patch #1930057 [auth] colon in password prevents HTTP login on CGI/IIS

This commit is contained in:
Marc Delisle
2008-04-03 12:42:33 +00:00
parent 42a4a8c24b
commit cb692f0267
2 changed files with 10 additions and 2 deletions

View File

@@ -67,6 +67,8 @@ danbarry
- bug #1918531 [compatibility] Navigation isn't w3.org valid
thanks to Michael Keck - mkkeck
- bug #1926357 [data] BIT defaults displayed incorrectly (todo: export?)
- patch #1930057 [auth] colon in password prevents HTTP login on CGI/IIS,
thanks to Jürgen Wind - windkiel
2.11.5.1 (2008-03-29)
- bug #1909711 [security] Sensitive data in session files

View File

@@ -136,10 +136,16 @@ function PMA_auth_check()
}
// Decode possibly encoded information (used by IIS/CGI/FastCGI)
// (do not use explode() because a user might have a colon in his password
if (strcmp(substr($PHP_AUTH_USER, 0, 6), 'Basic ') == 0) {
$usr_pass = base64_decode(substr($PHP_AUTH_USER, 6));
if (!empty($usr_pass) && strpos($usr_pass, ':') !== false) {
list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', $usr_pass);
if (! empty($usr_pass)) {
$colon = strpos($usr_pass, ':');
if ($colon) {
$PHP_AUTH_USER = substr($usr_pass, 0, $colon);
$PHP_AUTH_PW = substr($usr_pass, $colon + 1);
}
unset($colon);
}
unset($usr_pass);
}