From 5d4884d294ca9b1f069fcacada98f6697f464274 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= <mauricio@fauth.dev>
Date: Thu, 15 Sep 2022 13:04:22 -0300
Subject: Update setup page to generate better blowfish_secret keys
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Instead of generating a printable string, it generates a binary string
and converts it to an hexadecimal string.

Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
---
 psalm-baseline.xml | 29 ++++++++++-------------------
 1 file changed, 10 insertions(+), 19 deletions(-)

(limited to 'psalm-baseline.xml')

diff --git a/psalm-baseline.xml b/psalm-baseline.xml
index fdfa268435..be2ba27d96 100644
--- a/psalm-baseline.xml
+++ b/psalm-baseline.xml
@@ -12573,6 +12573,10 @@
     </UnusedFunctionCall>
   </file>
   <file src="libraries/classes/Setup/ConfigGenerator.php">
+    <LessSpecificReturnStatement occurrences="2">
+      <code>$key</code>
+      <code>sodium_crypto_secretbox_keygen()</code>
+    </LessSpecificReturnStatement>
     <MixedArgument occurrences="1">
       <code>$conf['Servers']</code>
     </MixedArgument>
@@ -12590,6 +12594,9 @@
       <code>$v</code>
       <code>$v</code>
     </MixedAssignment>
+    <MoreSpecificReturnType occurrences="1">
+      <code>non-empty-string</code>
+    </MoreSpecificReturnType>
     <PossiblyNullOperand occurrences="1">
       <code>self::getServerPart($cf, $crlf, $conf['Servers'])</code>
     </PossiblyNullOperand>
@@ -14280,40 +14287,24 @@
     </MixedArrayAccess>
   </file>
   <file src="test/classes/Config/ServerConfigChecksTest.php">
-    <MixedArgument occurrences="5">
-      <code>$_SESSION['messages']</code>
-      <code>$_SESSION['messages']['error']</code>
+    <MixedArgument occurrences="2">
       <code>$_SESSION['messages']['error']</code>
       <code>$_SESSION['messages']['notice']</code>
-      <code>$_SESSION['messages']['notice']</code>
     </MixedArgument>
-    <MixedArrayAccess occurrences="4">
-      <code>$_SESSION['messages']['error']</code>
+    <MixedArrayAccess occurrences="2">
       <code>$_SESSION['messages']['error']</code>
       <code>$_SESSION['messages']['notice']</code>
-      <code>$_SESSION['messages']['notice']</code>
     </MixedArrayAccess>
-    <MixedArrayAssignment occurrences="20">
-      <code>$_SESSION[$this-&gt;sessionID]['AllowArbitraryServer']</code>
+    <MixedArrayAssignment occurrences="9">
       <code>$_SESSION[$this-&gt;sessionID]['AllowArbitraryServer']</code>
       <code>$_SESSION[$this-&gt;sessionID]['BZipDump']</code>
-      <code>$_SESSION[$this-&gt;sessionID]['BZipDump']</code>
-      <code>$_SESSION[$this-&gt;sessionID]['GZipDump']</code>
       <code>$_SESSION[$this-&gt;sessionID]['GZipDump']</code>
       <code>$_SESSION[$this-&gt;sessionID]['LoginCookieStore']</code>
-      <code>$_SESSION[$this-&gt;sessionID]['LoginCookieStore']</code>
       <code>$_SESSION[$this-&gt;sessionID]['LoginCookieValidity']</code>
-      <code>$_SESSION[$this-&gt;sessionID]['LoginCookieValidity']</code>
-      <code>$_SESSION[$this-&gt;sessionID]['SaveDir']</code>
       <code>$_SESSION[$this-&gt;sessionID]['SaveDir']</code>
       <code>$_SESSION[$this-&gt;sessionID]['Servers']</code>
-      <code>$_SESSION[$this-&gt;sessionID]['Servers']</code>
-      <code>$_SESSION[$this-&gt;sessionID]['Servers']</code>
-      <code>$_SESSION[$this-&gt;sessionID]['TempDir']</code>
       <code>$_SESSION[$this-&gt;sessionID]['TempDir']</code>
       <code>$_SESSION[$this-&gt;sessionID]['ZipDump']</code>
-      <code>$_SESSION[$this-&gt;sessionID]['ZipDump']</code>
-      <code>$_SESSION[$this-&gt;sessionID]['blowfish_secret']</code>
     </MixedArrayAssignment>
     <MixedArrayOffset occurrences="1">
       <code>$_SESSION[$this-&gt;sessionID]</code>
-- 
cgit v1.2.3


From 5d9142674d09379a9e4394779c1e624dd2d6ece5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maur=C3=ADcio=20Meneghini=20Fauth?= <mauricio@fauth.dev>
Date: Fri, 23 Sep 2022 14:32:30 -0300
Subject: Allow longer cookie encryption keys to be used
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Maurício Meneghini Fauth <mauricio@fauth.dev>
---
 psalm-baseline.xml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

(limited to 'psalm-baseline.xml')

diff --git a/psalm-baseline.xml b/psalm-baseline.xml
index be2ba27d96..874757e842 100644
--- a/psalm-baseline.xml
+++ b/psalm-baseline.xml
@@ -9042,14 +9042,12 @@
     <MixedArrayOffset occurrences="1">
       <code>$_SESSION['browser_access_time'][$key]</code>
     </MixedArrayOffset>
-    <MixedAssignment occurrences="14">
+    <MixedAssignment occurrences="12">
       <code>$GLOBALS['pma_auth_server']</code>
       <code>$_form_params['route']</code>
       <code>$captchaSiteVerifyURL</code>
       <code>$captchaSiteVerifyURL</code>
       <code>$key</code>
-      <code>$key</code>
-      <code>$key</code>
       <code>$password</code>
       <code>$serverCookie</code>
       <code>$serverCookie</code>
-- 
cgit v1.2.3