path disclosure

ChangeLog

@@ -6,8 +6,7 @@ $Id$
 $Source$
 
 2003-07-19 Marc Delisle  <lem9@users.sourceforge.net>
-    * in main directory: checks for paths disclosure
-      (TODO: subdirectories)
+    * (in lots of scripts): checks for paths disclosure
 
 2003-07-18 Garvin Hicking <me@supergarv.de>
     * read_dump.php3: When PHP3 < 4.3.0 is detected, try an alternative

libraries/auth/cookie.auth.lib.php3

@@ -13,9 +13,12 @@
 if (!defined('PMA_COOKIE_AUTH_INCLUDED')) {
     define('PMA_COOKIE_AUTH_INCLUDED', 1);
 
+    if (!isset($coming_from_common)) {
+       exit();
+    }
     // emulate array_values() for PHP 3
-    if (PMA_PHP_INT_VERSION < 40000) {
-
+//    if (PMA_PHP_INT_VERSION < 40000) {
+      if (!@function_exists('array_values')) {
         function array_values ($arr) {
             $t = array();
             while (list($k, $v) = each ($arr)) {

libraries/common.lib.php3

@@ -719,6 +719,10 @@ h1    {font-family: sans-serif; font-size: large; font-weight: bold}
 
             // Gets the authentication library that fits the $cfg['Server'] settings
             // and run authentication
+
+            // (for a quick check of path disclosure in auth/cookies:)
+            $coming_from_common = TRUE;
+
             include('./libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php3');
             if (!PMA_auth_check()) {
                 PMA_auth();