nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

protect binary contents in cookies

Browse Source
This commit is contained in:
Marc Delisle
2003-07-04 14:35:04 +00:00
parent 68d346035a
commit d248de79f0
3 changed files with 10 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@@ -7,6 +7,8 @@ $Source$
2003-07-04 Marc Delisle <lem9@users.sourceforge.net> 2003-07-04 Marc Delisle <lem9@users.sourceforge.net>
* libraries/auth/cookie.auth.lib.php3: PHP3 compatibility * libraries/auth/cookie.auth.lib.php3: PHP3 compatibility
* libraries/auth/cookie.auth.lib.php3: sometimes, binary contents in
cookies is not retrieved properly, so protect it with base64_encode()
2003-07-03 Marc Delisle <lem9@users.sourceforge.net> 2003-07-03 Marc Delisle <lem9@users.sourceforge.net>
* lang/romanian update, thanks to Valics Lehel * lang/romanian update, thanks to Valics Lehel

10
libraries/auth/cookie.auth.lib.php3
View File

@@ -396,7 +396,7 @@ if (uname.value == '') {
// The user wants to be logged out -> delete password cookie // The user wants to be logged out -> delete password cookie
if (!empty($old_usr)) { if (!empty($old_usr)) {
setcookie('pma_cookie_password', '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']); setcookie('pma_cookie_password', base64_encode(''), 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']);
} }
// The user just logged in // The user just logged in
@@ -434,6 +434,7 @@ if (uname.value == '') {
else { else {
$from_cookie = FALSE; $from_cookie = FALSE;
} }
$PHP_AUTH_PW = base64_decode($PHP_AUTH_PW);
$PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW,$GLOBALS['cfg']['Server']['blowfish_secret']); $PHP_AUTH_PW = PMA_blowfish_decrypt($PHP_AUTH_PW,$GLOBALS['cfg']['Server']['blowfish_secret']);
if ($PHP_AUTH_PW == "\xff(blank)") { if ($PHP_AUTH_PW == "\xff(blank)") {
@@ -501,9 +502,12 @@ if (uname.value == '') {
time() + (60 * 60 * 24 * 30), time() + (60 * 60 * 24 * 30),
$GLOBALS['cookie_path'], '', $GLOBALS['cookie_path'], '',
$GLOBALS['is_https']); $GLOBALS['is_https']);
// Duration = till the browser is closed for password // Duration = till the browser is closed for password
// Some binary contents are now retrieved properly when stored
// as a cookie, so we base64_encode()
setcookie('pma_cookie_password', setcookie('pma_cookie_password',
PMA_blowfish_encrypt(((!empty($cfg['Server']['password'])) ? $cfg['Server']['password'] : "\xff(blank)"), $GLOBALS['cfg']['Server']['blowfish_secret']), base64_encode(PMA_blowfish_encrypt(((!empty($cfg['Server']['password'])) ? $cfg['Server']['password'] : "\xff(blank)"), $GLOBALS['cfg']['Server']['blowfish_secret'])),
0, 0,
$GLOBALS['cookie_path'], '', $GLOBALS['cookie_path'], '',
$GLOBALS['is_https']); $GLOBALS['is_https']);
@@ -541,7 +545,7 @@ if (uname.value == '') {
global $conn_error; global $conn_error;
// Deletes password cookie and displays the login form // Deletes password cookie and displays the login form
setcookie('pma_cookie_password', '', 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']); setcookie('pma_cookie_password', base64_encode(''), 0, $GLOBALS['cookie_path'], '' , $GLOBALS['is_https']);
if (PMA_mysql_error()) { if (PMA_mysql_error()) {
$conn_error = PMA_mysql_error(); $conn_error = PMA_mysql_error();

2
user_password.php3
View File

@@ -55,7 +55,7 @@ if (isset($nopass)) {
// Changes password cookie if required // Changes password cookie if required
if ($cfg['Server']['auth_type'] == 'cookie') { if ($cfg['Server']['auth_type'] == 'cookie') {
setcookie('pma_cookie_password', PMA_blowfish_encrypt($pma_pw,$GLOBALS['cfg']['Server']['blowfish_secret']), 0, $cookie_path, '', $is_https); setcookie('pma_cookie_password', base64_encode(PMA_blowfish_encrypt($pma_pw,$GLOBALS['cfg']['Server']['blowfish_secret'])), 0, $cookie_path, '', $is_https);
} // end if } // end if
// For http auth. mode, the "back" link will also enforce new // For http auth. mode, the "back" link will also enforce new
// authentication // authentication