Fixing blowfish_secret length (too short) [phpMyAdmin]

[lukapaunovic]

Fixing blowfish_secret length (too short) if not longer phpMyAdmin shows a warning:

The secret passphrase in configuration (blowfish_secret) is too short.

[anton-reutov]

Not working for CentOS 6

[lukapaunovic]

Not working for CentOS 6

What's not working? This fix will solve the problem only for new installations, I edited install scripts.
To fix it for existing, blowfish secret needs to be manually updated with 32long string in /etc/phpMyAdmin/config.inc.php

[anton-reutov]

Not working for CentOS 6

What's not working?

The configuration file now needs a secret passphrase (blowfish_secret)
config.inc.php
$cfg['blowfish_secret'] = '%blowfish_secret%'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

[lukapaunovic]

Sorry, fixed :)

[anton-reutov]

Ok, i will check it again )

[anton-reutov]

Sorry, not working for CentOS 6, but working if blowfish_secret to specify in this file /usr/share/phpMyAdmin/libraries/config.default.php
i don't see any problems in there /usr/share/phpMyAdmin/libraries/vendor_config.php
it's strange, maybe problem with chown for this file /etc/phpMyAdmin/config.inc.php , but not sure.

[lukapaunovic]

I found the issue

define('CONFIG_DIR', '');
in /usr/share/phpMyAdmin/libraries/vendor_config.php
should be
define('CONFIG_DIR', '/etc/phpMyAdmin/');

When it's blank it's not loading /etc/phpMyAdmin/config.inc.php at all..

Please define, and you'll see warning disappeared.

Now we know what needs to be fixed for this patch to work properly. This fix I requested pull for is still needed as gen_pass is generating too short string to be used as blowfish_secret.

EDIT: I just checked /usr/share/phpMyAdmin/libraries/vendor_config.php at servers I recently installed, and I discovered variable is defined, so it must be a bug related to certain OS version, this was latest centos 7 64 bit.

[anton-reutov]

Thank you for your help