From da1b3a97dd77c56bc694b3b377d3ba835d9ea89a Mon Sep 17 00:00:00 2001
From: Sebastian Mendel <cybot_tm@users.sourceforge.net>
Date: Mon, 8 Oct 2007 06:29:55 +0000
Subject: [PATCH] removed obsolete PHP < 5.2 code

---
 libraries/session.inc.php | 18 ++----------------
 1 file changed, 2 insertions(+), 16 deletions(-)

diff --git a/libraries/session.inc.php b/libraries/session.inc.php
index 382b60ba3..db8082d82 100644
--- a/libraries/session.inc.php
+++ b/libraries/session.inc.php
@@ -53,8 +53,7 @@ ini_set('session.bug_compat_42', false);
 ini_set('session.bug_compat_warn', true);
 
 // use more secure session ids (with PHP 5)
-if (version_compare(PHP_VERSION, '5.0.0', 'ge')
-  && substr(PHP_OS, 0, 3) != 'WIN') {
+if (substr(PHP_OS, 0, 3) != 'WIN') {
     ini_set('session.hash_function', 1);
     ini_set('session.hash_bits_per_character', 6);
 }
@@ -72,12 +71,6 @@ session_cache_limiter('private');
 
 $session_name = 'phpMyAdmin';
 @session_name($session_name);
-// strictly, PHP 4 since 4.4.2 would not need a verification
-if (version_compare(PHP_VERSION, '5.1.2', 'lt')
- && isset($_COOKIE[$session_name])
- && eregi("\r|\n", $_COOKIE[$session_name])) {
-    die('attacked');
-}
 
 if (! isset($_COOKIE[$session_name])) {
     // on first start of session we will check for errors
@@ -114,17 +107,10 @@ if (!isset($_SESSION[' PMA_token '])) {
  * (only required if sensitive information stored in session)
  *
  * @uses    session_regenerate_id() to secure session from fixation
- * @uses    session_id()            to set new session id
- * @uses    strip_tags()            to prevent XSS attacks in SID
- * @uses    function_exists()       for session_regenerate_id()
  */
 function PMA_secureSession()
 {
     // prevent session fixation and XSS
-    if (function_exists('session_regenerate_id')) {
-        session_regenerate_id(true);
-    } else {
-        session_id(strip_tags(session_id()));
-    }
+    session_regenerate_id(true);
 }
 ?>