diff --git a/ChangeLog b/ChangeLog
index 432be934f..c748ae35c 100755
--- a/ChangeLog
+++ b/ChangeLog
@@ -5,6 +5,10 @@ phpMyAdmin - ChangeLog
 $Id$
 $Source$
 
+2006-06-23 Marc Delisle  <lem9@users.sourceforge.net>
+   * libraries/Config.class.php: bug #1501027, possible user/password
+     disclosure when switching from http to https
+
 2006-06-22 Marc Delisle  <lem9@users.sourceforge.net>
     * libraries/database_interface.lib.php, /export/sql.php, lang/*:
     export of procedures and functions. Note: this needs improvement
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index d68473ca5..d70b370e6 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -509,7 +509,9 @@ class PMA_Config
         // Setup a default value to let the people and lazy syadmins work anyway,
         // they'll get an error if the autodetect code doesn't work
         $pma_absolute_uri = $this->get('PmaAbsoluteUri');
-        if (strlen($pma_absolute_uri) < 1) {
+        // by recomputing $pma_absolute_uri when is_https, we ensure
+        // that a user switching from http to https stays in https
+        if (strlen($pma_absolute_uri) < 1 || $this->get('is_https')) {
             $url = array();
 
             // At first we try to parse REQUEST_URI, it might contain full URL