Index: phpMyAdmin-4.7.8-all-languages/libraries/common.inc.php =================================================================== --- phpMyAdmin-4.7.8-all-languages/libraries/common.inc.php +++ phpMyAdmin-4.7.8-all-languages/libraries/common.inc.php 2019-06-05 00:05:19.570527477 +0200 @@ -682,8 +682,8 @@ . ' ' . $cfg['Server']['auth_type'] ); } - if (isset($_REQUEST['pma_password']) && strlen($_REQUEST['pma_password']) > 256) { - $_REQUEST['pma_password'] = substr($_REQUEST['pma_password'], 0, 256); + if (isset($_POST['pma_password']) && strlen($_POST['pma_password']) > 256) { + $_POST['pma_password'] = substr($_POST['pma_password'], 0, 256); } $fqnAuthClass = 'PMA\libraries\plugins\auth\\' . $auth_class; // todo: add plugin manager Index: phpMyAdmin-4.7.8-all-languages/libraries/plugins/auth/AuthenticationCookie.php =================================================================== --- phpMyAdmin-4.7.8-all-languages/libraries/plugins/auth/AuthenticationCookie.php +++ phpMyAdmin-4.7.8-all-languages/libraries/plugins/auth/AuthenticationCookie.php 2019-06-05 00:04:04.667085950 +0200 @@ -308,7 +308,7 @@ $GLOBALS['PHP_AUTH_USER'] = $GLOBALS['PHP_AUTH_PW'] = ''; $GLOBALS['from_cookie'] = false; - if (isset($_REQUEST['pma_username']) && strlen($_REQUEST['pma_username']) > 0) { + if (isset($_POST['pma_username']) && strlen($_POST['pma_username']) > 0) { // Verify Captcha if it is required. if (! empty($GLOBALS['cfg']['CaptchaLoginPrivateKey']) @@ -350,8 +350,8 @@ } // The user just logged in - $GLOBALS['PHP_AUTH_USER'] = PMA_sanitizeMySQLUser($_REQUEST['pma_username']); - $GLOBALS['PHP_AUTH_PW'] = isset($_REQUEST['pma_password']) ? $_REQUEST['pma_password'] : ''; + $GLOBALS['PHP_AUTH_USER'] = PMA_sanitizeMySQLUser($_POST['pma_username']); + $GLOBALS['PHP_AUTH_PW'] = isset($_POST['pma_password']) ? $_POST['pma_password'] : ''; if ($GLOBALS['cfg']['AllowArbitraryServer'] && isset($_REQUEST['pma_servername']) ) {