Branch: refs/heads/master
  Home:   https://github.com/phpmyadmin/phpmyadmin
  Commit: dae3390a02ca6687fd31ca784474d56240c6c538
      
https://github.com/phpmyadmin/phpmyadmin/commit/dae3390a02ca6687fd31ca784474d56240c6c538
  Author: Michal Čihař <mic...@cihar.com>
  Date:   2016-07-28 (Thu, 28 Jul 2016)

  Changed paths:
    M libraries/URL.php

  Log Message:
  -----------
  Remove token from GET requests

The CSRF token really should be used only in POST requests. The reason
for that is that it's a bit harder to get to if it is in request body
(with POST) compared to GET request, where it is in the URL (being
easily available in server logs).

Also this will make the URLs look nicer ;-).

This change will definite break some functionality, but since #6297 most
of the code should be safe and remaining bugs can be fixed for upcoming
release.

Signed-off-by: Michal Čihař <mic...@cihar.com>


  Commit: ea73fded7138038aa5a415c7081d838fc094eff7
      
https://github.com/phpmyadmin/phpmyadmin/commit/ea73fded7138038aa5a415c7081d838fc094eff7
  Author: Michal Čihař <mic...@cihar.com>
  Date:   2016-07-28 (Thu, 28 Jul 2016)

  Changed paths:
    M test/classes/AdvisorTest.php
    M test/classes/DbSearchTest.php
    M test/classes/DisplayResultsTest.php
    M test/classes/FooterTest.php
    M test/classes/ThemeManagerTest.php
    M test/classes/ThemeTest.php
    M test/classes/URLTest.php
    M test/classes/config/PageSettingsTest.php
    M test/classes/plugin/auth/AuthenticationConfigTest.php
    M test/classes/plugin/auth/AuthenticationCookieTest.php
    M test/libraries/PMA_Form_Processing_test.php
    M test/libraries/PMA_insert_edit_test.php
    M test/libraries/PMA_server_privileges_test.php
    M test/libraries/PMA_user_preferences_test.php
    M test/libraries/common/PMA_getDbLink_test.php
    M test/libraries/common/PMA_showMessage_test_disabled.php

  Log Message:
  -----------
  Adjust tests to token removal from GET

Signed-off-by: Michal Čihař <mic...@cihar.com>


  Commit: 7f43348e6b77f12fc4669f7e5defb582bde49911
      
https://github.com/phpmyadmin/phpmyadmin/commit/7f43348e6b77f12fc4669f7e5defb582bde49911
  Author: Madhura Jayaratne <madhura...@gmail.com>
  Date:   2016-08-01 (Mon, 01 Aug 2016)

  Changed paths:
    M libraries/URL.php
    M test/classes/AdvisorTest.php
    M test/classes/DbSearchTest.php
    M test/classes/DisplayResultsTest.php
    M test/classes/FooterTest.php
    M test/classes/ThemeManagerTest.php
    M test/classes/ThemeTest.php
    M test/classes/URLTest.php
    M test/classes/config/PageSettingsTest.php
    M test/classes/plugin/auth/AuthenticationConfigTest.php
    M test/classes/plugin/auth/AuthenticationCookieTest.php
    M test/libraries/PMA_Form_Processing_test.php
    M test/libraries/PMA_insert_edit_test.php
    M test/libraries/PMA_server_privileges_test.php
    M test/libraries/PMA_user_preferences_test.php
    M test/libraries/common/PMA_getDbLink_test.php
    M test/libraries/common/PMA_showMessage_test_disabled.php

  Log Message:
  -----------
  Merge pull request #12415 from nijel/remove-token-get

Remove token from GET requests


Compare: 
https://github.com/phpmyadmin/phpmyadmin/compare/dc41f51bf4d2...7f43348e6b77
_______________________________________________
Git mailing list
Git@phpmyadmin.net
https://lists.phpmyadmin.net/mailman/listinfo/git

Reply via email to