Fixed possible session manipulation in swekey authentication, see PMASA-2011-5

2011-06-30 12:30:58 +02:00
parent 9fc6e35cfd
commit 7ebd958b2b
2 changed files with 5 additions and 3 deletions
--- a/3
+++ b/3
@@ -1,6 +1,9 @@
 phpMyAdmin - ChangeLog
 ======================

+3.4.3.1 (not yet released)
+- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
+
 3.4.3.0 (2011-06-27)
 - bug #3311170 [sync] Missing helper icons in Synchronize
 - patch #3304473 [setup] Redefine a lable that was wrong
--- a/libraries/auth/swekey/swekey.auth.lib.php
+++ b/libraries/auth/swekey/swekey.auth.lib.php
@@ -263,11 +263,10 @@ function Swekey_login($input_name, $input_go)
 	}
 }

-if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false)
+if (!empty($_GET['session_to_unset']))
 {
-    parse_str($_SERVER['QUERY_STRING']);
 	session_write_close();
-	session_id($session_to_unset);
+	session_id($_GET['session_to_unset']);
 	session_start();
 	$_SESSION = array();
 	session_write_close();