[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Phpgroupware-users] Re: [Phpgroupware-developers] Testing CK-Ledger v.0

From: C K Wu
Subject: [Phpgroupware-users] Re: [Phpgroupware-developers] Testing CK-Ledger v.0.7.1 against phpgroupware-0.9.16.RC1
Date: Wed, 17 Sep 2003 12:39:06 +0800 (CST)

Hello, Dave,

I think I've found what's going on.


../phpgwapi/inc/ (line 951)
and ../phpgwapi/inc/ (line
977) read,

$new_extravars .= "$key=$value" ;

With 0.9.16RC1,

../phpgwapi/inc/ (line 1194)

$new_extravars .= $key.'='.urlencode($value) ;

So, apparently, with earlier versions, it is the
application script's responsibility to url_encode GET
variables before sending it on.  However, with
0.9.16RC1, the sessions facility handles the
url_encode-ing when it receives the GET variables from
the application script.

With CK-Ledger v.0.7.1 running against phpgw
0.9.16RC1, it means double url_encoding and therefore
the callee scripts need to url_decode the GET variable
one more time to recover the correct value.

I think this will break a lot of the addon module
codes.  However, if the GET variable passed contains
pure alphanumeric chars, no error will be detected,
since urlencode/urldecode in these cases do not alter
the GET variables.  So, there may be quite a fair bit
of  spurious 0.9.16RC1 errors being the result of the


Dave Hall:

>CK Wu <address@hidden> wrote:
>>Hello, folks,
>>While testing CK-Ledger v.0.7.1 against
>>I came across the following,
>>When calling,
>Is this
>Looking at that code ... there are several problems
>firstly the $_POST/$_GET hack won't work with
register_globals = off
>Also phpgroupware has never processed the external
variables, I think it
>is a PHP problem.  IIRC php will url_decode all $_GET
vars for you.
>Bit more info about where this code is will probably
help us track this


reply via email to

[Prev in Thread] Current Thread [Next in Thread]