bug #1909711 [security] Sensitive data in session files

2008-03-29 06:06:35 +00:00
parent 6104714c00
commit 533bb88e32
3 changed files with 23 additions and 20 deletions
--- a/3
+++ b/3
@@ -21,6 +21,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #1918531 [compatibility] Navigation isn't w3.org valid 
  thanks to Michael Keck - mkkeck 

+2.11.5.1 (2008-03-29)
+- bug #1909711 [security] Sensitive data in session files
+
 2.11.5.0 (2008-03-01)
 - bug #1862661 [GUI] Warn about rename deleting database 
 - bug #1866041 [interface] Incorrect sorting with AS 
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -886,8 +886,9 @@ class PMA_Config
     */
    function enableBc()
    {
-        $GLOBALS['cfg']             =& $this->settings;
-        $GLOBALS['default_server']  =& $this->default_server;
+        $GLOBALS['cfg']             = $this->settings;
+        $GLOBALS['default_server']  = $this->default_server;
+        unset($this->default_server);
        $GLOBALS['collation_connection'] = $this->get('collation_connection');
        $GLOBALS['is_upload']       = $this->get('enable_upload');
        $GLOBALS['max_upload_size'] = $this->get('max_upload_size');
--- a/libraries/common.inc.php
+++ b/libraries/common.inc.php
@@ -468,26 +468,20 @@ $_REQUEST['js_frame'] = PMA_ifSetOr($_REQUEST['js_frame'], '');
 /******************************************************************************/
 /* parsing configuration file                         LABEL_parsing_config_file      */

-if (empty($_SESSION['PMA_Config'])) {
-    /**
-     * We really need this one!
-     */
-    if (! function_exists('preg_replace')) {
-        PMA_fatalError('strCantLoad', 'pcre');
-    }
-
-    /**
-     * @global PMA_Config $_SESSION['PMA_Config']
-     */
-    $_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php');
-
-} elseif (version_compare(phpversion(), '5', 'lt')) {
-    /**
-     * @todo move all __wakeup() functionality into session.inc.php
-     */
-    $_SESSION['PMA_Config']->__wakeup();
+/**
+ * We really need this one!
+ */
+if (! function_exists('preg_replace')) {
+    PMA_fatalError('strCantLoad', 'pcre');
 }

+/**
+ * @global PMA_Config $_SESSION['PMA_Config']
+ * force reading of config file, because we removed sensitive values
+ * in the previous iteration
+ */
+$_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php');
+
 if (!defined('PMA_MINIMUM_COMMON')) {
    $_SESSION['PMA_Config']->checkPmaAbsoluteUri();
 }
@@ -906,6 +900,11 @@ if (! defined('PMA_MINIMUM_COMMON')) {

 } // end if !defined('PMA_MINIMUM_COMMON')

+// remove sensitive values from session
+$_SESSION['PMA_Config']->set('blowfish_secret', '');
+$_SESSION['PMA_Config']->set('Servers', '');
+$_SESSION['PMA_Config']->set('default_server', '');
+
 if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
    /**
     * include subform target page