removed obsolete PHP < 5.2 code

libraries/session.inc.php

@@ -53,8 +53,7 @@ ini_set('session.bug_compat_42', false);
 ini_set('session.bug_compat_warn', true);
 
 // use more secure session ids (with PHP 5)
-if (version_compare(PHP_VERSION, '5.0.0', 'ge')
+if (substr(PHP_OS, 0, 3) != 'WIN') {
-  && substr(PHP_OS, 0, 3) != 'WIN') {
     ini_set('session.hash_function', 1);
     ini_set('session.hash_bits_per_character', 6);
 }
@@ -72,12 +71,6 @@ session_cache_limiter('private');
 
 $session_name = 'phpMyAdmin';
 @session_name($session_name);
-// strictly, PHP 4 since 4.4.2 would not need a verification
-if (version_compare(PHP_VERSION, '5.1.2', 'lt')
- && isset($_COOKIE[$session_name])
- && eregi("\r|\n", $_COOKIE[$session_name])) {
-    die('attacked');
-}
 
 if (! isset($_COOKIE[$session_name])) {
     // on first start of session we will check for errors
@@ -114,17 +107,10 @@ if (!isset($_SESSION[' PMA_token '])) {
  * (only required if sensitive information stored in session)
  *
  * @uses    session_regenerate_id() to secure session from fixation
- * @uses    session_id()            to set new session id
- * @uses    strip_tags()            to prevent XSS attacks in SID
- * @uses    function_exists()       for session_regenerate_id()
  */
 function PMA_secureSession()
 {
     // prevent session fixation and XSS
-    if (function_exists('session_regenerate_id')) {
     session_regenerate_id(true);
-    } else {
-        session_id(strip_tags(session_id()));
-    }
 }
 ?>