The branch, master has been updated via f47e0933c3263abc7840c59bfa04bbbde6e730c2 (commit) from 08b31439b39fb4ce9a54235f3410be664687f7f0 (commit)

- Log ----------------------------------------------------------------- commit f47e0933c3263abc7840c59bfa04bbbde6e730c2 Author: Michal Čihař mcihar@novell.com Date: Thu Sep 16 15:19:46 2010 +0200

[core] Force generating of new session on login

This improves security because session ID and token are generated fresh for each user.

-----------------------------------------------------------------------

Summary of changes: ChangeLog | 1 + libraries/common.inc.php | 4 +++- 2 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog index f31420a..a11c829 100644 --- a/ChangeLog +++ b/ChangeLog @@ -112,6 +112,7 @@ - bug #3042665 [parser] Add workaround for MySQL way of handling backtick. - bug #3056610 [interface] Removed modification options for information_schema + patch #3055886 [config] Add Left frame table filter visibility config option, thanks to eesau +- [core] Force generating of new session on login

3.3.8.0 (not yet released) - bug #3059311 [import] BIGINT field type added to table analysis diff --git a/libraries/common.inc.php b/libraries/common.inc.php index b01a6ee..ee20145 100644 --- a/libraries/common.inc.php +++ b/libraries/common.inc.php @@ -814,6 +814,8 @@ if (! defined('PMA_MINIMUM_COMMON')) { */ require_once './libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php'; if (!PMA_auth_check()) { + /* Force generating of new session on login */ + PMA_secureSession(); PMA_auth(); } else { PMA_auth_set_user(); @@ -975,7 +977,7 @@ PMA_Tracker::enable(); * @global boolean $GLOBALS['is_ajax_request'] * @todo should this be moved to the variables init section above? * - * Check if the current request is an AJAX request, and set is_ajax_request + * Check if the current request is an AJAX request, and set is_ajax_request * accordingly. Suppress headers, footers and unnecessary output if set to * true */

hooks/post-receive