Menu

#2546 (ok 2.11.2) Login with html entities in password fails

2.11.1
fixed
Sebastian Mendel
Authentication issues (70)
1
2013-06-11
2007-10-05
David Komanek
No

When logging with passwords containing characters translated to html entities (like < after giving the "less-than" character to the password filed of the login form) sends unconverted html entity directly to mysqli_real_connect, so the login fails.

Console logins to mysql with mysql binary client works fine with these passwords.

It seems, this problem was introduced in one of the latest PMA versions or has some dependance on the newest PHP (5.2.4).

Discussion

  • Sebastian Mendel

    Sebastian Mendel - 2007-10-05

    Logged In: YES
    user_id=326580
    Originator: NO

    this comes due to PMA_remove_request_vars()

     

  • Sebastian Mendel

    Sebastian Mendel - 2007-10-05
    • priority: 5 --> 1
    • assigned_to: nobody --> cybot_tm
    • summary: Login with html entities in password fails --> (ok 2.11.2) Login with html entities in password fails
    • status: open --> open-fixed
     

  • Sebastian Mendel

    Sebastian Mendel - 2007-10-05

    Logged In: YES
    user_id=326580
    Originator: NO

    Fixed in subversion, thanks for reporting.

     

  • David Komanek

    David Komanek - 2007-10-08

    Logged In: YES
    user_id=1361754
    Originator: YES

    Thank you for fixing this, looking forward the next release :-)

     

  • David Komanek

    David Komanek - 2007-10-08

    Logged In: YES
    user_id=1361754
    Originator: YES

    Fixed in subversion, thanks for reporting.

     

  • Marc Delisle

    Marc Delisle - 2007-10-27
    • status: open-fixed --> closed-fixed
     

  • Michal Čihař

    Michal Čihař - 2013-06-11
    • Status: closed-fixed --> fixed