[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroup
From: |
Dave Hall |
Subject: |
Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1 |
Date: |
Sat, 13 Sep 2003 11:08:08 +1000 |
C=20K=20Wu <address@hidden> wrote:
> Hello, folks,
>
> While testing CK-Ledger v.0.7.1 against
> phpgroupware-0.9.16.RC1,
> I came across the following,
>
> When calling,
>
>
http://localhost/.../loglist.php?filter=%2BWHERE%2B1%253D1%2B&sessionid=...&kp3=...&domain=default&click_history=...
Is this
http://localhost/phpgroupware/loglist.php?filter=%2BWHERE%2B1%253D1%2B&...
or
http://localhost/ck-ledger/loglist.php?filter=%2BWHERE%2B1%253D1%2B&...
Looking at that code ... there are several problems ....
firstly the $_POST/$_GET hack won't work with register_globals = off
Also phpgroupware has never processed the external variables, I think it
is a PHP problem. IIRC php will url_decode all $_GET vars for you.
Bit more info about where this code is will probably help us track this
down.
Cheers
Dave
>
> [ and the initial few lines of loglist.php reads,
>
> $phpgw_info["flags"] =
> array('currentapp'=>'ck-ledadmin',
> 'enable_nextmatchs_class'=>True);
> include('../header.inc.php');
> $_POST = $HTTP_POST_VARS ; $_GET = $HTTP_GET_VARS
> ;
> $filter = ($_GET["filter"]) ? $_GET["filter"] :
> $_POST["filter"] ;
> $order = ($_GET["order"]) ? $_GET["order"] :
> $_POST["order"] ;
> $sort = ($_GET["sort"]) ? $_GET["sort"] :
> $_POST["sort"] ;
> $where = stripslashes($filter) ;
> $filter = urlencode($where) ;
> ...
> ]
>
> The script failed because of invalid string embedded
> in $where .
> This script had been working with previous releases of
> phpgroupware.
>
> However, after changing the 2nd last line shown above
> to,
>
> $where = stripslashes(urldecode($filter)) ;
>
> every thing went back to normal. Other CK-Ledger
> scripts behaved similarly.
>
> Apparently, before 0.9.16RC1, get arguments were
> urldecoded prior to being
> despatched to application script. However, post
> 0.9.16RC1, application scripts
> need to do their own urldecoding. Is this a design
> change for 0.9.16RC1,
> or is it something that I need to dig deeper ?
>
> Thank you for any suggestions or comments in advance.
>
> Cheers,
> CK
>
> _________________________________________________________
> ³Ì·s¹aÁn±À¤¶:¤Q±®I¥ñ¡A¦hÁÂ¥¢ÅÊ¡A¤ß²H...
> http://ringtone.yahoo.com.hk
>
>
> _______________________________________________
> Phpgroupware-developers mailing list
> address@hidden
> http://mail.gnu.org/mailman/listinfo/phpgroupware-developers
>
>
dave.hall.vcf
Description: Card for <dave.hall@mbox.com.au>
- [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1, C K Wu, 2003/09/12
- Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1,
Dave Hall <=
- Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1, Dave Hall, 2003/09/17
- Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1, Dave Hall, 2003/09/17
- Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1, Dave Hall, 2003/09/18
- Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1, C K Wu, 2003/09/18
- Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1, Dave Hall, 2003/09/19
- Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1, Dave Hall, 2003/09/19