1. phpLiteAdmin Avatar phpLiteAdmin
  2. phpLiteAdmin
  3. public
  4. Issues

Storing 'currentDB' in the session as just an index is dangerous

Issue #67 resolved
Former user created an issue

Originally reported on Google Code with ID 67

What steps will reproduce the problem?
1. Set $directory to scan for databases in a folder with databases
2. Make the first database current.
3. Copy it or another database (on the filesystem) to "aaaaa.db" (alphabetically first)

What is the expected output? What do you see instead?
I expected the first database to remain current but suddenly aaaaa.db has become current.
Very dangerous.

What version of the product are you using? On what operating system?
Version 1.8.9 

Please provide any additional information below.
The problem is that $_SESSION[COOKIENAME.'currentDB'] is only an index in an array
that gets dynamically repopulated on every refresh.
This is especially dangerous when an application in the background dynamically creates
databases.
If the currentDB would store the database name it would be much safer.

Reported by jos.grootlipman on 2011-10-31 20:39:10

Comments (4)

  1. Dane Iracleous

    ``` This is intended behavior. When you create a new database, chances are, you will want to manage that database immediately after. Right? How is this "very dangerous"? ```

    Reported by `diracleo` on 2011-10-31 22:24:17 - Status changed: `Accepted`

  2. Former user Account Deleted

    ``` If I create the database with the phpliteadmin interface I surely want it to become the current one.

    However in my case the database is created outside phpliteadmin by *another* process or user. Phpliteadmin does not 'know' this and suddenly makes it current if (and only if) it comes alphabetically before the current one.

    As for dangerous: suppose my current database is the first one in the list. I go to the 'Delete database' screen and take a coffee break. In the mean time another process (or user) adds another database by the name aaaaa.db. Now when *I* press 'Confirm' not *my* current database will be deleted but the first one, 'aaaaa.db' ```

    Reported by `jos.grootlipman` on 2011-10-31 22:43:36

  3. Christopher Kramer 
    I really agree to you. This is a serious problem that, as you say, could lead to data
loss for example.
I'll fix it soon.

    Reported by crazy4chrissi on 2012-10-22 22:11:16 - Labels added: Priority-Critical - Labels removed: Priority-Medium

  4. Christopher Kramer 
    Fixed this issue with revision #241. Instead of the array-index, I now store the complete
array-element in the session.
When switching DBs, I now use the DB-path, which also fixes issue #68 for free.

Note that you still can only access DBs that are defined in $databases. This means
that this fix does not open a security issue that would allow a user to access any
DB. If you give a path to a DB that is not in $databases, the change is simply ignored.

You can try the latest SVN version:
http://phpliteadmin.googlecode.com/svn/source/1.9.3/phpliteadmin.php

    Reported by crazy4chrissi on 2012-10-23 22:20:35 - Status changed: Fixed

  5. Log in to comment
Assignee
Type
bug
Priority
critical
Status
resolved
Component
Milestone
Version
Votes
0
Watchers
0
Jira: the preferred issue tracker for Bitbucket. Join the team!