Branch: refs/heads/MAINT_4_4_15
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 945ec9e9b8b299176278d4630b460971d54093bd
https://github.com/phpmyadmin/phpmyadmin/commit/945ec9e9b8b299176278d4630b460971d54093bd
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-15 (Wed, 15 Jun 2016)
Changed paths:
M libraries/server_privileges.lib.php
Log Message:
-----------
Fix XSS on server privileges
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 6e0786253113f1df096ee8dd9eec4e408bd86863
https://github.com/phpmyadmin/phpmyadmin/commit/6e0786253113f1df096ee8dd9eec4e408bd86863
Author: Isaac Bennetch <benne...@gmail.com>
Date: 2016-06-15 (Wed, 15 Jun 2016)
Changed paths:
M libraries/config/FormDisplay.class.php
Log Message:
-----------
Setup script did not properly use input type password in all cases
Signed-off-by: Isaac Bennetch <benne...@gmail.com>
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 1dca386505f396f0c2035112a403cc80768a141f
https://github.com/phpmyadmin/phpmyadmin/commit/1dca386505f396f0c2035112a403cc80768a141f
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-15 (Wed, 15 Jun 2016)
Changed paths:
M setup/frames/index.inc.php
Log Message:
-----------
Use javascript for redirection to https
The current approach is broken since whitelisting is active in url.php
and also allows potential bbcode injection.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: abb3685c8702de887988fee31a97ef4d80d856a1
https://github.com/phpmyadmin/phpmyadmin/commit/abb3685c8702de887988fee31a97ef4d80d856a1
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-15 (Wed, 15 Jun 2016)
Changed paths:
M js/get_scripts.js.php
Log Message:
-----------
Limit number of included scripts in get_scripts.js.php
This avoids potential DOS, the limit is same as we use for generating
the URLs.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 9de4114e6f1fdb8d35d49c421e0e7d65fb04e515
https://github.com/phpmyadmin/phpmyadmin/commit/9de4114e6f1fdb8d35d49c421e0e7d65fb04e515
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-15 (Wed, 15 Jun 2016)
Changed paths:
M libraries/Scripts.class.php
Log Message:
-----------
Avoid using too log URLs when getting javascripts
Some researchers have come with great idea of recommending
setting "LimitRequestline 512" in Apache, what allows even shorter URLs
than with MSIE.
I still consider this a really bad idea as most of the applications
really do not count with so small URL limits, but this error seems to be
quite widely spread among CentOS users (probably coming from some
howto).
Fixes #12244
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 8a0705008b9b79c9579d1b23ce3fb323b33ea32f
https://github.com/phpmyadmin/phpmyadmin/commit/8a0705008b9b79c9579d1b23ce3fb323b33ea32f
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-16 (Thu, 16 Jun 2016)
Changed paths:
M libraries/central_columns.lib.php
Log Message:
-----------
Properly escape database name in central column queries
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 3108270bb66668c4300ed6f2f5ff4a053b02a98d
https://github.com/phpmyadmin/phpmyadmin/commit/3108270bb66668c4300ed6f2f5ff4a053b02a98d
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M libraries/config/FormDisplay.class.php
Log Message:
-----------
Properly convert POST parameters
We can get array instead of single parameter, so handle this gracefully.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 6a75879fa44075c81e433d2af6d8352fe14a0f78
https://github.com/phpmyadmin/phpmyadmin/commit/6a75879fa44075c81e433d2af6d8352fe14a0f78
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M libraries/Util.class.php
M libraries/config/FormDisplay.class.php
Log Message:
-----------
Move request conversion to generic code
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 961453bb58dc00805596e419bdd38ea9631db01d
https://github.com/phpmyadmin/phpmyadmin/commit/961453bb58dc00805596e419bdd38ea9631db01d
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M setup/validate.php
Log Message:
-----------
Fix error reporting on invalid request data
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 3014c4a6c67bd93a31606f27765bd0100b9217d9
https://github.com/phpmyadmin/phpmyadmin/commit/3014c4a6c67bd93a31606f27765bd0100b9217d9
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M libraries/config/Validator.class.php
Log Message:
-----------
Validate input of validator
We can not trust the input here, so we can expect anything and deal with
missing parameters or invalid values.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: abe88edc744c3073967bfb5c74b54fe2cbd614d7
