Security: Remove connection information when opening db manager when 'db_manager_enabled' is true, reducing the likeliness of a successful BREACH attack - refs BT#21289

ywarnier · ywarnier · commit cdc12f99560d · 2023-12-18T23:38:41.000+01:00
diff --git a/main/admin/index.php b/main/admin/index.php
@@ -718,7 +718,7 @@
         $databaseName = $_configuration['main_database'];
 
         $items[] = [
-            'url' => "db.php?username=$username&db=$databaseName&server=$host",
+            'url' => "db.php",
             'label' => get_lang('DatabaseManager'),
         ];
     }

Original file line number	Diff line number	Diff line change
`@@ -718,7 +718,7 @@`
`718`	`718`	`$databaseName = $_configuration['main_database'];`
`719`	`719`
`720`	`720`	`$items[] = [`
`721`		`- 'url' => "db.php?username=$username&db=$databaseName&server=$host",`
	`721`	`+ 'url' => "db.php",`
`722`	`722`	`'label' => get_lang('DatabaseManager'),`
`723`	`723`	`];`
`724`	`724`	`}`