[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_7_1-23167-g29e658a - Git

21 Nov 2011

The branch, master has been updated
       via  29e658a1f796fe7a843faaa49e0c4942fd4ed2fc (commit)
       via  e2b6af5a99b9a053609ff76724fdc4a6a48dd14e (commit)
      from  a26e706378806eb428bf32038b590612784141e6 (commit)
- Log -----------------------------------------------------------------
commit 29e658a1f796fe7a843faaa49e0c4942fd4ed2fc
Merge: a26e706 e2b6af5
Author: Marc Delisle marc@infomarc.info
Date:   Mon Nov 21 12:42:07 2011 -0500
Merge branch 'QA_3_4'
-----------------------------------------------------------------------
Summary of changes:
 ChangeLog                          |    1 +
 libraries/auth/cookie.auth.lib.php |    4 ++++
 libraries/auth/http.auth.lib.php   |    4 ++++
 3 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 74fb791..7cbd315 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -78,6 +78,7 @@ phpMyAdmin - ChangeLog
   view name in main panel db Structure page
 - bug #3439292 [core] Fail to synchronize column with name of keyword
 - bug #3425156 [interface] Add column after drop
+- [interface] Avoid showing the password in phpinfo()'s output
3.4.7.1 (2011-11-10)
 - [security] Fixed possible local file inclusion in XML import
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index c21dbd6..4012db8 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -480,6 +480,10 @@ function PMA_auth_set_user()
     $cfg['Server']['user']     = $GLOBALS['PHP_AUTH_USER'];
     $cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW'];
+    // Avoid showing the password in phpinfo()'s output
+    unset($GLOBALS['PHP_AUTH_PW']);
+    unset($_SERVER['PHP_AUTH_PW']);
+
     $_SESSION['last_access_time'] = time();
// Name and password cookies need to be refreshed each time
diff --git a/libraries/auth/http.auth.lib.php b/libraries/auth/http.auth.lib.php
index 147a507..7a84eea 100644
--- a/libraries/auth/http.auth.lib.php
+++ b/libraries/auth/http.auth.lib.php
@@ -207,6 +207,10 @@ function PMA_auth_set_user()
     $cfg['Server']['user']     = $PHP_AUTH_USER;
     $cfg['Server']['password'] = $PHP_AUTH_PW;
+    // Avoid showing the password in phpinfo()'s output
+    unset($GLOBALS['PHP_AUTH_PW']);
+    unset($_SERVER['PHP_AUTH_PW']);
+
     return true;
 } // end of the 'PMA_auth_set_user()' function
hooks/post-receive
-- 
phpMyAdmin


    