Merge branch 'MAINT_4_4_14' into STABLE

phpmyadmin · Sep 8, 2015 · b892176 · b892176
2 parents efa80f8 + f7f483e
commit b892176
Show file tree

Hide file tree

Showing 6 changed files with 18 additions and 39 deletions.
diff --git a/ChangeLog b/ChangeLog
@@ -1,6 +1,9 @@
 phpMyAdmin - ChangeLog
 ======================
 
+4.4.14.1 (2015-09-08)
+- issue        [security] reCaptcha bypass
+
 4.4.14.0 (2015-08-20)
 - issue #11367 Export after search, missing WHERE clause
 - issue #11380 Incomplete message after import

diff --git a/README b/README
@@ -1,7 +1,7 @@
 phpMyAdmin - Readme
 ===================
 
-Version 4.4.14
+Version 4.4.14.1
 
 A set of PHP-scripts to manage MySQL over the web.
 

diff --git a/doc/conf.py b/doc/conf.py
@@ -51,7 +51,7 @@
 # built documents.
 #
 # The short X.Y version.
-version = '4.4.14'
+version = '4.4.14.1'
 # The full version, including alpha/beta/rc tags.
 release = version
 

diff --git a/libraries/Config.class.php b/libraries/Config.class.php
@@ -114,7 +114,7 @@ function __construct($source = null)
      */
     function checkSystem()
     {
-        $this->set('PMA_VERSION', '4.4.14');
+        $this->set('PMA_VERSION', '4.4.14.1');
         /**
          * @deprecated
          */

diff --git a/libraries/plugins/auth/AuthenticationCookie.class.php b/libraries/plugins/auth/AuthenticationCookie.class.php
@@ -223,18 +223,9 @@ public function auth()
                 . $GLOBALS['server'] . '" />';
         } // end if (server choice)
 
-        // We already have one correct captcha.
-        $skip = false;
-        if (  isset($_SESSION['last_valid_captcha'])
-            && $_SESSION['last_valid_captcha']
-        ) {
-            $skip = true;
-        }
-
         // Add captcha input field if reCaptcha is enabled
         if (  !empty($GLOBALS['cfg']['CaptchaLoginPrivateKey'])
             && !empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])
-            && !$skip
         ) {
             // If enabled show captcha to the user on the login screen.
             echo '<script src="https://www.google.com/recaptcha/api.js?hl='
@@ -336,8 +327,6 @@ public function authCheck()
 
             if (! defined('TESTSUITE')) {
                 session_destroy();
-                // $_SESSION array is not immediately emptied
-                $_SESSION['last_valid_captcha'] = false;
             }
             // -> delete password cookie(s)
             if ($GLOBALS['cfg']['LoginCookieDeleteAll']) {
@@ -359,18 +348,9 @@ public function authCheck()
 
         if (! empty($_REQUEST['pma_username'])) {
 
-            // We already have one correct captcha.
-            $skip = false;
-            if (isset($_SESSION['last_valid_captcha'])
-                && $_SESSION['last_valid_captcha']
-            ) {
-                $skip = true;
-            }
-
             // Verify Captcha if it is required.
             if (! empty($GLOBALS['cfg']['CaptchaLoginPrivateKey'])
                 && ! empty($GLOBALS['cfg']['CaptchaLoginPublicKey'])
-                && ! $skip
             ) {
                 if (! empty($_POST["g-recaptcha-response"])) {
 
