I find that it is possible to corrupt the preference data (table: 'userprefs', attribute: 'type' = 'collapse') about the list page action at admin section. Two amendments I made to avoid this problem.
Firstly, I need to enlarge the 'value' attribute to accept more content, 'text' or 'longtext' data-type is recommended here. (I only test on MySQL platform and let me know if not works at other databases)
Next, I find that the source code at /admin/listcontent.php including inconsistent at two functions 'toggleexpand' and 'display_content_list'. The problem arises at the part to collect $openedArray array. Here I amend the code as below:
Code: Select all
$openedArray=array();
if (get_preference($userid, 'collapse', '') != '')
{
$tmp = explode('.',get_preference($userid, 'collapse'));
foreach ($tmp as $thisCol)
{
// line added by joeli
if (strpos($thisCol, '=') === false) continue;
$colind = substr($thisCol,0,strpos($thisCol,'='));
// inconsistency occurs here
if ($colind!="")
$openedArray[] = $colind;
}
}
In addition, I am thinking if the user preference can be stored in database with 'serialize' format (i.e. apply serialize() php function at set_preference() function and unserialize() php function at get_preference()). Then after retrieving the value, unserialize() function acts as a verification tool to ensure the value is whether valid. However, it has a drawback that more database space is required here.
Joe
