From ba57a90e8b3c41a3379f6a74694c7731d672c579 Mon Sep 17 00:00:00 2001 From: Marc Delisle Date: Sat, 29 Mar 2008 06:06:35 +0000 Subject: [PATCH] bug #1909711 [security] Sensitive data in session files --- ChangeLog | 3 +++ libraries/Config.class.php | 5 +++-- libraries/common.inc.php | 30 +++++++++++++++++------------- 3 files changed, 23 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index a51d89424..f7f356b8d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -66,6 +66,9 @@ danbarry - bug #1918531 [compatibility] Navigation isn't w3.org valid thanks to Michael Keck - mkkeck +2.11.5.1 (2008-03-29) +- bug #1909711 [security] Sensitive data in session files + 2.11.5.0 (2008-03-01) - bug #1862661 [GUI] Warn about rename deleting database - bug #1866041 [interface] Incorrect sorting with AS diff --git a/libraries/Config.class.php b/libraries/Config.class.php index 22cc23ad2..06b733d1b 100644 --- a/libraries/Config.class.php +++ b/libraries/Config.class.php @@ -891,8 +891,9 @@ class PMA_Config */ function enableBc() { - $GLOBALS['cfg'] =& $this->settings; - $GLOBALS['default_server'] =& $this->default_server; + $GLOBALS['cfg'] = $this->settings; + $GLOBALS['default_server'] = $this->default_server; + unset($this->default_server); $GLOBALS['collation_connection'] = $this->get('collation_connection'); $GLOBALS['is_upload'] = $this->get('enable_upload'); $GLOBALS['max_upload_size'] = $this->get('max_upload_size'); diff --git a/libraries/common.inc.php b/libraries/common.inc.php index 7dd359510..f0dd4073e 100644 --- a/libraries/common.inc.php +++ b/libraries/common.inc.php @@ -503,21 +503,20 @@ $GLOBALS['footnotes'] = array(); /******************************************************************************/ /* parsing configuration file LABEL_parsing_config_file */ -if (empty($_SESSION['PMA_Config'])) { - /** - * We really need this one! - */ - if (! function_exists('preg_replace')) { - PMA_fatalError('strCantLoad', 'pcre'); - } - - /** - * @global PMA_Config $_SESSION['PMA_Config'] - */ - $_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php'); - +/** + * We really need this one! + */ +if (! function_exists('preg_replace')) { + PMA_fatalError('strCantLoad', 'pcre'); } +/** + * @global PMA_Config $_SESSION['PMA_Config'] + * force reading of config file, because we removed sensitive values + * in the previous iteration + */ +$_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php'); + if (!defined('PMA_MINIMUM_COMMON')) { $_SESSION['PMA_Config']->checkPmaAbsoluteUri(); } @@ -933,6 +932,11 @@ if (! defined('PMA_MINIMUM_COMMON')) { } // end if !defined('PMA_MINIMUM_COMMON') +// remove sensitive values from session +$_SESSION['PMA_Config']->set('blowfish_secret', ''); +$_SESSION['PMA_Config']->set('Servers', ''); +$_SESSION['PMA_Config']->set('default_server', ''); + if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) { /** * include subform target page