https://github.com/phpmyadmin/phpmyadmin/commit/abe88edc744c3073967bfb5c74b54fe2cbd614d7
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M setup/config.php
M setup/frames/index.inc.php
Log Message:
-----------
Improve error handling in setup in case config dir is not present
We do not show these options in UI, but the scripts should handle it
gracefully.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 70e917c654731c818b849dc326c2d171663fe287
https://github.com/phpmyadmin/phpmyadmin/commit/70e917c654731c818b849dc326c2d171663fe287
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M examples/openid.php
Log Message:
-----------
Improve error handling in OpenID example
- properly check parameter types
- catch all exceptions (eg. network error)
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 52e7898bdc71f4548f4d518c1e12bf2bcb8802e6
https://github.com/phpmyadmin/phpmyadmin/commit/52e7898bdc71f4548f4d518c1e12bf2bcb8802e6
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M examples/openid.php
Log Message:
-----------
Escape error messages from OpenID
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: d005ba65304f254d393d5dfee5ac66f1750cec89
https://github.com/phpmyadmin/phpmyadmin/commit/d005ba65304f254d393d5dfee5ac66f1750cec89
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M examples/openid.php
Log Message:
-----------
Add error handling to constructing openid message
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: d184e4d8cdc6ecc3b789e0ffb16f425747cf175d
https://github.com/phpmyadmin/phpmyadmin/commit/d184e4d8cdc6ecc3b789e0ffb16f425747cf175d
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M libraries/build_html_for_db.lib.php
Log Message:
-----------
Properly escape translated string
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: e5ab397fe01e629b179928609929080d91ac0645
https://github.com/phpmyadmin/phpmyadmin/commit/e5ab397fe01e629b179928609929080d91ac0645
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M libraries/server_bin_log.lib.php
Log Message:
-----------
Escape binary log name
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: feb911e90a26995b8ff7cfa5aeb3ed6a2bd70acf
https://github.com/phpmyadmin/phpmyadmin/commit/feb911e90a26995b8ff7cfa5aeb3ed6a2bd70acf
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M
libraries/plugins/transformations/abstract/DateFormatTransformationsPlugin.class.php
M
libraries/plugins/transformations/abstract/DownloadTransformationsPlugin.class.php
M
libraries/plugins/transformations/abstract/ImageLinkTransformationsPlugin.class.php
M
libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php
M
libraries/plugins/transformations/abstract/LongToIPv4TransformationsPlugin.class.php
M
libraries/plugins/transformations/abstract/PreApPendTransformationsPlugin.class.php
M
libraries/plugins/transformations/abstract/SubstringTransformationsPlugin.class.php
M
libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
M
libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
M libraries/transformations.lib.php
M test/libraries/PMA_transformation_test.php
Log Message:
-----------
Simplify and cleanup transformation plugins
Remove PMA_transformation_global_html_replace which makes the code only
more confusing.
Also add escaping to browse transformations.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 22ad8b6b789091660fc7bdbb636e652b65dd3768
https://github.com/phpmyadmin/phpmyadmin/commit/22ad8b6b789091660fc7bdbb636e652b65dd3768
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M libraries/Header.class.php
Log Message:
-----------
Add referrer CSP and <meta> tag
This avoids leaking Referer header in modern browsers.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 50bf3999534ee9ed6ce47953d5286ad7db111928
https://github.com/phpmyadmin/phpmyadmin/commit/50bf3999534ee9ed6ce47953d5286ad7db111928
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M js/get_image.js.php
Log Message:
-----------
Escape attributes when showing images in javascript
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: c14709f132b0cbd3139ff63714a4841a67a008e3
https://github.com/phpmyadmin/phpmyadmin/commit/c14709f132b0cbd3139ff63714a4841a67a008e3
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M js/ajax.js
Log Message:
-----------
Escape HTML when rendering AJAX error
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: a31d7f481073e6d202f6887773356083437250be
https://github.com/phpmyadmin/phpmyadmin/commit/a31d7f481073e6d202f6887773356083437250be
