Branch: refs/heads/MAINT_4_4_15
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 2d4ebc8c12dab01084f74c6b8d04512f306cf772
https://github.com/phpmyadmin/phpmyadmin/commit/2d4ebc8c12dab01084f74c6b8d04512f306cf772
Author: Deven Bansod <devenbansod.b...@gmail.com>
Date: 2016-10-12 (Wed, 12 Oct 2016)
Changed paths:
M libraries/navigation/NavigationTree.class.php
M libraries/navigation/Nodes/Node.class.php
Log Message:
-----------
Use sprintf instead of directly concatenating the variable
Signed-off-by: Deven Bansod <devenbansod.b...@gmail.com>
Commit: a67a818f402f685289b4018aac1e79cb249f6ab0
https://github.com/phpmyadmin/phpmyadmin/commit/a67a818f402f685289b4018aac1e79cb249f6ab0
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-12-08 (Thu, 08 Dec 2016)
Changed paths:
M libraries/navigation/NavigationTree.class.php
M libraries/navigation/Nodes/Node.class.php
Log Message:
-----------
Merge remote-tracking branch 'security/pull/219' into MAINT_4_4_15-security
Commit: 4549ebde5a044b42c36da50dbf1af76a88545352
https://github.com/phpmyadmin/phpmyadmin/commit/4549ebde5a044b42c36da50dbf1af76a88545352
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-12-08 (Thu, 08 Dec 2016)
Changed paths:
M libraries/structure.lib.php
Log Message:
-----------
Quote table name for use in regexp
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 1e5c0ae5b44c58296e11b92497767c8677653cba
https://github.com/phpmyadmin/phpmyadmin/commit/1e5c0ae5b44c58296e11b92497767c8677653cba
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-12-08 (Thu, 08 Dec 2016)
Changed paths:
M setup/frames/index.inc.php
Log Message:
-----------
Avoid using REQUEST_URI in form action
It's really not necessary here and might cause redirection issues.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 38f9223a862ed085863645d839d5d50ea590c3f9
https://github.com/phpmyadmin/phpmyadmin/commit/38f9223a862ed085863645d839d5d50ea590c3f9
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-12-08 (Thu, 08 Dec 2016)
Changed paths:
M tbl_replace.php
Log Message:
-----------
Avoid infinite recursion on goto
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: bd3677f161977bf0cc800cae82e65355bf49f342
https://github.com/phpmyadmin/phpmyadmin/commit/bd3677f161977bf0cc800cae82e65355bf49f342
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-12-08 (Thu, 08 Dec 2016)
Changed paths:
M libraries/Theme.class.php
Log Message:
-----------
Do not provide fallback to cookie for font size
* This should be already handled by Config class
* Injecting cookie value to CSS could be security risk
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: ca8edbcd83fcd624701f43c99e7e675c1ab20387
https://github.com/phpmyadmin/phpmyadmin/commit/ca8edbcd83fcd624701f43c99e7e675c1ab20387
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-12-21 (Wed, 21 Dec 2016)
Changed paths:
M libraries/replication_gui.lib.php
Log Message:
-----------
Do not allow arbitrary connection in replication setup without
AllowArbitraryServer
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: a0c04fa7b8d307aaf188cf956aff4350062eed3b
https://github.com/phpmyadmin/phpmyadmin/commit/a0c04fa7b8d307aaf188cf956aff4350062eed3b
Author: Michal Čihař <mic...@cihar.com>
Date: 2017-01-07 (Sat, 07 Jan 2017)
Changed paths:
M doc/setup.rst
M libraries/config/ConfigFile.class.php
M libraries/vendor_config.php
M setup/config.php
M setup/frames/config.inc.php
M setup/frames/index.inc.php
M setup/lib/index.lib.php
M test/libraries/PMA_ConfigFile_test.php
M test/libraries/PMA_SetupIndex_test.php
Log Message:
-----------
Remove setup download/load/delete features
This removes risk of third party manipulating with the configuration as
there was race condition between editing and using the file.
Downloading the file should not be big hassle and this really makes the
whole setup a bit simpler.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 9bebed18a3ea7cad9745aa4b2a81483fd0fa519d
https://github.com/phpmyadmin/phpmyadmin/commit/9bebed18a3ea7cad9745aa4b2a81483fd0fa519d
Author: Michal Čihař <mic...@cihar.com>
Date: 2017-01-07 (Sat, 07 Jan 2017)
Changed paths:
M setup/index.php
Log Message:
-----------
Disable setup if configuration already exists
The setup allows to figure out quite a lot about system and network, so
it's safer to block access to it once phpMyAdmin has been configured.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: d63645ca48ecdddb670a43fa9c77a8c107da0ba1
https://github.com/phpmyadmin/phpmyadmin/commit/d63645ca48ecdddb670a43fa9c77a8c107da0ba1
Author: Michal Čihař <mic...@cihar.com>
Date: 2017-01-17 (Tue, 17 Jan 2017)
Changed paths:
M libraries/php-gettext/gettext.php
Log Message:
-----------
Merge changes from php-gettext 1.0.12
This ensures that parameter to select_string is numeric, avoiding code
injection through it.
Our code is not vulnerable as we do not pass user supplied values to
this function, this fix is included only to be closer to upstream.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: c6a59d48dafd5152ea9eb7fbdb41d8e389e3e92c
https://github.com/phpmyadmin/phpmyadmin/commit/c6a59d48dafd5152ea9eb7fbdb41d8e389e3e92c
Author: Michal Čihař <mic...@cihar.com>
Date: 2017-01-21 (Sat, 21 Jan 2017)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.class.php
Log Message:
-----------
Prepare changelog for 4.4.15.10
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: fbd634d4c1d668e77ad15cdb38c4a85db5c75002
https://github.com/phpmyadmin/phpmyadmin/commit/fbd634d4c1d668e77ad15cdb38c4a85db5c75002
Author: Isaac Bennetch <benne...@gmail.com>
Date: 2017-01-23 (Mon, 23 Jan 2017)
Changed paths:
M ChangeLog
Log Message:
-----------
Finalize ChangeLog for 4.4.15.10
Signed-off-by: Isaac Bennetch <benne...@gmail.com>
Compare:
https://github.com/phpmyadmin/phpmyadmin/compare/0a3a0994a23b...fbd634d4c1d6_______________________________________________
Git mailing list
Git@phpmyadmin.net
https://lists.phpmyadmin.net/mailman/listinfo/git
