Merge branch 'QA_4_6-security' into master-security

libraries/VersionInformation.php

@@ -72,7 +72,7 @@ public function getLatestVersion()
                     CURLOPT_TIMEOUT,
                     $connection_timeout
                 );
-                $response = curl_exec($curl_handle);
+                $response = @curl_exec($curl_handle);
             } else if (ini_get('allow_url_fopen')) {
                 $context = array(
                     'http' => array(
@@ -81,12 +81,16 @@ public function getLatestVersion()
                     )
                 );
                 $context = Util::handleContext($context);
-                $response = file_get_contents(
+                $response = @file_get_contents(
                     $file,
                     false,
                     stream_context_create($context)
                 );
             }
+            // Check possible failure of getting data
+            if ($response === false) {
+                $response = '{}';
+            }
         }
 
         /* Parse response */

libraries/ip_allow_deny.lib.php

@@ -271,7 +271,7 @@ function PMA_allowDeny($type)
 
         // check for username
         if (($rule_data[1] != '%') //wildcarded first
-            && ($rule_data[1] != $username)
+            && (! hash_equals($rule_data[1], $username))
         ) {
             continue;
         }

libraries/plugins/auth/AuthenticationCookie.php

@@ -407,14 +407,14 @@ public function authSetUser()
 
         // Ensures valid authentication mode, 'only_db', bookmark database and
         // table names and relation table name are used
-        if ($cfg['Server']['user'] != $GLOBALS['PHP_AUTH_USER']) {
+        if (! hash_equals($cfg['Server']['user'], $GLOBALS['PHP_AUTH_USER'])) {
             foreach ($cfg['Servers'] as $idx => $current) {
                 if ($current['host'] == $cfg['Server']['host']
                     && $current['port'] == $cfg['Server']['port']
                     && $current['socket'] == $cfg['Server']['socket']
                     && $current['ssl'] == $cfg['Server']['ssl']
                     && $current['connect_type'] == $cfg['Server']['connect_type']
-                    && $current['user'] == $GLOBALS['PHP_AUTH_USER']
+                    && hash_equals($current['user'], $GLOBALS['PHP_AUTH_USER'])
                 ) {
                     $GLOBALS['server'] = $idx;
                     $cfg['Server']     = $current;

libraries/plugins/auth/AuthenticationHttp.php

@@ -168,8 +168,8 @@ public function authCheck()
 
         // User logged out -> ensure the new username is not the same
         $old_usr = isset($_REQUEST['old_usr']) ? $_REQUEST['old_usr'] : '';
-        if (!empty($old_usr)
-            && (isset($PHP_AUTH_USER) && $old_usr == $PHP_AUTH_USER)
+        if (! empty($old_usr)
+            && (isset($PHP_AUTH_USER) && hash_equals($old_usr, $PHP_AUTH_USER))
         ) {
             $PHP_AUTH_USER = '';
         }
@@ -199,12 +199,12 @@ public function authSetUser()
 
         // Ensures valid authentication mode, 'only_db', bookmark database and
         // table names and relation table name are used
-        if ($cfg['Server']['user'] != $PHP_AUTH_USER) {
+        if (! hash_equals($cfg['Server']['user'], $PHP_AUTH_USER)) {
             $servers_cnt = count($cfg['Servers']);
             for ($i = 1; $i <= $servers_cnt; $i++) {
                 if (isset($cfg['Servers'][$i])
                     && ($cfg['Servers'][$i]['host'] == $cfg['Server']['host']
-                    && $cfg['Servers'][$i]['user'] == $PHP_AUTH_USER)
+                    && hash_equals($cfg['Servers'][$i]['user'], $PHP_AUTH_USER))
                 ) {
                     $server = $i;
                     $cfg['Server'] = $cfg['Servers'][$i];