[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Phptest-users] MySQL 4.0, wierd bug, security hole?
From: |
Dan Kegel |
Subject: |
[Phptest-users] MySQL 4.0, wierd bug, security hole? |
Date: |
Tue, 02 Sep 2003 08:24:07 -0700 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20030624 |
pair.com just upgraded to MySQL 4.0, I think, and this
may have broken phptest. (I'm still using phpTest 0.6.1,
since I'm afraid that if I update, I'll lose all my
painfully-typed-in questions).
Anyone else notice problems with MySQL 4.0? Here are the symptoms:
A user reported that my phptest installation was broken
(he registered, but was told that "no tests were available"),
so I tried it. Sure enough, new users don't see any tests.
But I stumbled on an interesting bug. After adding the user
and logging in, I then clicked 'Back' a few times, and up
popped a confused adduser page, *while logged in as the test user!*
The URL was
http://www.kegel.com/phptest/add_user.php?PHPSESSID=956a70e2332d7dd1b036a9dd87f8e4f2
The page contents:
Left column:
Hello Joe User
Change password
View test results
Log out
Right column:
You can use the form below to add a user account. Username and password are
required fields, all the others are not.
Warning: Invalid argument supplied for foreach() in
/usr/www/users/dank/kegel/phptest/include/functions.inc.php on line 265
Warning: Invalid argument supplied for foreach() in
/usr/www/users/dank/kegel/phptest/include/functions.inc.php on line 450
Warning: Invalid argument supplied for foreach() in
/usr/www/users/dank/kegel/phptest/include/functions.inc.php on line 265
Desired username:
Password:
Confirm password:
Email address
Real Name
Groups this user belongs to:
Science Class
Math Class
English Class
History Class
Spanish Class
Economics Class
visitors
Select the skill levels which this user will have permission to add, edit and
delete questions and tests from.
make
gcc
unix commands
Select the groups which this user will have permission to add, edit and delete
users from.
Science Class
Math Class
English Class
History Class
Spanish Class
Economics Class
visitors
--
Dan Kegel
http://www.kegel.com
http://counter.li.org/cgi-bin/runscript/display-person.cgi?user=78045
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Phptest-users] MySQL 4.0, wierd bug, security hole?,
Dan Kegel <=