[Phpmyadmin-git] [SCM] phpMyAdmin branch, master, updated. RELEASE_3_3_7-10160-gf47e093

Michal Čihař nijel at users.sourceforge.net
Thu Sep 16 15:20:18 CEST 2010 

The branch, master has been updated
       via  f47e0933c3263abc7840c59bfa04bbbde6e730c2 (commit)
      from  08b31439b39fb4ce9a54235f3410be664687f7f0 (commit)


- Log -----------------------------------------------------------------
commit f47e0933c3263abc7840c59bfa04bbbde6e730c2
Author: Michal Čihař <mcihar at novell.com>
Date:   Thu Sep 16 15:19:46 2010 +0200

    [core] Force generating of new session on login
    
    This improves security because session ID and token are generated fresh
    for each user.

-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                |    1 +
 libraries/common.inc.php |    4 +++-
 2 files changed, 4 insertions(+), 1 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index f31420a..a11c829 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -112,6 +112,7 @@
 - bug #3042665 [parser] Add workaround for MySQL way of handling backtick.
 - bug #3056610 [interface] Removed modification options for information_schema 
 + patch #3055886 [config] Add Left frame table filter visibility config option, thanks to eesau
+- [core] Force generating of new session on login
 
 3.3.8.0 (not yet released)
 - bug #3059311 [import] BIGINT field type added to table analysis
diff --git a/libraries/common.inc.php b/libraries/common.inc.php
index b01a6ee..ee20145 100644
--- a/libraries/common.inc.php
+++ b/libraries/common.inc.php
@@ -814,6 +814,8 @@ if (! defined('PMA_MINIMUM_COMMON')) {
          */
         require_once './libraries/auth/' . $cfg['Server']['auth_type'] . '.auth.lib.php';
         if (!PMA_auth_check()) {
+            /* Force generating of new session on login */
+            PMA_secureSession();
             PMA_auth();
         } else {
             PMA_auth_set_user();
@@ -975,7 +977,7 @@ PMA_Tracker::enable();
  * @global boolean $GLOBALS['is_ajax_request']
  * @todo should this be moved to the variables init section above?
  *
- * Check if the current request is an AJAX request, and set is_ajax_request 
+ * Check if the current request is an AJAX request, and set is_ajax_request
  * accordingly.  Suppress headers, footers and unnecessary output if set to
  * true
  */


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list