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M js/console.js
Log Message:
-----------
Escape error message from server
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: adfec38cc71fcb03493a80224c94f0bc5b747a62
https://github.com/phpmyadmin/phpmyadmin/commit/adfec38cc71fcb03493a80224c94f0bc5b747a62
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M libraries/Header.class.php
Log Message:
-----------
Update referrer <meta> to match current standards
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 33d1373ab645d61cca258fabb07b0c817f1d254c
https://github.com/phpmyadmin/phpmyadmin/commit/33d1373ab645d61cca258fabb07b0c817f1d254c
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M libraries/TableSearch.class.php
Log Message:
-----------
Always use delimiter not present in search expression
This avoids need to figure out correct escaping in case delimiter is
present in the expression.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: daf375163eb7125282d24494e287e4825a931e1e
https://github.com/phpmyadmin/phpmyadmin/commit/daf375163eb7125282d24494e287e4825a931e1e
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M libraries/Tracker.class.php
M libraries/plugins/export/ExportSql.class.php
M libraries/tbl_columns_definition_form.lib.php
M test/libraries/core/PMA_warnMissingExtension_test.php
Log Message:
-----------
Quote delimiter before using preg_replace
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: ef2da77d4f134d74c262d2f821201bf2c5d2e8a3
https://github.com/phpmyadmin/phpmyadmin/commit/ef2da77d4f134d74c262d2f821201bf2c5d2e8a3
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths:
M libraries/server_privileges.lib.php
Log Message:
-----------
Escape user group when displaying
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 9be01a7724decd089f9b793de5f77459c2c5d8de
https://github.com/phpmyadmin/phpmyadmin/commit/9be01a7724decd089f9b793de5f77459c2c5d8de
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths:
M libraries/DBQbe.class.php
Log Message:
-----------
Escape saved search name
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 98514fafe103d97295f541742c4fe181f11704ac
https://github.com/phpmyadmin/phpmyadmin/commit/98514fafe103d97295f541742c4fe181f11704ac
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths:
M libraries/TableSearch.class.php
Log Message:
-----------
Properly escape zoom search column type
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: d4ce93cd9cf5905d1bbe257a2e3e0ecdc866b407
https://github.com/phpmyadmin/phpmyadmin/commit/d4ce93cd9cf5905d1bbe257a2e3e0ecdc866b407
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths:
M js/functions.js
Log Message:
-----------
Escape database name when showing dialog
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 5b7a055ac00c8b1e1c589e8a728ca0dfc08d74c4
https://github.com/phpmyadmin/phpmyadmin/commit/5b7a055ac00c8b1e1c589e8a728ca0dfc08d74c4
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths:
M js/tbl_chart.js
Log Message:
-----------
Fixed rendering of chart of columns with HTML inside
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 42ff2c1ac46833156bfe203d1046dc13a7f89b04
https://github.com/phpmyadmin/phpmyadmin/commit/42ff2c1ac46833156bfe203d1046dc13a7f89b04
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths:
M
libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
M
libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
Log Message:
-----------
Do not allow javascript: links in transformation
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 46ff2bd85e0c0fef130f0822b41b9bcf33942ae8
https://github.com/phpmyadmin/phpmyadmin/commit/46ff2bd85e0c0fef130f0822b41b9bcf33942ae8
Author: Isaac Bennetch <benne...@gmail.com>
Date: 2016-06-23 (Thu, 23 Jun 2016)
Changed paths:
M ChangeLog
Log Message:
-----------
Changelog entries for security release
Signed-off-by: Isaac Bennetch <benne...@gmail.com>
Commit: 66aba31923f26124e06b2a55b837e4fd47c5ef1d
https://github.com/phpmyadmin/phpmyadmin/commit/66aba31923f26124e06b2a55b837e4fd47c5ef1d
Author: Isaac Bennetch <benne...@gmail.com>
Date: 2016-06-23 (Thu, 23 Jun 2016)
Changed paths:
M README
M doc/conf.py
M libraries/Config.class.php
Log Message:
-----------
Release 4.4.15.7
Signed-off-by: Isaac Bennetch <benne...@gmail.com>
Compare:
https://github.com/phpmyadmin/phpmyadmin/compare/1f1e63cd5956...66aba31923f2_______________________________________________
Git mailing list
Git@phpmyadmin.net
https://lists.phpmyadmin.net/mailman/listinfo/git
