bug #1909711 [security] Sensitive data in session files

2008-03-29 06:06:35 +00:00
parent b1032c880b
commit ba57a90e8b
3 changed files with 23 additions and 15 deletions
--- a/3
+++ b/3
@@ -66,6 +66,9 @@ danbarry
 - bug #1918531 [compatibility] Navigation isn't w3.org valid 
  thanks to Michael Keck - mkkeck

+2.11.5.1 (2008-03-29)
+- bug #1909711 [security] Sensitive data in session files
+
 2.11.5.0 (2008-03-01)
 - bug #1862661 [GUI] Warn about rename deleting database
 - bug #1866041 [interface] Incorrect sorting with AS
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -891,8 +891,9 @@ class PMA_Config
     */
    function enableBc()
    {
-        $GLOBALS['cfg']             =& $this->settings;
-        $GLOBALS['default_server']  =& $this->default_server;
+        $GLOBALS['cfg']             = $this->settings;
+        $GLOBALS['default_server']  = $this->default_server;
+        unset($this->default_server);
        $GLOBALS['collation_connection'] = $this->get('collation_connection');
        $GLOBALS['is_upload']       = $this->get('enable_upload');
        $GLOBALS['max_upload_size'] = $this->get('max_upload_size');
--- a/libraries/common.inc.php
+++ b/libraries/common.inc.php
@@ -503,21 +503,20 @@ $GLOBALS['footnotes'] = array();
 /******************************************************************************/
 /* parsing configuration file                         LABEL_parsing_config_file      */

-if (empty($_SESSION['PMA_Config'])) {
-    /**
-     * We really need this one!
-     */
-    if (! function_exists('preg_replace')) {
-        PMA_fatalError('strCantLoad', 'pcre');
-    }
-
-    /**
-     * @global PMA_Config $_SESSION['PMA_Config']
-     */
-    $_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php');
-
+/**
+ * We really need this one!
+ */
+if (! function_exists('preg_replace')) {
+    PMA_fatalError('strCantLoad', 'pcre');
 }

+/**
+ * @global PMA_Config $_SESSION['PMA_Config']
+ * force reading of config file, because we removed sensitive values
+ * in the previous iteration
+ */
+$_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php');
+
 if (!defined('PMA_MINIMUM_COMMON')) {
    $_SESSION['PMA_Config']->checkPmaAbsoluteUri();
 }
@@ -933,6 +932,11 @@ if (! defined('PMA_MINIMUM_COMMON')) {

 } // end if !defined('PMA_MINIMUM_COMMON')

+// remove sensitive values from session
+$_SESSION['PMA_Config']->set('blowfish_secret', '');
+$_SESSION['PMA_Config']->set('Servers', '');
+$_SESSION['PMA_Config']->set('default_server', '');
+
 if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
    /**
     * include subform target page