nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed possible session manipulation in swekey authentication, see PMASA-2011-5

Browse Source
This commit is contained in:
Herman van Rink
2011-06-30 12:30:58 +02:00
parent 9fc6e35cfd
commit 7ebd958b2b
2 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog
View File

@@ -1,6 +1,9 @@
phpMyAdmin - ChangeLog phpMyAdmin - ChangeLog
====================== ======================
3.4.3.1 (not yet released)
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5
3.4.3.0 (2011-06-27) 3.4.3.0 (2011-06-27)
- bug #3311170 [sync] Missing helper icons in Synchronize - bug #3311170 [sync] Missing helper icons in Synchronize
- patch #3304473 [setup] Redefine a lable that was wrong - patch #3304473 [setup] Redefine a lable that was wrong

5
libraries/auth/swekey/swekey.auth.lib.php
View File

@@ -263,11 +263,10 @@ function Swekey_login($input_name, $input_go)
} }
} }
if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false) if (!empty($_GET['session_to_unset']))
{ {
parse_str($_SERVER['QUERY_STRING']);
session_write_close(); session_write_close();
session_id($session_to_unset); session_id($_GET['session_to_unset']);
session_start(); session_start();
$_SESSION = array(); $_SESSION = array();
session_write_close(); session_write_close();