Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

remove hard dependency on allow_url_fopen = On in ReCaptcha #12588

Closed
nijel opened this issue Sep 26, 2016 · 2 comments
Closed

remove hard dependency on allow_url_fopen = On in ReCaptcha #12588

nijel opened this issue Sep 26, 2016 · 2 comments
Assignees
@nijel
Labels
enhancement A feature request for improving phpMyAdmin
Milestone
4.6.6

Comments

@nijel
Copy link
Contributor

nijel commented Sep 26, 2016

Currently the code that use ReCaptcha at:
https://github.com/phpmyadmin/phpmyadmin/blob/master/libraries/plugins/auth/AuthenticationCookie.php#L282
depend on allow_url_fopen = On as noted in this bug:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784628

Remove hard dependency on allow_url_fopen = On in ReCaptcha usage, for example:
change in:
https://github.com/phpmyadmin/phpmyadmin/blob/master/libraries/plugins/auth/AuthenticationCookie.php#L282
the code to something like: (not tested, based on https://github.com/google/recaptcha/blob/master/examples/example-captcha.php#L82)

         if (function_exists('curl_init')) {
                $reCaptcha = new ReCaptcha(
                      $GLOBALS['cfg']['CaptchaLoginPrivateKey'],
                      new ReCaptcha\RequestMethod\CurlPost()
                );
        } else if (ini_get('allow_url_fopen')) {
                $reCaptcha = new ReCaptcha(
                      $GLOBALS['cfg']['CaptchaLoginPrivateKey']
                );
        } else {
                $reCaptcha = new ReCaptcha(
                      $GLOBALS['cfg']['CaptchaLoginPrivateKey'],
                      new ReCaptcha\RequestMethod\SocketPost()
                );
        }
@nijel nijel added the enhancement A feature request for improving phpMyAdmin label Sep 26, 2016
@nijel nijel added this to the 4.6.5 milestone Sep 26, 2016
@nijel nijel mentioned this issue Sep 26, 2016
Closed
@nijel
Copy link
Contributor Author

nijel commented Sep 26, 2016

Note for myself:

Once this is released, adjust Debian package:

  1. adding hard dependency on php-curl (Depends in: https://sources.debian.net/src/phpmyadmin/4:4.6.4%2Bdfsg1-1/debian/control/?hl=29#L29) & disallow allow_url_fopen in:
    https://sources.debian.net/src/phpmyadmin/4:4.6.4%2Bdfsg1-1/debian/conf/apache.conf/#L20
    https://sources.debian.net/src/phpmyadmin/4:4.6.4%2Bdfsg1-1/debian/conf/apache.conf/#L36
  2. don't disallow allow_url_fopen, but add php-curl in "Recommends" in:
    https://sources.debian.net/src/phpmyadmin/4:4.6.4%2Bdfsg1-1/debian/control/?hl=29#L29

@nijel nijel modified the milestones: 4.6.6, 4.6.5 Nov 25, 2016
@nijel nijel self-assigned this Nov 30, 2016
@nijel nijel closed this as completed in 05a2587 Nov 30, 2016
@nijel
Copy link
Contributor Author

nijel commented Nov 30, 2016

Debian package adjusted in https://anonscm.debian.org/git/collab-maint/phpmyadmin.git/commit/?id=458a710459ce35c51d7a871d6f92a537dd64d588

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 22, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@nijel nijel

Labels
enhancement A feature request for improving phpMyAdmin
Projects
None yet
Milestone
4.6.6
Development

No branches or pull requests
1 participant
@nijel