[Phpmyadmin-git] [SCM] phpMyAdmin branch, QA_3_4, updated. RELEASE_3_4_7_1-33-ge2b6af5

Marc Delisle lem9 at users.sourceforge.net
Mon Nov 21 18:44:06 CET 2011 

The branch, QA_3_4 has been updated
       via  e2b6af5a99b9a053609ff76724fdc4a6a48dd14e (commit)
      from  e7877fba46743be0b351c526ccac216731ab8c1e (commit)


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 ChangeLog                          |    1 +
 libraries/auth/cookie.auth.lib.php |    4 ++++
 libraries/auth/http.auth.lib.php   |    4 ++++
 3 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 7d5cf3d..c4817ff 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,7 @@ phpMyAdmin - ChangeLog
   view name in main panel db Structure page
 - bug #3439292 [core] Fail to synchronize column with name of keyword
 - bug #3425156 [interface] Add column after drop
+- [interface] Avoid showing the password in phpinfo()'s output
 
 3.4.7.1 (2011-11-10)
 - [security] Fixed possible local file inclusion in XML import
diff --git a/libraries/auth/cookie.auth.lib.php b/libraries/auth/cookie.auth.lib.php
index c04d5a2..93b567a 100644
--- a/libraries/auth/cookie.auth.lib.php
+++ b/libraries/auth/cookie.auth.lib.php
@@ -549,6 +549,10 @@ function PMA_auth_set_user()
     $cfg['Server']['user']     = $GLOBALS['PHP_AUTH_USER'];
     $cfg['Server']['password'] = $GLOBALS['PHP_AUTH_PW'];
 
+    // Avoid showing the password in phpinfo()'s output
+    unset($GLOBALS['PHP_AUTH_PW']);
+    unset($_SERVER['PHP_AUTH_PW']);
+
     $_SESSION['last_access_time'] = time();
 
     // Name and password cookies need to be refreshed each time
diff --git a/libraries/auth/http.auth.lib.php b/libraries/auth/http.auth.lib.php
index b3d305a..b4bc030 100644
--- a/libraries/auth/http.auth.lib.php
+++ b/libraries/auth/http.auth.lib.php
@@ -207,6 +207,10 @@ function PMA_auth_set_user()
     $cfg['Server']['user']     = $PHP_AUTH_USER;
     $cfg['Server']['password'] = $PHP_AUTH_PW;
 
+    // Avoid showing the password in phpinfo()'s output
+    unset($GLOBALS['PHP_AUTH_PW']);
+    unset($_SERVER['PHP_AUTH_PW']);
+
     return true;
 } // end of the 'PMA_auth_set_user()' function
 


hooks/post-receive
-- 
phpMyAdmin

More information about the Git mailing list