Menu
▾
▴
#2467 (ok 2.10.3) Incorrect parameter validation for VIEWs
When browsing a view, the default number of rows to display is 30. When trying to change the value in the 'Show: [30] rows starting from record # [x]', an error is returned saying : 'x is not a valid row number' where x is any integer.
Version info:
MySQL - 5.0.41 (linux x86_64)
PHP - 5.2.0
phpMyAdmin - 2.10.2
Logged In: YES
user_id=210714
Originator: NO
To debug this, please display the HTML source of the Browse page, there is a form containing the message "not valid row number". Here are the lines taken from a test I made:
<form action="sql.php" method="post"
onsubmit="return (checkFormElementInRange(this, 'session_max_rows', '%d is not valid row number.', 1) && checkFormElementInRange(this, 'pos', '%d is not valid row number.', 0, 47))">
Please post here your lines.
Logged In: YES
user_id=1837126
Originator: YES
I could not get my browser to display the relevant source for the page, but here is what I got from libraries/display_tbl.lib.php:
<form action="sql.php" method="post"
onsubmit="return (checkFormElementInRange(this, 'session_max_rows', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 1) && checkFormElementInRange(this, 'pos', '<?php echo str_replace('\'', '\\\'', $GLOBALS['strInvalidRowNumber']); ?>', 0, <?php echo $unlim_num_rows - 1; ?>))">
<?php echo PMA_generate_common_hidden_inputs($db, $table); ?>
<input type="hidden" name="sql_query" value="<?php echo $encoded_query; ?>" />
<input type="hidden" name="goto" value="<?php echo $goto; ?>" />
<input type="hidden" name="dontlimitchars" value="<?php echo $dontlimitchars; ?>" />
<input type="submit" name="navig" value="<?php echo $GLOBALS['strShow']; ?> :" />
<input type="text" name="session_max_rows" size="3" value="<?php echo (($session_max_rows != 'all') ? $session_max_rows : $GLOBALS['cfg']['MaxRows']); ?>" class="textfield" onfocus="this.select()" />
<?php echo $GLOBALS['strRowsFrom'] . "\n"; ?>
<input type="text" name="pos" size="6" value="<?php echo (($pos_next >= $unlim_num_rows) ? 0 : $pos_next); ?>" class="textfield" onfocus="this.select()" />
<br />
<?php
// Display mode (horizontal/vertical and repeat headers)
$param1 = ' <select name="disp_direction">' . "\n"
. ' <option value="horizontal"' . (($disp_direction == 'horizontal') ? ' selected="selected"': '') . '>' . $GLOBALS['strRowsModeHorizontal'] . '</option>' . "\n"
. ' <option value="horizontalflipped"' . (($disp_direction == 'horizontalflipped') ? ' selected="selected"': '') . '>' . $GLOBALS['strRowsModeFlippedHorizontal'] . '</option>' . "\n"
. ' <option value="vertical"' . (($disp_direction == 'vertical') ? ' selected="selected"': '') . '>' . $GLOBALS['strRowsModeVertical'] . '</option>' . "\n"
. ' </select>' . "\n"
. ' ';
$param2 = ' <input type="text" size="3" name="repeat_cells" value="' . $repeat_cells . '" class="textfield" />' . "\n"
. ' ';
echo ' ' . sprintf($GLOBALS['strRowsModeOptions'], "\n" . $param1, "\n" . $param2) . "\n";
?>
</form>
The 'not valid row number' pop-up is retrieved from the lang/english-utf-8.inc.php variable $strInvalidRowNumber
Logged In: YES
user_id=210714
Originator: NO
To debug this, I need to see your HTML source; with Firefox you'll be able to display it.
Logged In: YES
user_id=1837126
Originator: YES
Attached is the source for that frame. The form you are referring to starts at line 107.
File Added: sql.php.txt
Logged In: YES
user_id=210714
Originator: NO
Fixed for 2.10.3, thanks.