From 723b440470d37cb36b50c8dba98288c67952af95 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Sat, 25 Aug 2001 12:49:47 +0000
Subject: [PATCH] bug 455088

---
 ChangeLog    | 4 ++++
 lib.inc.php3 | 6 ++++++
 2 files changed, 10 insertions(+)

diff --git a/ChangeLog b/ChangeLog
index 2e1492ee7..89a709bb8 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 
+2001-08-25  Marc Delisle  <lem9@users.sourceforge.net>
+	* lib.inc.php3, bug 455088, avoid to reveal username/password
+	  from config file when they are wrong or MySQL server does not answer
+
 2001-08-23  Marc Delisle  <lem9@users.sourceforge.net>
 	* lib.inc.php3, bug 454477, added LIMIT 1 to delete only one instance
           when records are the same
diff --git a/lib.inc.php3 b/lib.inc.php3
index 93c018067..67b99d79a 100755
--- a/lib.inc.php3
+++ b/lib.inc.php3
@@ -150,6 +150,11 @@ if (!defined('__LIB_INC__')){
             $query_base = htmlspecialchars($the_query);
             $query_base = ereg_replace("((\015\012)|(\015)|(\012)){3,}", "\n\n", $query_base);
             echo '<p>' . "\n";
+
+// if the config password is wrong, or the MySQL server does not respond,
+// do not show the query that would reveal the username/password
+
+	   if (!strstr($query_base,"connect")) {
             echo '    ' . $GLOBALS['strSQLQuery'] . '&nbsp;:&nbsp;' . "\n";
             if ($is_modify_link) {
                 echo '    ['
@@ -158,6 +163,7 @@ if (!defined('__LIB_INC__')){
             }
             echo '<pre>' . "\n" . $query_base . "\n" . '</pre>' . "\n";
             echo '</p>' . "\n";
+          }
         }
         if (!empty($error_message)) {
             $error_message = htmlspecialchars($error_message);