Don't store invalid credentials to session (bug vrana#376)

pixelfederation · Jan 30, 2014 · 6acf188 · 6acf188
1 parent 125b519
commit 6acf188
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 1 deletion.
diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
@@ -109,7 +109,7 @@ function auth_error($exception = null) {
 }
 
 function set_password($vendor, $server, $username, $password) {
-	$_SESSION["pwds"][$vendor][$server][$username] = ($_COOKIE["adminer_key"]
+	$_SESSION["pwds"][$vendor][$server][$username] = ($_COOKIE["adminer_key"] && is_string($password)
 		? array(encrypt_string($password, $_COOKIE["adminer_key"]))
 		: $password
 	);

diff --git a/changes.txt b/changes.txt
@@ -2,6 +2,7 @@ Adminer 4.0.3-dev:
 MongoDB: insert, truncate, indexes
 SimpleDB, MongoDB: insert more fields at once
 SQLite: Fix creating table and altering primary key, bug since Adminer 4.0.0
+Don't store invalid credentials to session, bug since Adminer 4.0.0
 Norweigan translation
 
 Adminer 4.0.2 (released 2014-01-11):