[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_4_0BETA4-394-g8fb2679 - Git

18 Mar 2011

The branch, master has been updated
       via  8fb267930eebb72e0f5eb23044ac439c950461e3 (commit)
      from  efd8db8298bbf288ad596efd918661a3d3e8492d (commit)
- Log -----------------------------------------------------------------
commit 8fb267930eebb72e0f5eb23044ac439c950461e3
Author: Michal Čihař mcihar@novell.com
Date:   Fri Mar 18 16:12:16 2011 +0100
bug #3039384 [auth] Force signon auth on signon URL change.
-----------------------------------------------------------------------
Summary of changes:
 ChangeLog                          |    1 +
 libraries/auth/signon.auth.lib.php |   11 +++++++++++
 2 files changed, 12 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 8973673..d9897e8 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -149,6 +149,7 @@
 - bug #3206876 [core] Work without mbstring installed.
 - rfe #3196075, patch #3212068 [interface] Add links to variables documentation.
 - bug #3208723 [import] Fix import of utf-8 XML files.
+- bug #3039384 [auth] Force signon auth on signon URL change.
3.3.10.0 (not yet released)
 - patch #3147400 [structure] Aria table size printed as unknown,
diff --git a/libraries/auth/signon.auth.lib.php b/libraries/auth/signon.auth.lib.php
index 6eb0ead..3e0d64b 100644
--- a/libraries/auth/signon.auth.lib.php
+++ b/libraries/auth/signon.auth.lib.php
@@ -19,6 +19,7 @@
  * @access  public
  */
 function PMA_auth() {
+    unset($_SESSION['LAST_SIGNON_URL']);
     if (empty($GLOBALS['cfg']['Server']['SignonURL'])) {
         PMA_fatalError('You must set SignonURL!');
     } elseif (!empty($_REQUEST['old_usr']) && !empty($GLOBALS['cfg']['Server']['LogoutURL'])) {
@@ -54,9 +55,17 @@ function PMA_auth_check()
 {
     global $PHP_AUTH_USER, $PHP_AUTH_PW;
+    /* Check if we're using same sigon server */
+    if (isset($_SESSION['LAST_SIGNON_URL']) && $_SESSION['LAST_SIGNON_URL'] != $GLOBALS['cfg']['Server']['SignonURL']) {
+        return false;
+    }
+
     /* Session name */
     $session_name = $GLOBALS['cfg']['Server']['SignonSession'];
+    /* Login URL */
+    $signon_url = $GLOBALS['cfg']['Server']['SignonURL'];
+
     /* Current host */
     $single_signon_host = $GLOBALS['cfg']['Server']['host'];
@@ -150,8 +159,10 @@ function PMA_auth_check()
// Returns whether we get authentication settings or not
     if (empty($PHP_AUTH_USER)) {
+        unset($_SESSION['LAST_SIGNON_URL']);
         return false;
     } else {
+        $_SESSION['LAST_SIGNON_URL'] = $GLOBALS['cfg']['Server']['SignonURL'];
         return true;
     }
 } // end of the 'PMA_auth_check()' function
hooks/post-receive
-- 
phpMyAdmin


    