diff options
author | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2019-06-01 21:50:33 +0300 |
---|---|---|
committer | Maurício Meneghini Fauth <mauricio@fauth.dev> | 2019-06-01 21:50:33 +0300 |
commit | 015c404038c44279d95b6430ee5a0dddc97691ec (patch) | |
tree | f9436e0fb3a0848525ac9616d6b0751f0efeaaf2 | |
parent | 7923567d5bb5a4c329ea487b66644e4f1e55b78a (diff) |
Retrieve parameters from $_POST in AuthenticationCookie plugin
Retrieves pma_username and pma_password parameters from $_POST instead of $_REQUEST
Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
-rw-r--r-- | libraries/classes/Plugins/Auth/AuthenticationCookie.php | 6 | ||||
-rw-r--r-- | libraries/common.inc.php | 4 | ||||
-rw-r--r-- | test/classes/Plugins/Auth/AuthenticationCookieTest.php | 22 |
3 files changed, 16 insertions, 16 deletions
diff --git a/libraries/classes/Plugins/Auth/AuthenticationCookie.php b/libraries/classes/Plugins/Auth/AuthenticationCookie.php index 51e738f74d..a681f60db3 100644 --- a/libraries/classes/Plugins/Auth/AuthenticationCookie.php +++ b/libraries/classes/Plugins/Auth/AuthenticationCookie.php @@ -275,7 +275,7 @@ class AuthenticationCookie extends AuthenticationPlugin $this->user = $this->password = ''; $GLOBALS['from_cookie'] = false; - if (isset($_REQUEST['pma_username']) && strlen($_REQUEST['pma_username']) > 0) { + if (isset($_POST['pma_username']) && strlen($_POST['pma_username']) > 0) { // Verify Captcha if it is required. if (! empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) @@ -323,8 +323,8 @@ class AuthenticationCookie extends AuthenticationPlugin } // The user just logged in - $this->user = Core::sanitizeMySQLUser($_REQUEST['pma_username']); - $this->password = isset($_REQUEST['pma_password']) ? $_REQUEST['pma_password'] : ''; + $this->user = Core::sanitizeMySQLUser($_POST['pma_username']); + $this->password = isset($_POST['pma_password']) ? $_POST['pma_password'] : ''; if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername']) ) { diff --git a/libraries/common.inc.php b/libraries/common.inc.php index a969fd135a..ed92fea624 100644 --- a/libraries/common.inc.php +++ b/libraries/common.inc.php @@ -343,8 +343,8 @@ if (! defined('PMA_MINIMUM_COMMON')) { . ' ' . $cfg['Server']['auth_type'] ); } - if (isset($_REQUEST['pma_password']) && strlen($_REQUEST['pma_password']) > 256) { - $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256); + if (isset($_POST['pma_password']) && strlen($_POST['pma_password']) > 256) { + $_POST['pma_password'] = substr($_POST['pma_password'], 0, 256); } $auth_plugin = new $auth_class(); diff --git a/test/classes/Plugins/Auth/AuthenticationCookieTest.php b/test/classes/Plugins/Auth/AuthenticationCookieTest.php index 48f18966ed..6aab175b27 100644 --- a/test/classes/Plugins/Auth/AuthenticationCookieTest.php +++ b/test/classes/Plugins/Auth/AuthenticationCookieTest.php @@ -42,7 +42,7 @@ class AuthenticationCookieTest extends PmaTestCase $GLOBALS['text_dir'] = 'ltr'; $GLOBALS['db'] = 'db'; $GLOBALS['table'] = 'table'; - $_REQUEST['pma_password'] = ''; + $_POST['pma_password'] = ''; $this->object = new AuthenticationCookie(); $GLOBALS['PMA_PHP_SELF'] = '/phpmyadmin/'; } @@ -388,7 +388,7 @@ class AuthenticationCookieTest extends PmaTestCase $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = 'testprivkey'; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = 'testpubkey'; $_POST["g-recaptcha-response"] = ''; - $_REQUEST['pma_username'] = 'testPMAUser'; + $_POST['pma_username'] = 'testPMAUser'; $this->assertFalse( $this->object->readCredentials() @@ -462,9 +462,9 @@ class AuthenticationCookieTest extends PmaTestCase $GLOBALS['cfg']['CaptchaLoginPrivateKey'] = ''; $GLOBALS['cfg']['CaptchaLoginPublicKey'] = ''; $_REQUEST['old_usr'] = ''; - $_REQUEST['pma_username'] = 'testPMAUser'; + $_POST['pma_username'] = 'testPMAUser'; $_REQUEST['pma_servername'] = 'testPMAServer'; - $_REQUEST['pma_password'] = 'testPMAPSWD'; + $_POST['pma_password'] = 'testPMAPSWD'; $GLOBALS['cfg']['AllowArbitraryServer'] = true; $this->assertTrue( @@ -501,8 +501,8 @@ class AuthenticationCookieTest extends PmaTestCase { $GLOBALS['cfg']['AllowArbitraryServer'] = true; $_REQUEST['pma_servername'] = 'testPMAServer'; - $_REQUEST['pma_password'] = 'testPMAPSWD'; - $_REQUEST['pma_username'] = ''; + $_POST['pma_password'] = 'testPMAPSWD'; + $_POST['pma_username'] = ''; $GLOBALS['server'] = 1; $_COOKIE['pmaUser-1'] = ''; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); @@ -542,7 +542,7 @@ class AuthenticationCookieTest extends PmaTestCase { $GLOBALS['server'] = 1; $_REQUEST['old_usr'] = ''; - $_REQUEST['pma_username'] = ''; + $_POST['pma_username'] = ''; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = 'pmaUser1'; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); @@ -580,7 +580,7 @@ class AuthenticationCookieTest extends PmaTestCase { $GLOBALS['server'] = 1; $_REQUEST['old_usr'] = ''; - $_REQUEST['pma_username'] = ''; + $_POST['pma_username'] = ''; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = 'pmaUser1'; $_COOKIE['pmaAuth-1'] = 'pmaAuth1'; @@ -625,7 +625,7 @@ class AuthenticationCookieTest extends PmaTestCase { $GLOBALS['server'] = 1; $_REQUEST['old_usr'] = ''; - $_REQUEST['pma_username'] = ''; + $_POST['pma_username'] = ''; $_COOKIE['pmaServer-1'] = 'pmaServ1'; $_COOKIE['pmaUser-1'] = 'pmaUser1'; $_COOKIE['pma_iv-1'] = base64_encode('testiv09testiv09'); @@ -1143,8 +1143,8 @@ class AuthenticationCookieTest extends PmaTestCase $GLOBALS['cfg']['Server']['AllowRoot'] = false; $GLOBALS['cfg']['Server']['AllowNoPassword'] = false; $_REQUEST['old_usr'] = ''; - $_REQUEST['pma_username'] = 'testUser'; - $_REQUEST['pma_password'] = 'testPassword'; + $_POST['pma_username'] = 'testUser'; + $_POST['pma_password'] = 'testPassword'; ob_start(); $this->object->authenticate(); |