phpgroupware-developers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware

From: C K Wu
Subject: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1
Date: Fri, 12 Sep 2003 22:07:20 +0800 (CST) 
Hello, folks,

While testing CK-Ledger v.0.7.1 against
phpgroupware-0.9.16.RC1,
I came across the following,

When calling,

http://localhost/.../loglist.php?filter=%2BWHERE%2B1%253D1%2B&sessionid=...&kp3=...&domain=default&click_history=...

[ and the initial few lines of loglist.php reads,

    $phpgw_info["flags"] =
array('currentapp'=>'ck-ledadmin',
'enable_nextmatchs_class'=>True);
    include('../header.inc.php');
    $_POST = $HTTP_POST_VARS ;  $_GET = $HTTP_GET_VARS
;
    $filter = ($_GET["filter"]) ? $_GET["filter"] :
$_POST["filter"] ;
    $order = ($_GET["order"]) ? $_GET["order"] :
$_POST["order"] ;
    $sort = ($_GET["sort"]) ? $_GET["sort"] :
$_POST["sort"] ;
    $where = stripslashes($filter) ;
    $filter = urlencode($where) ;
    ...
]

The script failed because of invalid string embedded
in $where .
This script had been working with previous releases of
phpgroupware.

However, after changing the 2nd last line shown above
to,

    $where = stripslashes(urldecode($filter)) ;

every thing went back to normal.  Other CK-Ledger
scripts behaved similarly.

Apparently, before 0.9.16RC1, get arguments were
urldecoded prior to being
despatched to application script.  However, post
0.9.16RC1, application scripts
need to do their own urldecoding.  Is this a design
change for 0.9.16RC1,
or is it something that I need to dig deeper ?

Thank you for any suggestions or comments in advance.

Cheers,
CK

_________________________________________________________
最新鈴聲推介:十面埋伏,多謝失戀,心淡...
http://ringtone.yahoo.com.hk
reply via email to
[Prev in Thread] Current Thread [Next in Thread]