Menu

#4960 (ok 4.4.10) Table creation results in GET request with missing server parameter that invalidates the session

4.4.9
fixed
Madhura Jayaratne
None
Normal
2015-06-17
2015-06-15
monojp
No

phpMyAdmin: 4.4.9
MySQL: 5.5.3
Browser: Chromium 43.0.2357.124 (64-bit)

After creating a new table, there seems to be a GET request started that has the "server" variable missing and invalidates the session. The next request has a new token which results in the GUI displaying something like "token missmatch" and redirecting the user to the login page.

request trace:

POST tbl_structure.php
POST tbl_create.php
GET db_structure.php?server=40&token=<TOKEN_A>&server=40&db=<DB_NAME>&table=test5&ajax_request=true&ajax_page_request=true&menuHashes=<MENU_HASHES>&_nocache=1434367506209123225    
POST navigation.php?ajax_request=1&server=40&token=<TOKEN_A>    
GET tbl_structure.php?db=<DB_NAME>&token=<TOKEN_A>&goto=db_structure.php&table=test5&ajax_request=true&ajax_page_request=true&menuHashes=<MENU_HASHES>&_nocache=1434367506211781181 
GET index.php?ajax_request=1&recent_table=1&server=40&token=<TOKEN_A>
GET index.php?ajax_request=1&recent_table=1&token=<TOKEN_B>
...

the request to "tbl_structure.php" is missing the "server" variable. The request seems to be initiated in js/functions.js:2706+:

:::javascript
// Redirect to table structure page on creation of new table
var params_12 = 'ajax_request=true&ajax_page_request=true';
params_12 += AJAX.cache.menus.getRequestParam();
tblStruct_url = 'tbl_structure.php?db='+ data._params.db + '&token='+data._params.token +'&goto=db_structure.php&table='+data._params.table+'';
$.get(tblStruct_url, params_12, AJAX.responseHandler);

I guess that this is making the problem, but unfortunately I am not able to reproduce the error on our test system. I was just fiddling with our live system and hoping on input from your side.

More proof: On our live system the following request is definitely invalidating the session (resulting in invalid token errors if trying to reload ajax naviation in another tab):

tbl_structure.php?db=<DB>&token=<TOKEN>

in contrast to the following which is working just fine:

tbl_structure.php?server=<SERVER>&db=<DB>&token=<TOKEN>

I have also attached our skeleton config.inc.php (we're using cookie auth)

1 Attachments
config.inc.php

Discussion

  • monojp

    monojp - 2015-06-15

    fyi the following patch fixed the problem on our live server:

    --- js/functions.js
+++ js/functions.js
@@ -2706,7 +2706,7 @@
                         // Redirect to table structure page on creation of new table
                         var params_12 = 'ajax_request=true&ajax_page_request=true';
                         params_12 += AJAX.cache.menus.getRequestParam();
-                        tblStruct_url = 'tbl_structure.php?db='+ data._params.db + '&token='+data._params.token +'&goto=db_structure.php&table='+data._params.table+'';
+                        tblStruct_url = 'tbl_structure.php?db=' + data._params.db + '&server=' + data._params.server + '&token=' + data._params.token + '&goto=db_structure.php&table=' + data._params.table + '';
                         $.get(tblStruct_url, params_12, AJAX.responseHandler);
                     } else {
                         PMA_ajaxShowMessage(
     

  • Madhura Jayaratne

    Madhura Jayaratne - 2015-06-16
    • assigned_to: Madhura Jayaratne
     

  • Madhura Jayaratne

    Madhura Jayaratne - 2015-06-16
    • summary: Table creation results in GET request with missing server parameter that invalidates the session --> (ok 4.4.10) Table creation results in GET request with missing server parameter that invalidates the session
    • status: open --> resolved
     

  • Marc Delisle

    Marc Delisle - 2015-06-17
    • Status: resolved --> fixed
     
Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.