Don't store invalid credentials to session (bug #376)

diff --git a/adminer/include/auth.inc.php b/adminer/include/auth.inc.php
index ef2d7dc32b7253b0301755a732c8a250ead52428..f46030eda2ac8e1c19b410809cdd6a36c2198d44 100644 (file)
--- a/adminer/include/auth.inc.php
+++ b/adminer/include/auth.inc.php
@@ -109,7 +109,7 @@ function auth_error($exception = null) {
 }
 
 function set_password($vendor, $server, $username, $password) {
-       $_SESSION["pwds"][$vendor][$server][$username] = ($_COOKIE["adminer_key"]
+       $_SESSION["pwds"][$vendor][$server][$username] = ($_COOKIE["adminer_key"] && is_string($password)
                ? array(encrypt_string($password, $_COOKIE["adminer_key"]))
                : $password
        );

diff --git a/changes.txt b/changes.txt
index 7ad8f38f6702fcd808cc0c0ad19c623ee2026a6b..e5e304880af84b4278324eb3ac367b9d3958fd5f 100644 (file)
--- a/changes.txt
+++ b/changes.txt
@@ -2,6 +2,7 @@ Adminer 4.0.3-dev:
 MongoDB: insert, truncate, indexes
 SimpleDB, MongoDB: insert more fields at once
 SQLite: Fix creating table and altering primary key, bug since Adminer 4.0.0
+Don't store invalid credentials to session, bug since Adminer 4.0.0
 Norweigan translation
 
 Adminer 4.0.2 (released 2014-01-11):