nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

patch #1930057 [auth] colon in password prevents HTTP login on CGI/IIS

Browse Source
This commit is contained in:
Marc Delisle
2008-04-03 12:42:33 +00:00
parent 42a4a8c24b
commit cb692f0267
2 changed files with 10 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -67,6 +67,8 @@ danbarry
- bug #1918531 [compatibility] Navigation isn't w3.org valid - bug #1918531 [compatibility] Navigation isn't w3.org valid
thanks to Michael Keck - mkkeck thanks to Michael Keck - mkkeck
- bug #1926357 [data] BIT defaults displayed incorrectly (todo: export?) - bug #1926357 [data] BIT defaults displayed incorrectly (todo: export?)
- patch #1930057 [auth] colon in password prevents HTTP login on CGI/IIS,
thanks to Jürgen Wind - windkiel
2.11.5.1 (2008-03-29) 2.11.5.1 (2008-03-29)
- bug #1909711 [security] Sensitive data in session files - bug #1909711 [security] Sensitive data in session files

10
libraries/auth/http.auth.lib.php
View File

@@ -136,10 +136,16 @@ function PMA_auth_check()
} }
// Decode possibly encoded information (used by IIS/CGI/FastCGI) // Decode possibly encoded information (used by IIS/CGI/FastCGI)
// (do not use explode() because a user might have a colon in his password
if (strcmp(substr($PHP_AUTH_USER, 0, 6), 'Basic ') == 0) { if (strcmp(substr($PHP_AUTH_USER, 0, 6), 'Basic ') == 0) {
$usr_pass = base64_decode(substr($PHP_AUTH_USER, 6)); $usr_pass = base64_decode(substr($PHP_AUTH_USER, 6));
if (!empty($usr_pass) && strpos($usr_pass, ':') !== false) { if (! empty($usr_pass)) {
list($PHP_AUTH_USER, $PHP_AUTH_PW) = explode(':', $usr_pass); $colon = strpos($usr_pass, ':');
if ($colon) {
$PHP_AUTH_USER = substr($usr_pass, 0, $colon);
$PHP_AUTH_PW = substr($usr_pass, $colon + 1);
}
unset($colon);
} }
unset($usr_pass); unset($usr_pass);
} }