From acbfe50ca9f6e12bd6aa2a0be0b31c0f48abd0f7 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Mon, 8 Jan 2007 18:06:00 +0000
Subject: [PATCH] prevent attack on the session name cookie

---
 ChangeLog                 |  3 +++
 libraries/session.inc.php | 11 +++++++++--
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 0393b04d9..24516a7ce 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
 $Id$
 $HeadURL$
 
+2007-01-08 Marc Delisle  <lem9@users.sourceforge.net>
+    * libraries/session.inc.php: prevent attack on session name cookie
+
 2007-01-05 Marc Delisle  <lem9@users.sourceforge.net>
     * libraries/session.inc.php: bug #1538132, remove the setting of
       session.save_handler to 'files'
diff --git a/libraries/session.inc.php b/libraries/session.inc.php
index 606c7ef87..7410d4856 100644
--- a/libraries/session.inc.php
+++ b/libraries/session.inc.php
@@ -81,7 +81,14 @@ session_cache_limiter('private');
 // See bug #1538132. This would block normal behavior on a cluster
 //ini_set('session.save_handler', 'files');
 
-@session_name('phpMyAdmin');
+$session_name = 'phpMyAdmin';
+@session_name($session_name);
+// strictly, PHP 4 since 4.4.2 would not need a verification 
+if (version_compare(PHP_VERSION, '5.1.2', 'lt') 
+ && isset($_COOKIE[$session_name]) 
+ && eregi("\r|\n", $_COOKIE[$session_name])) {
+    die('attacked'); 
+}
 @session_start();
 
 /**
@@ -93,7 +100,7 @@ if (!isset($_SESSION[' PMA_token '])) {
 }
 
 /**
- * trys to secure session from hijacking and fixation
+ * tries to secure session from hijacking and fixation
  * should be called before login and after successfull login
  * (only required if sensitive information stored in session)
  *