X-Git-Url: http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin%2Fphpmyadmin;a=blobdiff_plain;f=libraries%2Fauth%2Fswekey%2Fswekey.auth.lib.php;h=197de1c1db9cd09e3aaae6c533f163152fc1d9db;hp=2a790c4d51f41370f734f82fdab625eecedb4a06;hb=630b8260be45eb9b211f5d7628dbb9e5c1b05bc6;hpb=6e6e129f26295c83d67b74e202628a4b8bc49e54

diff --git a/libraries/auth/swekey/swekey.auth.lib.php b/libraries/auth/swekey/swekey.auth.lib.php
index 2a790c4..197de1c 100644
--- a/libraries/auth/swekey/swekey.auth.lib.php
+++ b/libraries/auth/swekey/swekey.auth.lib.php
@@ -143,7 +143,9 @@ function Swekey_auth_error()
         return "Internal Error: CA File $caFile not found";
 
     $result = null;
-    parse_str($_SERVER['QUERY_STRING']);
+	$swekey_id = $_GET['swekey_id'];
+	$swekey_otp = $_GET['swekey_otp'];
+
     if (isset($swekey_id)) {
         unset($_SESSION['SWEKEY']['AUTHENTICATED_SWEKEY']);
         if (! isset($_SESSION['SWEKEY']['RND_TOKEN'])) {
@@ -166,7 +168,7 @@ function Swekey_auth_error()
                 $result = $GLOBALS['strSwekeyNoKey'];
                 if ($_SESSION['SWEKEY']['CONF_DEBUG'])
                 {
-                    $result .= "<br>".$swekey_id;
+                    $result .= "<br>" . htmlspecialchars($swekey_id);
                 }
                 unset($_SESSION['SWEKEY']['CONF_LOADED']); // reload the conf file
              }
@@ -186,16 +188,16 @@ function Swekey_auth_error()
         <script>
 	    if (key.length != 32)
 	    {
-	        window.location.search="?swekey_id=" + key;
+	        window.location.search="?swekey_id=" + key + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
 	    }
 	    else
 	    {
 	        var url = "" + window.location;
 	        if (url.indexOf("?") > 0)
 	            url = url.substr(0, url.indexOf("?"));
-	        Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>");
+	        Swekey_SetUnplugUrl(key, "pma_login", url + "?session_to_unset=<?php echo session_id();?>&token=<?php echo $_SESSION[' PMA_token ']; ?>");
 	     	var otp = Swekey_GetOtp(key, <?php echo '"'.$_SESSION['SWEKEY']['RND_TOKEN'].'"';?>);
-	        window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp;
+	        window.location.search="?swekey_id=" + key + "&swekey_otp=" + otp + "&token=<?php echo $_SESSION[' PMA_token ']; ?>";
 	    }
         </script>
         <?php