Skip to content
Permalink
Browse files

prevent attack on the session name cookie

  • Loading branch information...
lem9 committed Jan 8, 2007
1 parent 9ae2b21 commit c9d93f63940fe960d3b6341d8bfb7b707c87e744
Showing with 11 additions and 1 deletion.
  1. +3 −0 ChangeLog
  2. +8 −1 libraries/session.inc.php
@@ -5,6 +5,9 @@ phpMyAdmin - ChangeLog
$Id$
$Source$

2007-01-08 Marc Delisle <lem9@users.sourceforge.net>
* libraries/session.inc.php: prevent attack on session name cookie

2007-01-05 Marc Delisle <lem9@users.sourceforge.net>
* libraries/session.inc.php: bug #1538132, remove the setting of
session.save_handler to 'files'
@@ -77,7 +77,14 @@
// See bug #1538132. This would block normal behavior on a cluster
//ini_set('session.save_handler', 'files');
@session_name('phpMyAdmin');
$session_name = 'phpMyAdmin';
@session_name($session_name);
// strictly, PHP 4 since 4.4.2 would not need a verification
if (version_compare(PHP_VERSION, '5.1.2', 'lt')
&& isset($_COOKIE[$session_name])
&& eregi("\r|\n", $_COOKIE[$session_name])) {
die('attacked');
}
@session_start();
/**

0 comments on commit c9d93f6

Please sign in to comment.
You can’t perform that action at this time.