The branch, QA_3_4 has been updated via e2b6af5a99b9a053609ff76724fdc4a6a48dd14e (commit) from e7877fba46743be0b351c526ccac216731ab8c1e (commit)

- Log ----------------------------------------------------------------- -----------------------------------------------------------------------

Summary of changes: ChangeLog | 1 + libraries/auth/cookie.auth.lib.php | 4 ++++ libraries/auth/http.auth.lib.php | 4 ++++ 3 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog index 7d5cf3d..c4817ff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -18,6 +18,7 @@ phpMyAdmin - ChangeLog view name in main panel db Structure page - bug #3439292 [core] Fail to synchronize column with name of keyword - bug #3425156 [interface] Add column after drop +- [interface] Avoid showing the password in phpinfo()'s output

3.4.7.1 (2011-11-10) - [security] Fixed possible local file inclusion in XML import diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php index c04d5a2..93b567a 100644 --- a/libraries/auth/cookie.auth.lib.php +++ b/libraries/auth/cookie.auth.lib.php @@ -549,6 +549,10 @@ function PMA_auth_set_user() $cfg['Server']['user'] = $GLOBALS['PHP_AUTH_USER']; $cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW'];

+ // Avoid showing the password in phpinfo()'s output + unset($GLOBALS['PHP_AUTH_PW']); + unset($_SERVER['PHP_AUTH_PW']); + $_SESSION['last_access_time'] = time();

// Name and password cookies need to be refreshed each time diff --git a/libraries/auth/http.auth.lib.php b/libraries/auth/http.auth.lib.php index b3d305a..b4bc030 100644 --- a/libraries/auth/http.auth.lib.php +++ b/libraries/auth/http.auth.lib.php @@ -207,6 +207,10 @@ function PMA_auth_set_user() $cfg['Server']['user'] = $PHP_AUTH_USER; $cfg['Server']['password'] = $PHP_AUTH_PW;

+ // Avoid showing the password in phpinfo()'s output + unset($GLOBALS['PHP_AUTH_PW']); + unset($_SERVER['PHP_AUTH_PW']); + return true; } // end of the 'PMA_auth_set_user()' function

hooks/post-receive