The branch, master has been updated via 29e658a1f796fe7a843faaa49e0c4942fd4ed2fc (commit) via e2b6af5a99b9a053609ff76724fdc4a6a48dd14e (commit) from a26e706378806eb428bf32038b590612784141e6 (commit) - Log ----------------------------------------------------------------- commit 29e658a1f796fe7a843faaa49e0c4942fd4ed2fc Merge: a26e706 e2b6af5 Author: Marc Delisle <marc@infomarc.info> Date: Mon Nov 21 12:42:07 2011 -0500 Merge branch 'QA_3_4' ----------------------------------------------------------------------- Summary of changes: ChangeLog | 1 + libraries/auth/cookie.auth.lib.php | 4 ++++ libraries/auth/http.auth.lib.php | 4 ++++ 3 files changed, 9 insertions(+), 0 deletions(-) diff --git a/ChangeLog b/ChangeLog index 74fb791..7cbd315 100644 --- a/ChangeLog +++ b/ChangeLog @@ -78,6 +78,7 @@ phpMyAdmin - ChangeLog view name in main panel db Structure page - bug #3439292 [core] Fail to synchronize column with name of keyword - bug #3425156 [interface] Add column after drop +- [interface] Avoid showing the password in phpinfo()'s output 3.4.7.1 (2011-11-10) - [security] Fixed possible local file inclusion in XML import diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php index c21dbd6..4012db8 100644 --- a/libraries/auth/cookie.auth.lib.php +++ b/libraries/auth/cookie.auth.lib.php @@ -480,6 +480,10 @@ function PMA_auth_set_user() $cfg['Server']['user'] = $GLOBALS['PHP_AUTH_USER']; $cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW']; + // Avoid showing the password in phpinfo()'s output + unset($GLOBALS['PHP_AUTH_PW']); + unset($_SERVER['PHP_AUTH_PW']); + $_SESSION['last_access_time'] = time(); // Name and password cookies need to be refreshed each time diff --git a/libraries/auth/http.auth.lib.php b/libraries/auth/http.auth.lib.php index 147a507..7a84eea 100644 --- a/libraries/auth/http.auth.lib.php +++ b/libraries/auth/http.auth.lib.php @@ -207,6 +207,10 @@ function PMA_auth_set_user() $cfg['Server']['user'] = $PHP_AUTH_USER; $cfg['Server']['password'] = $PHP_AUTH_PW; + // Avoid showing the password in phpinfo()'s output + unset($GLOBALS['PHP_AUTH_PW']); + unset($_SERVER['PHP_AUTH_PW']); + return true; } // end of the 'PMA_auth_set_user()' function hooks/post-receive -- phpMyAdmin