Skip to content
Permalink
Browse files

Fixed possible session manipulation in swekey authentication, see PMA…

…SA-2011-5
  • Loading branch information...
helmo committed Jun 30, 2011
1 parent 9fc6e35 commit 7ebd958b2bf59f96fecd5b3322bdbd0b244a7967
Showing with 5 additions and 3 deletions.
  1. +3 −0 ChangeLog
  2. +2 −3 libraries/auth/swekey/swekey.auth.lib.php
@@ -1,6 +1,9 @@
phpMyAdmin - ChangeLog
======================

3.4.3.1 (not yet released)
- [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5

3.4.3.0 (2011-06-27)
- bug #3311170 [sync] Missing helper icons in Synchronize
- patch #3304473 [setup] Redefine a lable that was wrong
@@ -263,11 +263,10 @@ function open_swekey_site()
}
}
if (strstr($_SERVER['QUERY_STRING'],'session_to_unset') != false)
if (!empty($_GET['session_to_unset']))
{
parse_str($_SERVER['QUERY_STRING']);
session_write_close();
session_id($session_to_unset);
session_id($_GET['session_to_unset']);
session_start();
$_SESSION = array();
session_write_close();

0 comments on commit 7ebd958

Please sign in to comment.
You can’t perform that action at this time.