Package: phpmyadmin Version: 2.6.2-rc1-1
Hello,
the latest version by upstream added a slash to $cookie_path that breaks logins with SSL (mod_ssl) only when using php4-mcrypt.
Maybe this is related to the problems that PHP4 and php4-mcrypt with ZTS incorporated some weeks ago, this has already been adressed in Sid, but not in Sarge yet, but maybe this is a new and different problem. I can confirm this after the fixed PHP4 enters Sarge.
A login (e.g. user "test") to phpmyadmin results in the following queries (this is with cookie auth and a controluser set, without controluser only connecting as www-data is tried):
050410 15:45:43 9 Connect [EMAIL PROTECTED] on
9 Query SELECT VERSION() AS version
10 Connect Keine Zugriffsberechtigung für Benutzer: '[EMAIL PROTECTED]'. (Verwendetes Passwort: Ja)
9 Quit
Patching common.lib.php to without the extra slash lets login me again:
--- common.lib.php.orig 2005-04-05 21:36:44.000000000 +0200 +++ common.lib.php 2005-04-10 16:18:17.000000000 +0200 @@ -1158,7 +1158,7 @@
// some variables used mostly for cookies:
$pma_uri_parts = parse_url($cfg['PmaAbsoluteUri']);
- $cookie_path = substr($pma_uri_parts['path'], 0, strrpos($pma_uri_parts['path'], '/')) . '/';
+ $cookie_path = substr($pma_uri_parts['path'], 0, strrpos($pma_uri_parts['path'], '/'));
$is_https = (isset($pma_uri_parts['scheme']) && $pma_uri_parts['scheme'] == 'https') ? 1 : 0;
$dblist = array();
All packages are up to date following Sarge:
ii apache 1.3.33-4 versatile, high-performance HTTP server
ii libapache-mod-php4 4.3.10-9 server-side, HTML-embedded scripting languag
ii libapache-mod-ssl 2.8.22-1 Strong cryptography (HTTPS support) for Apac
ii php4-mcrypt 4.3.10-0.1 MCrypt module for php4
ii php4-mysql 4.3.10-9 MySQL module for php4
ii phpmyadmin 2.6.2-rc1-1 set of PHP-scripts to administrate MySQL ove
Best regards, René
-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
