Default debian installation (debian testing)
Apache: Apache 2.2 (2.2.6-1)
PHP: php5 fastcgi (5.2.3-1)
phpMyAdmin: 2.11.1deb1 (default debian packaged install)
Issue: Prior to this, I ran libapache2-mod-php5 (and libapache2-mpm-prefork) , and the above phpmyadmin , and everything worked fine. Went to test out fastcgi , so, installed the above versions.
When attempting to login to phpmyadmin (default debian install is cookie based auth) , and a PASSWORD was given with a & character in it , it would not authenticate. Verified password correct via mysql command line. (password with no & in it, worked fine, didnt test any other special chars)
Attempted to patch with a fix from SVN (due to htmlentities being run on inputs) and this didnt fix the issue either. also flagged magic_quotes off, still no joy.
reverted back to mod_php5 , and everything works again
It appears that either fastcgi is doing something to the pma_password input posted to index.php, or , phpmyadmin handles something differently when run under fastcgi.
To duplicate the issue:
debian server, with apache2.2, mpm-worker, and mod-fcgid, and phpmyadmin (all debian packaged, default installs)
on command line:
mysql> create table zz;
mysql> grant all on zz.* to 'myzz'@'localhost' identified by 'my&zz';
the above will connect on command line, but will NOT connect on phpmyadmin.
Did a var_dump($_POST) at the very top of index.php , and the dump showed the unaltered password properly
Because this does *NOT* happen under libapache2-mod-php5 , but only under fastcgi php, I am submittign this bug , (despite the fix in svn, which did not work when I applied it - referring to bug ID 1807923, listed as fixed in SVN)
Upshot is, I reverted my install back to mod-php5 and removed fastcgi , and phpmyadmin works normally (everything else worked great under fastcgi in the 2 days I tested it)
However- the bug still exists and can be duplicated as I described- if you need further info, or need me to test something, feel free to leave a comment here, as I'll check back every few days.