Merge branch 'QA_5_2'

MauricioFauth · MauricioFauth · commit fa6dab5bb911 · 2022-02-16T14:38:59.000-03:00
diff --git a/ChangeLog b/ChangeLog
@@ -33,6 +33,7 @@ phpMyAdmin - ChangeLog
 5.1.4 (not yet released)
 - issue #17287 Fixed sorting the database list with "statistics" enabled on "Data" column creates a PHP type error
 - issue #17368 Fix for invalid cache when losing access to config storage after it being cached
+- issue #17387 Fix session cookie not respecting the CookieSameSite configuration directive in PHP 7.2
 
 5.1.3 (2022-02-10)
 - issue #17308 Fix broken pagination links in the navigation sidebar
diff --git a/libraries/classes/Config.php b/libraries/classes/Config.php
@@ -927,8 +927,6 @@ public function setCookie(
         ?int $validity = null,
         bool $httponly = true
     ): bool {
-        global $cfg;
-
         if (strlen($value) > 0 && $default !== null && $value === $default) {
             // default value is used
             if ($this->issetCookie($cookie)) {
@@ -965,12 +963,15 @@ public function setCookie(
                 return true;
             }
 
+            /** @psalm-var 'Lax'|'Strict'|'None' $cookieSameSite */
+            $cookieSameSite = $this->get('CookieSameSite');
+
             if (PHP_VERSION_ID < 70300) {
                 return setcookie(
                     $httpCookieName,
                     $value,
                     $validity,
-                    $this->getRootPath() . '; samesite=' . $cfg['CookieSameSite'],
+                    $this->getRootPath() . '; SameSite=' . $cookieSameSite,
                     '',
                     $this->isHttps(),
                     $httponly
@@ -983,7 +984,7 @@ public function setCookie(
                 'domain' => '',
                 'secure' => $this->isHttps(),
                 'httponly' => $httponly,
-                'samesite' => $cfg['CookieSameSite'],
+                'samesite' => $cookieSameSite,
             ];
 
             return setcookie($httpCookieName, $value, $optionalParams);
diff --git a/libraries/classes/Session.php b/libraries/classes/Session.php
@@ -139,10 +139,17 @@ public static function setUp(Config $config, ErrorHandler $errorHandler): void
             }
         }
 
+        /** @psalm-var 'Lax'|'Strict'|'None' $cookieSameSite */
+        $cookieSameSite = $config->get('CookieSameSite') ?? 'Strict';
+        $cookiePath = $config->getRootPath();
+        if (PHP_VERSION_ID < 70300) {
+            $cookiePath .= '; SameSite=' . $cookieSameSite;
+        }
+
         // session cookie settings
         session_set_cookie_params(
             0,
-            $config->getRootPath(),
+            $cookiePath,
             '',
             $config->isHttps(),
             true
@@ -169,7 +176,7 @@ public static function setUp(Config $config, ErrorHandler $errorHandler): void
         ini_set('session.cookie_httponly', '1');
         if (PHP_VERSION_ID >= 70300) {
             // add SameSite to the session cookie
-            ini_set('session.cookie_samesite', $config->get('CookieSameSite') ?? '');
+            ini_set('session.cookie_samesite', $cookieSameSite);
         }
 
         // do not force transparent session ids
diff --git a/phpstan-baseline.neon b/phpstan-baseline.neon
@@ -7685,11 +7685,6 @@ parameters:
 			count: 1
 			path: libraries/classes/Session.php
 
-		-
-			message: "#^Parameter \\#2 \\$newvalue of function ini_set expects string, mixed given\\.$#"
-			count: 1
-			path: libraries/classes/Session.php
-
 		-
 			message: "#^Method PhpMyAdmin\\\\Setup\\\\ConfigGenerator\\:\\:exportZeroBasedArray\\(\\) has parameter \\$array with no value type specified in iterable type array\\.$#"
 			count: 1
diff --git a/psalm-baseline.xml b/psalm-baseline.xml
@@ -12555,8 +12555,7 @@
     </UndefinedDocblockClass>
   </file>
   <file src="libraries/classes/Session.php">
-    <MixedArgument occurrences="4">
-      <code>$config-&gt;get('CookieSameSite') ?? ''</code>
+    <MixedArgument occurrences="3">
       <code>$config-&gt;getCookie('phpMyAdmin')</code>
       <code>$error-&gt;getMessage()</code>
       <code>$path</code>
diff --git a/test/selenium/Table/OperationsTest.php b/test/selenium/Table/OperationsTest.php
@@ -155,7 +155,7 @@ public function testCopyTable(): void
         $this->waitUntilElementIsVisible('cssSelector', 'form#copyTable', 30);
         $this->byCssSelector("form#copyTable input[name='new_name']")->sendKeys('2');
         $this->byCssSelector('label[for="whatRadio2"]')->click();
-        $this->byCssSelector("form#copyTable input[type='submit']")->click();
+        $this->waitForElement('cssSelector', 'form#copyTable input[type=\'submit\']')->click();
         $this->waitAjax();
 
         $this->waitForElement(
