Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AuthenticationSignon.php's showFailure function does not consider SignonCookieParams #14412

Closed
nhatier opened this issue Jun 20, 2018 · 2 comments
Closed

AuthenticationSignon.php's showFailure function does not consider SignonCookieParams #14412

nhatier opened this issue Jun 20, 2018 · 2 comments
Assignees
@williamdes
Labels
Bug A problem or regression with an existing feature has-pr An issue that has a pull request pending that may fix this issue. The pull request may be incomplete
Projects
issues
Milestone
4.9.0.1

Comments

@nhatier
Copy link

nhatier commented Jun 20, 2018
edited by williamdes

Steps to reproduce

  1. Use "signon" mode in a way that an error occurs on phpMyAdmin side (ex: set incorrect mysql server name) so showFailure() is called (In libraries/classes/Plugins/Auth/AuthenticationSignon.php)

Expected behaviour

showFailure sets a session parameter called "PMA_single_signon_error_message" so the external login script can have access to the error message in case some error happens on phpMyAdmin side.

Actual behaviour

showFailure forgets to consider SignonCookieParams and call session_set_cookie_params before calling session_start. In corner cases, this creates a new session and cookie, so the external script will not have access to the error message.
@williamdes williamdes self-assigned this Oct 27, 2018
@williamdes williamdes removed their assignment Nov 17, 2018
@williamdes williamdes added the Bug A problem or regression with an existing feature label Nov 17, 2018
@williamdes williamdes added this to To be sorted in issues May 2, 2019
williamdes added a commit to williamdes/phpmyadmintest that referenced this issue May 4, 2019
@williamdes
Fix phpmyadmin#14412 - AuthenticationSignon.php's showFailure functio…
f7dc02c 
…n does not consider SignonCookieParams

Fixes: phpmyadmin#14412
Signed-off-by: William Desportes <williamdes@wdes.fr>
@williamdes williamdes mentioned this issue May 4, 2019
Merged
@williamdes williamdes moved this from To be sorted to ready to merge in issues May 4, 2019
@williamdes williamdes added the has-pr An issue that has a pull request pending that may fix this issue. The pull request may be incomplete label May 5, 2019
williamdes added a commit to williamdes/phpmyadmintest that referenced this issue May 5, 2019
@williamdes
Fix phpmyadmin#14412 - AuthenticationSignon.php's showFailure functio…
e97c45d 
…n does not consider SignonCookieParams

Fixes: phpmyadmin#14412
Signed-off-by: William Desportes <williamdes@wdes.fr>
williamdes added a commit to williamdes/phpmyadmintest that referenced this issue May 5, 2019
@williamdes
Fix phpmyadmin#14412 - AuthenticationSignon.php's showFailure functio…
47c3f13 
…n does not consider SignonCookieParams

Fixes: phpmyadmin#14412
Signed-off-by: William Desportes <williamdes@wdes.fr>
@williamdes williamdes added this to the 4.8.6 milestone May 9, 2019
@williamdes williamdes self-assigned this May 9, 2019
ibennetch added a commit that referenced this issue May 10, 2019
@ibennetch
Merge pull request #15246 from williamdes/bugfix/issue-14412-auth-signon
191d048 
Fix #14412 - AuthenticationSignon.php's showFailure function does not consider SignonCookieParams
@ibennetch
Copy link
Member

The fix for this issue has been merged and will be part of phpMyAdmin 4.8.6. Thanks for reporting.

issues automation moved this from ready to merge to Closed May 10, 2019
@williamdes williamdes mentioned this issue Jan 6, 2020
Open
@github-actions
Copy link

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Jun 21, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@williamdes williamdes

Labels
Bug A problem or regression with an existing feature has-pr An issue that has a pull request pending that may fix this issue. The pull request may be incomplete
Projects
issues
  
Closed
Milestone
4.9.0.1
Development

No branches or pull requests
3 participants
@ibennetch @nhatier @williamdes