nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1676012 [auth] strip non-US-ASCII characters (RFC2616)

Browse Source
This commit is contained in:
Marc Delisle
2007-03-21 13:16:31 +00:00
parent 510fbcd605
commit b949c7459a
4 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -15,6 +15,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #1662976 [auth] Authentication fails when controluser/pass is set
- bug #1643758 [import] Error #1264 importing NULL values in MySQL 5.0
- bug #1523747 [innodb] make warning about row count more visible
- bug #1676012 [auth] strip non-US-ASCII characters (RFC2616)
- [gui] avoid displaying a wide selector in server selection
+ [core] added PMA_fatalError() and made use of it
. [core] added PMA_isValid() and PMA_ifSetOr() for variable handling

3
Documentation.html
View File

@@ -766,7 +766,8 @@ GRANT ALL PRIVILEGES ON user_base.* TO 'real_user'@localhost IDENTIFIED BY 'real
<dd>Only useful when using phpMyAdmin with multiple server entries. If set,
this string will be displayed instead of the hostname in the pull-down
menu on the main page. This can be useful if you want to show only
certain databases on your system, for example.</dd>
certain databases on your system, for example. For HTTP auth, all
non-US-ASCII characters will be stripped.</dd>
<dt id="pmadb">
<span id="cfg_Servers_pmadb">$cfg['Servers'][$i]['pmadb']</span> string

9
libraries/auth/http.auth.lib.php
View File

@@ -27,7 +27,14 @@ function PMA_auth() {
exit;
}
header('WWW-Authenticate: Basic realm="phpMyAdmin ' . sprintf($GLOBALS['strRunning'], (empty($GLOBALS['cfg']['Server']['verbose']) ? str_replace('\'', '\\\'', $GLOBALS['cfg']['Server']['host']) : str_replace('\'', '\\\'', $GLOBALS['cfg']['Server']['verbose']))) . '"');
if (empty($GLOBALS['cfg']['Server']['verbose'])) {
$server_message = $GLOBALS['cfg']['Server']['host'];
} else {
$server_message = $GLOBALS['cfg']['Server']['verbose'];
}
// remove non US-ASCII to respect RFC2616
$server_message = preg_replace('/[^\x20-\x7e]/i', '', $server_message);
header('WWW-Authenticate: Basic realm="phpMyAdmin ' . $server_message . '"');
header('HTTP/1.0 401 Unauthorized');
header('status: 401 Unauthorized');

1
libraries/config.default.php
View File

@@ -200,6 +200,7 @@ $cfg['Servers'][$i]['hide_db'] = '';
/**
* Verbose name for this host - leave blank to show the hostname
* (for HTTP auth, all non-US-ASCII characters will be stripped)
*
* @global string $cfg['Servers'][$i]['verbose']
*/