#2560 Authentication bug when running fastcgi (php5-cgi)

2.11.1
fixed
nobody
5
2013-06-11
2007-10-17
Brian Gustin
No

Default debian installation (debian testing)
Apache: Apache 2.2 (2.2.6-1)
libapache2-mod-fcgid
apache2-mpm-worker
PHP: php5 fastcgi (5.2.3-1)
phpMyAdmin: 2.11.1deb1 (default debian packaged install)

Issue: Prior to this, I ran libapache2-mod-php5 (and libapache2-mpm-prefork) , and the above phpmyadmin , and everything worked fine. Went to test out fastcgi , so, installed the above versions.

When attempting to login to phpmyadmin (default debian install is cookie based auth) , and a PASSWORD was given with a & character in it , it would not authenticate. Verified password correct via mysql command line. (password with no & in it, worked fine, didnt test any other special chars)

Attempted to patch with a fix from SVN (due to htmlentities being run on inputs) and this didnt fix the issue either. also flagged magic_quotes off, still no joy.

reverted back to mod_php5 , and everything works again

It appears that either fastcgi is doing something to the pma_password input posted to index.php, or , phpmyadmin handles something differently when run under fastcgi.

To duplicate the issue:

debian server, with apache2.2, mpm-worker, and mod-fcgid, and phpmyadmin (all debian packaged, default installs)

on command line:

mysql> create table zz;
mysql> grant all on zz.* to 'myzz'@'localhost' identified by 'my&zz';

the above will connect on command line, but will NOT connect on phpmyadmin.

Did a var_dump($_POST) at the very top of index.php , and the dump showed the unaltered password properly

Because this does *NOT* happen under libapache2-mod-php5 , but only under fastcgi php, I am submittign this bug , (despite the fix in svn, which did not work when I applied it - referring to bug ID 1807923, listed as fixed in SVN)

Upshot is, I reverted my install back to mod-php5 and removed fastcgi , and phpmyadmin works normally (everything else worked great under fastcgi in the 2 days I tested it)

However- the bug still exists and can be duplicated as I described- if you need further info, or need me to test something, feel free to leave a comment here, as I'll check back every few days.

Discussion

  • Marc Delisle
    Marc Delisle
    2007-11-10

    • assigned_to: nobody --> lem9
     
  • Marc Delisle
    Marc Delisle
    2007-11-12

    • assigned_to: lem9 --> nobody
     
    • status: open --> pending
     
  • Logged In: YES
    user_id=326580
    Originator: NO

    can you please test with latest QA_2_11 branch?

     
  • Brian Gustin
    Brian Gustin
    2007-12-29

    • status: pending --> closed-fixed
     
  • Brian Gustin
    Brian Gustin
    2007-12-29

    Logged In: YES
    user_id=568241
    Originator: YES

    tested and verified as fixed. Thank you. It works well now.

     
  • Michal Čihař
    Michal Čihař
    2013-06-11

    • Status: closed-fixed --> fixed