Fixed a possible "security" issue in advanced authentication mode (bypassing the 'only_db' setting was possible)

This commit is contained in:
Loïc Chapeaux
2001-10-23 07:05:17 +00:00
parent 8d802a1a26
commit 0c8575c9ea
2 changed files with 31 additions and 12 deletions

View File

@@ -10,6 +10,9 @@ $Source$
required and there is no need to use both stduser/user).
* Documentation.html: updated according to the changes in the configuration
file.
* libraries/common.lib.php3: fixed a possible "security" issue (in advanced
authentication mode, ensured the server selected is valid according to the
user name).
2001-10-22 Lo<4C>c Chapeaux <lolo@phpheaven.net>
* Documentation.html, line 299: added some requirements for sockets.

View File

@@ -335,15 +335,6 @@ if (!defined('__LIB_COMMON__')){
? ''
: ':' . $cfgServer['socket'];
// The user can work with only some databases
if (isset($cfgServer['only_db']) && !empty($cfgServer['only_db'])) {
if (is_array($cfgServer['only_db'])) {
$dblist = $cfgServer['only_db'];
} else {
$dblist[] = $cfgServer['only_db'];
}
}
// Advanced authentication is required
if ($cfgServer['adv_auth']) {
// Grabs the $PHP_AUTH_USER variable whatever are the values of the
@@ -426,11 +417,36 @@ if (!defined('__LIB_COMMON__')){
if ($do_auth) {
auth();
} else {
$cfgServer['user'] = (get_magic_quotes_gpc() ? stripslashes($PHP_AUTH_USER) : $PHP_AUTH_USER);
$cfgServer['password'] = (get_magic_quotes_gpc() ? stripslashes($PHP_AUTH_PW) : $PHP_AUTH_PW);
}
if (get_magic_quotes_gpc()) {
$PHP_AUTH_USER = stripslashes($PHP_AUTH_USER);
$PHP_AUTH_PW = stripslashes($PHP_AUTH_PW);
}
// Ensures the valid 'only_db' setting is used
if ($cfgServer['user'] != $PHP_AUTH_USER) {
$servers_cnt = count($cfgServers);
for ($i = 1; $i <= $servers_cnt; $i++) {
if (isset($cfgServers[$i])
&& ($cfgServers[$i]['host'] == $cfgServer['host'] && $cfgServers[$i]['user'] == $PHP_AUTH_USER)) {
$server = $i;
$cfgServer = $cfgServers[$i];
break;
}
} // end for
} // end if
$cfgServer['user'] = $PHP_AUTH_USER;
$cfgServer['password'] = $PHP_AUTH_PW;
} // end else
} // end advanced authentication
// The user can work with only some databases
if (isset($cfgServer['only_db']) && $cfgServer['only_db'] != '') {
if (is_array($cfgServer['only_db'])) {
$dblist = $cfgServer['only_db'];
} else {
$dblist[] = $cfgServer['only_db'];
}
} // end if
// Connects to the server (validates user's login)
$bkp_track_err = (PHP_INT_VERSION >= 40000) ? @ini_set('track_errors', 1) : '';
$dbh = @$connect_func(