nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed possible session corruption in swekey authentication

Browse Source
This commit is contained in:
Herman van Rink
2011-06-29 08:51:44 +02:00
parent 6eae88e65f
commit 6e6e129f26
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
$Id$ $Id$
$HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
3.3.10.2 (not yet released)
- [security] Fixed possible session corruption in swekey authentication
3.3.10.1 (2011-05-20) 3.3.10.1 (2011-05-20)
- [security] XSS on Tracking page - [security] XSS on Tracking page

5
libraries/auth/swekey/swekey.auth.lib.php
View File

@@ -263,11 +263,10 @@ function Swekey_login($input_name, $input_go)
} }
} }
if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false) if (!empty($_GET['session_to_unset']))
{ {
parse_str($_SERVER['QUERY_STRING']);
session_write_close(); session_write_close();
session_id($session_to_unset); session_id($_GET['session_to_unset']);
session_start(); session_start();
$_SESSION = array(); $_SESSION = array();
session_write_close(); session_write_close();