70ac0ba041