From b26c7438ad234c84e6bed11ca3cb1c80e5b0d81b Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Sat, 29 Mar 2008 06:06:35 +0000 Subject: [PATCH] bug #1909711 [security] Sensitive data in session files --- ChangeLog | 3 +++ libraries/Config.class.php | 5 +++-- libraries/common.inc.php | 35 +++++++++++++++++------------------ 3 files changed, 23 insertions(+), 20 deletions(-) diff --git a/ChangeLog b/ChangeLog index 403583824..a03114a47 100644 --- a/ChangeLog +++ b/ChangeLog @@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog $Id$ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $ +2.11.5.1 (2008-03-29) +- bug #1909711 [security] Sensitive data in session files + 2.11.5.0 (2008-03-01) - bug #1862661 [GUI] Warn about rename deleting database - bug #1866041 [interface] Incorrect sorting with AS diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 2b0ce1965..525dbd29f 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -886,8 +886,9 @@ class PMA_Config */ function enableBc() { - $GLOBALS['cfg'] =& $this->settings; - $GLOBALS['default_server'] =& $this->default_server; + $GLOBALS['cfg'] = $this->settings; + $GLOBALS['default_server'] = $this->default_server; + unset($this->default_server); $GLOBALS['collation_connection'] = $this->get('collation_connection'); $GLOBALS['is_upload'] = $this->get('enable_upload'); $GLOBALS['max_upload_size'] = $this->get('max_upload_size'); diff --git a/libraries/common.inc.php b/libraries/common.inc.php index b5bec73bc..5bb837e4a 100644 --- a/libraries/common.inc.php +++ b/libraries/common.inc.php @@ -463,26 +463,20 @@ $_REQUEST['js_frame'] = PMA_ifSetOr($_REQUEST['js_frame'], ''); /******************************************************************************/ /* parsing configuration file LABEL_parsing_config_file */ -if (empty($_SESSION['PMA_Config'])) { - /** - * We really need this one! - */ - if (! function_exists('preg_replace')) { - PMA_fatalError('strCantLoad', 'pcre'); - } - - /** - * @global PMA_Config $_SESSION['PMA_Config'] - */ - $_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php'); - -} elseif (version_compare(phpversion(), '5', 'lt')) { - /** - * @todo move all __wakeup() functionality into session.inc.php - */ - $_SESSION['PMA_Config']->__wakeup(); +/** + * We really need this one! + */ +if (! function_exists('preg_replace')) { + PMA_fatalError('strCantLoad', 'pcre'); } +/** + * @global PMA_Config $_SESSION['PMA_Config'] + * force reading of config file, because we removed sensitive values + * in the previous iteration + */ +$_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php'); + if (!defined('PMA_MINIMUM_COMMON')) { $_SESSION['PMA_Config']->checkPmaAbsoluteUri(); } @@ -901,6 +895,11 @@ if (! defined('PMA_MINIMUM_COMMON')) { } // end if !defined('PMA_MINIMUM_COMMON') +// remove sensitive values from session +$_SESSION['PMA_Config']->set('blowfish_secret', ''); +$_SESSION['PMA_Config']->set('Servers', ''); +$_SESSION['PMA_Config']->set('default_server', ''); + if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) { /** * include subform target page