bug #1909711 [security] Sensitive data in session files
This commit is contained in:
Marc Delisle
@@ -21,6 +21,9 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
|
|||||||
- bug #1918531 [compatibility] Navigation isn't w3.org valid
|
- bug #1918531 [compatibility] Navigation isn't w3.org valid
|
||||||
thanks to Michael Keck - mkkeck
|
thanks to Michael Keck - mkkeck
|
||||||
|
|
||||||
|
2.11.5.1 (2008-03-29)
|
||||||
|
- bug #1909711 [security] Sensitive data in session files
|
||||||
|
|
||||||
2.11.5.0 (2008-03-01)
|
2.11.5.0 (2008-03-01)
|
||||||
- bug #1862661 [GUI] Warn about rename deleting database
|
- bug #1862661 [GUI] Warn about rename deleting database
|
||||||
- bug #1866041 [interface] Incorrect sorting with AS
|
- bug #1866041 [interface] Incorrect sorting with AS
|
||||||
|
|||||||
@@ -886,8 +886,9 @@ class PMA_Config
|
|||||||
*/
|
*/
|
||||||
function enableBc()
|
function enableBc()
|
||||||
{
|
{
|
||||||
$GLOBALS['cfg'] =& $this->settings;
|
$GLOBALS['cfg'] = $this->settings;
|
||||||
$GLOBALS['default_server'] =& $this->default_server;
|
$GLOBALS['default_server'] = $this->default_server;
|
||||||
|
unset($this->default_server);
|
||||||
$GLOBALS['collation_connection'] = $this->get('collation_connection');
|
$GLOBALS['collation_connection'] = $this->get('collation_connection');
|
||||||
$GLOBALS['is_upload'] = $this->get('enable_upload');
|
$GLOBALS['is_upload'] = $this->get('enable_upload');
|
||||||
$GLOBALS['max_upload_size'] = $this->get('max_upload_size');
|
$GLOBALS['max_upload_size'] = $this->get('max_upload_size');
|
||||||
|
|||||||
@@ -468,26 +468,20 @@ $_REQUEST['js_frame'] = PMA_ifSetOr($_REQUEST['js_frame'], '');
|
|||||||
/******************************************************************************/
|
/******************************************************************************/
|
||||||
/* parsing configuration file LABEL_parsing_config_file */
|
/* parsing configuration file LABEL_parsing_config_file */
|
||||||
|
|
||||||
if (empty($_SESSION['PMA_Config'])) {
|
/**
|
||||||
/**
|
* We really need this one!
|
||||||
* We really need this one!
|
*/
|
||||||
*/
|
if (! function_exists('preg_replace')) {
|
||||||
if (! function_exists('preg_replace')) {
|
PMA_fatalError('strCantLoad', 'pcre');
|
||||||
PMA_fatalError('strCantLoad', 'pcre');
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @global PMA_Config $_SESSION['PMA_Config']
|
|
||||||
*/
|
|
||||||
$_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php');
|
|
||||||
|
|
||||||
} elseif (version_compare(phpversion(), '5', 'lt')) {
|
|
||||||
/**
|
|
||||||
* @todo move all __wakeup() functionality into session.inc.php
|
|
||||||
*/
|
|
||||||
$_SESSION['PMA_Config']->__wakeup();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @global PMA_Config $_SESSION['PMA_Config']
|
||||||
|
* force reading of config file, because we removed sensitive values
|
||||||
|
* in the previous iteration
|
||||||
|
*/
|
||||||
|
$_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php');
|
||||||
|
|
||||||
if (!defined('PMA_MINIMUM_COMMON')) {
|
if (!defined('PMA_MINIMUM_COMMON')) {
|
||||||
$_SESSION['PMA_Config']->checkPmaAbsoluteUri();
|
$_SESSION['PMA_Config']->checkPmaAbsoluteUri();
|
||||||
}
|
}
|
||||||
@@ -906,6 +900,11 @@ if (! defined('PMA_MINIMUM_COMMON')) {
|
|||||||
|
|
||||||
} // end if !defined('PMA_MINIMUM_COMMON')
|
} // end if !defined('PMA_MINIMUM_COMMON')
|
||||||
|
|
||||||
|
// remove sensitive values from session
|
||||||
|
$_SESSION['PMA_Config']->set('blowfish_secret', '');
|
||||||
|
$_SESSION['PMA_Config']->set('Servers', '');
|
||||||
|
$_SESSION['PMA_Config']->set('default_server', '');
|
||||||
|
|
||||||
if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
|
if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
|
||||||
/**
|
/**
|
||||||
* include subform target page
|
* include subform target page
|
||||||
|
|||||||
Reference in New Issue
Block a user