@@ -388,18 +368,11 @@ public function authCheck()
                     // Check if the captcha entered is valid, if not stop the login.
                     if ($resp == null || ! $resp->isSuccess()) {
                         $conn_error = __('Entered captcha is wrong, try again!');
-                        $_SESSION['last_valid_captcha'] = false;
                         return false;
-                    } else {
-                        $_SESSION['last_valid_captcha'] = true;
                     }
                 } else {
-                    if (! isset($_SESSION['last_valid_captcha'])
-                        || ! $_SESSION['last_valid_captcha']
-                    ) {
-                        $conn_error = __('Please enter correct captcha!');
-                        return false;
-                    }
+                    $conn_error = __('Please enter correct captcha!');
+                    return false;
                 }
             }
 

diff --git a/test/classes/plugin/auth/PMA_AuthenticationCookie_test.php b/test/classes/plugin/auth/PMA_AuthenticationCookie_test.php
@@ -186,7 +186,8 @@ public function testAuth()
         $GLOBALS['cfg']['Lang'] = 'en';
         $GLOBALS['cfg']['AllowArbitraryServer'] = true;
         $GLOBALS['cfg']['Servers'] = array(1, 2);
-        $_SESSION['last_valid_captcha'] = true;
+        $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = '';
+        $GLOBALS['cfg']['CaptchaLoginPublicKey'] = '';
         $GLOBALS['target'] = 'testTarget';
         $GLOBALS['db'] = 'testDb';
         $GLOBALS['table'] = 'testTable';
@@ -308,7 +309,6 @@ public function testAuth()
         $GLOBALS['cfg']['Lang'] = '';
         $GLOBALS['cfg']['AllowArbitraryServer'] = false;
         $GLOBALS['cfg']['Servers'] = array(1);
-        $_SESSION['last_valid_captcha'] = false;
         $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = 'testprivkey';
         $GLOBALS['cfg']['CaptchaLoginPublicKey'] = 'testpubkey';
         $GLOBALS['server'] = 0;
@@ -431,7 +431,6 @@ public function testAuthCheck()
 
         // case 2
 
-        $_SESSION['last_valid_captcha'] = false;
         $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = 'testprivkey';
         $GLOBALS['cfg']['CaptchaLoginPublicKey'] = 'testpubkey';
         $_POST["g-recaptcha-response"] = '';
@@ -481,7 +480,8 @@ public function testAuthCheck()
 
         // case 6
 
-        $_SESSION['last_valid_captcha'] = true;
+        $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = '';
+        $GLOBALS['cfg']['CaptchaLoginPublicKey'] = '';
         $_REQUEST['old_usr'] = '';
         $_REQUEST['pma_username'] = 'testPMAUser';
         $_REQUEST['pma_servername'] = 'testPMAServer';
@@ -611,7 +611,8 @@ public function testAuthCheckDecryptUser()
         $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09');
         $GLOBALS['cfg']['blowfish_secret'] = 'secret';
         $_SESSION['last_access_time'] = '';
-        $_SESSION['last_valid_captcha'] = true;
+        $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = '';
+        $GLOBALS['cfg']['CaptchaLoginPublicKey'] = '';
 
         // mock for blowfish function
         $this->object = $this->getMockBuilder('AuthenticationCookie')
@@ -649,7 +650,8 @@ public function testAuthCheckDecryptPassword()
         $_COOKIE['pmaPass-1'] = 'pmaPass1';
         $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09');
         $GLOBALS['cfg']['blowfish_secret'] = 'secret';
-        $_SESSION['last_valid_captcha'] = true;
+        $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = '';
+        $GLOBALS['cfg']['CaptchaLoginPublicKey'] = '';
         $_SESSION['last_access_time'] = time() - 1000;
         $GLOBALS['cfg']['LoginCookieValidity'] = 1440;
 
@@ -694,7 +696,8 @@ public function testAuthCheckAuthFails()
         $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09');
         $GLOBALS['cfg']['blowfish_secret'] = 'secret';
         $_SESSION['last_access_time'] = 1;
-        $_SESSION['last_valid_captcha'] = true;
+        $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = '';
+        $GLOBALS['cfg']['CaptchaLoginPublicKey'] = '';
         $GLOBALS['cfg']['LoginCookieValidity'] = 0;
         $_SESSION['last_access_time'] = -1;
         // mock for blowfish function