nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1676012 [auth] strip non-US-ASCII characters (RFC2616)

Browse Source
This commit is contained in:
Marc Delisle
2007-03-21 13:16:31 +00:00
parent 510fbcd605
commit b949c7459a
4 changed files with 12 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -15,6 +15,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- bug #1662976 [auth] Authentication fails when controluser/pass is set - bug #1662976 [auth] Authentication fails when controluser/pass is set
- bug #1643758 [import] Error #1264 importing NULL values in MySQL 5.0 - bug #1643758 [import] Error #1264 importing NULL values in MySQL 5.0
- bug #1523747 [innodb] make warning about row count more visible - bug #1523747 [innodb] make warning about row count more visible
- bug #1676012 [auth] strip non-US-ASCII characters (RFC2616)
- [gui] avoid displaying a wide selector in server selection - [gui] avoid displaying a wide selector in server selection
+ [core] added PMA_fatalError() and made use of it + [core] added PMA_fatalError() and made use of it
. [core] added PMA_isValid() and PMA_ifSetOr() for variable handling . [core] added PMA_isValid() and PMA_ifSetOr() for variable handling

3
Documentation.html
View File

@@ -766,7 +766,8 @@ GRANT ALL PRIVILEGES ON user_base.* TO 'real_user'@localhost IDENTIFIED BY 'real
<dd>Only useful when using phpMyAdmin with multiple server entries. If set, <dd>Only useful when using phpMyAdmin with multiple server entries. If set,
this string will be displayed instead of the hostname in the pull-down this string will be displayed instead of the hostname in the pull-down
menu on the main page. This can be useful if you want to show only menu on the main page. This can be useful if you want to show only
certain databases on your system, for example.</dd> certain databases on your system, for example. For HTTP auth, all
non-US-ASCII characters will be stripped.</dd>
<dt id="pmadb"> <dt id="pmadb">
<span id="cfg_Servers_pmadb">$cfg['Servers'][$i]['pmadb']</span> string <span id="cfg_Servers_pmadb">$cfg['Servers'][$i]['pmadb']</span> string

9
libraries/auth/http.auth.lib.php
View File

@@ -27,7 +27,14 @@ function PMA_auth() {
exit; exit;
} }
header('WWW-Authenticate: Basic realm="phpMyAdmin ' . sprintf($GLOBALS['strRunning'], (empty($GLOBALS['cfg']['Server']['verbose']) ? str_replace('\'', '\\\'', $GLOBALS['cfg']['Server']['host']) : str_replace('\'', '\\\'', $GLOBALS['cfg']['Server']['verbose']))) . '"'); if (empty($GLOBALS['cfg']['Server']['verbose'])) {
$server_message = $GLOBALS['cfg']['Server']['host'];
} else {
$server_message = $GLOBALS['cfg']['Server']['verbose'];
}
// remove non US-ASCII to respect RFC2616
$server_message = preg_replace('/[^\x20-\x7e]/i', '', $server_message);
header('WWW-Authenticate: Basic realm="phpMyAdmin ' . $server_message . '"');
header('HTTP/1.0 401 Unauthorized'); header('HTTP/1.0 401 Unauthorized');
header('status: 401 Unauthorized'); header('status: 401 Unauthorized');

1
libraries/config.default.php
View File

@@ -200,6 +200,7 @@ $cfg['Servers'][$i]['hide_db'] = '';
/** /**
* Verbose name for this host - leave blank to show the hostname * Verbose name for this host - leave blank to show the hostname
* (for HTTP auth, all non-US-ASCII characters will be stripped)
* *
* @global string $cfg['Servers'][$i]['verbose'] * @global string $cfg['Servers'][$i]['verbose']
*/ */