nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

[security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12

Browse Source
This commit is contained in:
Herman van Rink
2011-07-09 23:10:23 +02:00
parent ab31a2565f
commit f6f6ee3f11
2 changed files with 5 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
ChangeLog
View File

@@ -10,6 +10,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
- [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6
- [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7 - [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7
- [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8 - [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12
3.3.10.1 (2011-05-20) 3.3.10.1 (2011-05-20)
- [security] XSS on Tracking page - [security] XSS on Tracking page

6
libraries/auth/swekey/swekey.auth.lib.php
View File

@@ -143,7 +143,9 @@ function Swekey_auth_error()
return "Internal Error: CA File $caFile not found"; return "Internal Error: CA File $caFile not found";
$result = null; $result = null;
parse_str($_SERVER['QUERY_STRING']); $swekey_id = $_GET['swekey_id'];
$swekey_otp = $_GET['swekey_otp'];
if (isset($swekey_id)) { if (isset($swekey_id)) {
unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']); unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) { if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
@@ -166,7 +168,7 @@ function Swekey_auth_error()
$result = $GLOBALS['strSwekeyNoKey']; $result = $GLOBALS['strSwekeyNoKey'];
if ($_SESSION['SWEKEY']['CONF_DEBUG']) if ($_SESSION['SWEKEY']['CONF_DEBUG'])
{ {
$result .= "<br>".$swekey_id; $result .= "<br>" . htmlspecialchars($swekey_id);
} }
unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
} }