[phpMyAdmin Git] [phpmyadmin/phpmyadmin] 6c95b7: Do not append session IDs to all URLs in redirect

Michal Čihař michal at cihar.com
Tue Jul 26 16:32:22 CEST 2016


  Branch: refs/heads/master
  Home:   https://github.com/phpmyadmin/phpmyadmin
  Commit: 6c95b73f9028f27ee3e9e4b56eda2d285c807b30
      https://github.com/phpmyadmin/phpmyadmin/commit/6c95b73f9028f27ee3e9e4b56eda2d285c807b30
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-26 (Tue, 26 Jul 2016)

  Changed paths:
    M libraries/core.lib.php
    M test/classes/plugin/auth/AuthenticationCookieTest.php
    M test/classes/plugin/auth/AuthenticationHttpTest.php
    M test/classes/plugin/auth/AuthenticationSignonTest.php
    M test/libraries/core/PMA_headerLocation_test.php

  Log Message:
  -----------
  Do not append session IDs to all URLs in redirect

There is no need to do that as we rely on session cookies anyway. Also
appending sesson ID to external URLs is not a good idea.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 64f033d3b9d3fd698927500eb5fd2db8f88b9986
      https://github.com/phpmyadmin/phpmyadmin/commit/64f033d3b9d3fd698927500eb5fd2db8f88b9986
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-26 (Tue, 26 Jul 2016)

  Changed paths:
    M ChangeLog
    M libraries/session.inc.php

  Log Message:
  -----------
  Tighthen control on PHP sessions and session cookies

- use only cookies for session
- use http only cookies
- disable transparent session IDs

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 22c4ede46d7c943bfd8127a09df29f2792d1afd6
      https://github.com/phpmyadmin/phpmyadmin/commit/22c4ede46d7c943bfd8127a09df29f2792d1afd6
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-26 (Tue, 26 Jul 2016)

  Changed paths:
    M ChangeLog
    M libraries/core.lib.php
    M libraries/session.inc.php
    M test/classes/plugin/auth/AuthenticationCookieTest.php
    M test/classes/plugin/auth/AuthenticationHttpTest.php
    M test/classes/plugin/auth/AuthenticationSignonTest.php
    M test/libraries/core/PMA_headerLocation_test.php

  Log Message:
  -----------
  Merge branch 'QA_4_6'


  Commit: b9d823f4e84156e8731360bc587a2c3518ff7db9
      https://github.com/phpmyadmin/phpmyadmin/commit/b9d823f4e84156e8731360bc587a2c3518ff7db9
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-26 (Tue, 26 Jul 2016)

  Changed paths:
    M test/libraries/core/PMA_headerLocation_test.php

  Log Message:
  -----------
  Remove unused tests code

Signed-off-by: Michal Čihař <michal at cihar.com>


Compare: https://github.com/phpmyadmin/phpmyadmin/compare/2f247ea46148...b9d823f4e841


More information about the Git mailing list