-
-
Notifications
You must be signed in to change notification settings - Fork 3.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Refreshing results results in token mismatch error #13182
Comments
I can't reproduce this. Did you wait some time before doing refresh? Also did you refresh by browser or by the link in phpMyAdmin? |
It happens to me every single time no matter how long I wait. I used the link in phpMyAdmin to refresh. |
I faced a similar problem just after upgrading from v4.6.2 to v4.7.0. I'm not familiar with phpMyAdmin but it seems the token mismatch error happens when I put a POST request after logged in, for exporting query result. In my case it happens for 781 bytes query, while it does not happen for 576 bytes query. And I confirmed no error happens when I bypassed token checks, by inserting
in line 931, |
Unfortunately I am unable to reproduce the error on 4.8.0-dev (latest stable 4.7.0) |
I checked even a simple query can reproduce this issue: select 1 FROM plugins
WHERE
1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and
1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and
1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and
1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and
1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and 1=1 and
1=1
LIMIT 1; does occur "token mismatch" error, I explored the source code and BTW I checked the code and thought, if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (PMA_isValid($_POST['token'])) {
$token_provided = true;
$token_mismatch = ! hash_equals($_SESSION[' PMA_token '], $_POST['token']);
}
if ($token_mismatch) {
/**
* We don't allow any POST operation parameters if the token is mismatched
* or is not provided
*/
$whitelist = array('ajax_request');
PMA\libraries\Sanitize::removeRequestVars($whitelist);
}
} requires Of course
|
The "token mismatch" error is occurring for me even when I press the "Refresh" button in the Status tab. I can no longer refresh the process list. This happened after upgrading to 4.7.0. |
Issue #13182 Specifically the error mentioned in the comment: #13182 (comment) Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>
I also experience this issue right after my upgrade from 4.6.3 to 4.7.0. If I run a SQL statement and click on export results I get "Token mismatch". But only with bigger/more complex queries. Very simple ones work. My token gets blank and inside common.inc.php it fails on The commit from @devenbansod didn't fix this. |
Looks fixed. |
Steps to reproduce
Expected behaviour
It to refresh the results
Actual behaviour
I get a message saying "Error: Token Mismatch" every signal time.
Server configuration
Operating system: Fedora 24
Web server: nginx 1.11.13
Database: MariaDB 10.1.22
PHP version: 7.1.3
phpMyAdmin version: 4.7.0
Client configuration
Browser: Firefox 52.0.2
Operating system: Fedora 24
The text was updated successfully, but these errors were encountered: