bug #2961609 Potential information disclosure at login page

ChangeLog

@@ -11,6 +11,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
 - bug #2959746 [interface] Unknown table status: TABLE_TYPE 
 - bug #2953050 [export] export VIEW as SQL includes INSERT statement 
 - bug #2942032 [core] Cannot detect PmaAbsoluteUri correctly on Windows 
+- bug #2961609 [auth] Potential information disclosure at login page
 
 3.3.0.0 (not yet released)
 + rfe #2308632 [edit] Use hex for (var)binary fields,

libraries/auth/cookie.auth.lib.php

@@ -644,7 +644,6 @@ function PMA_auth_set_user()
  * this function MUST exit/quit the application,
  * currently doen by call to PMA_auth()
  *
- * @todo    $php_errormsg is invalid here!? it will never be set in this scope
  * @uses    $GLOBALS['server']
  * @uses    $GLOBALS['allowDeny_forbidden']
  * @uses    $GLOBALS['strAccessDenied']
@@ -683,9 +682,7 @@ function PMA_auth_fails()
             }
         }
     } elseif (PMA_DBI_getError()) {
-        $conn_error = PMA_sanitize(PMA_DBI_getError());
-    } elseif (isset($php_errormsg)) {
-        $conn_error = $php_errormsg;
+        $conn_error = '#' . $GLOBALS['errno'] . ' ' . $GLOBALS['strCannotLogin']; 
     } else {
         $conn_error = $GLOBALS['strCannotLogin'];
     }