1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
--- phpmyadmin-2.9.1.1.orig/libraries/common.lib.php 2006-11-19 01:28:45.000000000 +0100
+++ phpmyadmin-2.9.1.1/libraries/common.lib.php 2008-04-24 19:59:00.000000000 +0200
@@ -2983,7 +2983,6 @@
/******************************************************************************/
/* parsing config file LABEL_parsing_config_file */
-if (empty($_SESSION['PMA_Config'])) {
/**
* We really need this one!
*/
@@ -3002,10 +3001,6 @@
$_SESSION['PMA_Config'] = new PMA_Config('./config.inc.php');
-} elseif (version_compare(phpversion(), '5', 'lt')) {
- $_SESSION['PMA_Config']->__wakeup();
-}
-
if (!defined('PMA_MINIMUM_COMMON')) {
$_SESSION['PMA_Config']->checkPmaAbsoluteUri();
}
@@ -3409,6 +3404,11 @@
} // end if !defined('PMA_MINIMUM_COMMON')
+// remove sensitive values from session
+$_SESSION['PMA_Config']->set('blowfish_secret', '');
+$_SESSION['PMA_Config']->set('Servers', '');
+$_SESSION['PMA_Config']->set('default_server', '');
+
if (!empty($__redirect) && in_array($__redirect, $goto_whitelist)) {
// to handle bug #1388167
if (isset($_GET['is_js_confirmed'])) {
--- phpmyadmin-2.9.1.1.orig/libraries/Config.class.php 2006-11-19 01:28:45.000000000 +0100
+++ phpmyadmin-2.9.1.1/libraries/Config.class.php 2008-04-24 19:57:17.000000000 +0200
@@ -839,8 +839,8 @@
*/
function enableBc()
{
- $GLOBALS['cfg'] =& $this->settings;
- $GLOBALS['default_server'] =& $this->default_server;
+ $GLOBALS['cfg'] = $this->settings;
+ $GLOBALS['default_server'] = $this->default_server;
$GLOBALS['collation_connection'] = $this->get('collation_connection');
$GLOBALS['is_upload'] = $this->get('enable_upload');
$GLOBALS['max_upload_size'] = $this->get('max_upload_size');
|
