nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

bug #1501027, possible user/password disclosure

Browse Source
This commit is contained in:
Marc Delisle
2006-06-23 11:14:15 +00:00
parent 31a7ac1c5c
commit d4dcc67495
2 changed files with 7 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
ChangeLog
View File

@@ -5,6 +5,10 @@ phpMyAdmin - ChangeLog
$Id$
$Source$
2006-06-23 Marc Delisle <lem9@users.sourceforge.net>
* libraries/Config.class.php: bug #1501027, possible user/password
disclosure when switching from http to https
2006-06-22 Marc Delisle <lem9@users.sourceforge.net>
* libraries/database_interface.lib.php, /export/sql.php, lang/*:
export of procedures and functions. Note: this needs improvement

4
libraries/Config.class.php
View File

@@ -509,7 +509,9 @@ class PMA_Config
// Setup a default value to let the people and lazy syadmins work anyway,
// they'll get an error if the autodetect code doesn't work
$pma_absolute_uri = $this->get('PmaAbsoluteUri');
if (strlen($pma_absolute_uri) < 1) {
// by recomputing $pma_absolute_uri when is_https, we ensure
// that a user switching from http to https stays in https
if (strlen($pma_absolute_uri) < 1 || $this->get('is_https')) {
$url = array();
// At first we try to parse REQUEST_URI, it might contain full URL