[phpMyAdmin Git] [phpmyadmin/phpmyadmin] d76496: Setup script did not properly use input type passw...
Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: d76496ba1d11de13ba1f982a462e014f9d923b29 https://github.com/phpmyadmin/phpmyadmin/commit/d76496ba1d11de13ba1f982a462e014f9d923b29 Author: Isaac Bennetch Date: 2016-06-14 (Tue, 14 Jun 2016) Changed paths: M ChangeLog M libraries/config/FormDisplay.php Log Message: --- Setup script did not properly use input type password in all cases Signed-off-by: Isaac Bennetch Commit: 72213573182896bd6a6e5af5ba1881dd87c4a20b https://github.com/phpmyadmin/phpmyadmin/commit/72213573182896bd6a6e5af5ba1881dd87c4a20b Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M templates/table/structure/display_table_stats.phtml Log Message: --- Fix XSS on table structure Signed-off-by: Michal Čihař Commit: 03f73d48369703e0d3584699b08e24891c3295b8 https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8 Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M libraries/server_privileges.lib.php Log Message: --- Fix XSS on server privileges Signed-off-by: Michal Čihař Commit: 55db1256c5d6e27c2d9fbd78e9c6f9fc11fe8571 https://github.com/phpmyadmin/phpmyadmin/commit/55db1256c5d6e27c2d9fbd78e9c6f9fc11fe8571 Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M ChangeLog M libraries/config/FormDisplay.php Log Message: --- Merge pull request #48 from phpmyadmin/security-45 Fix issue #45 input types in setup script Commit: 19eef4eebb528dcce0ec922947f9ee9da3b2a2b8 https://github.com/phpmyadmin/phpmyadmin/commit/19eef4eebb528dcce0ec922947f9ee9da3b2a2b8 Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M test/libraries/PMA_user_preferences_test.php Log Message: --- Merge branch 'QA_4_6' into QA_4_6-security Commit: 5633b1d57b23ddaa5a9a976a323c90c18d9be03d https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c90c18d9be03d Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M setup/frames/index.inc.php Log Message: --- Use javascript for redirection to https The current approach is broken since whitelisting is active in url.php and also allows potential bbcode injection. Signed-off-by: Michal Čihař Commit: 4767f24ea4c1e3822ce71a636c341e8ad8d07aa6 https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6 Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M js/get_scripts.js.php Log Message: --- Limit number of included scripts in get_scripts.js.php This avoids potential DOS, the limit is same as we use for generating the URLs. Signed-off-by: Michal Čihař Commit: 27caf5b46bd0890e576fea7bd7b166a0639fdf68 https://github.com/phpmyadmin/phpmyadmin/commit/27caf5b46bd0890e576fea7bd7b166a0639fdf68 Author: Michal Čihař Date: 2016-06-16 (Thu, 16 Jun 2016) Changed paths: M libraries/Config.php M libraries/core.lib.php A test/libraries/core/PMA_cleanupPathInfo_test.php Log Message: --- Improve detection of script name In case PHP_SELF was not set by server, we used REQUEST_URI, which might embed PATH_INFO as well. However we really need to know the path without it, so let's strip it as well. Signed-off-by: Michal Čihař Commit: 6c5d5ffc7fac2cbf8d4d7eac5c983c84db588c3d https://github.com/phpmyadmin/phpmyadmin/commit/6c5d5ffc7fac2cbf8d4d7eac5c983c84db588c3d Author: Michal Čihař Date: 2016-06-17 (Fri, 17 Jun 2016) Changed paths: M ChangeLog M gis_data_editor.php M libraries/Index.php M libraries/gis/GISVisualization.php M libraries/rte/rte_list.lib.php M libraries/server_privileges.lib.php M po/fr.po M server_status_processes.php Log Message: --- Merge branch 'QA_4_6' into QA_4_6-security Commit: b0180f18c828706af3a6800f0fb01a536d3ef8c7 https://github.com/phpmyadmin/phpmyadmin/commit/b0180f18c828706af3a6800f0fb01a536d3ef8c7 Author: Michal Čihař Date: 2016-06-17 (Fri, 17 Jun 2016) Changed paths: M libraries/config/FormDisplay.php Log Message: --- Properly convert POST parameters We can get array instead of single parameter, so handle this gracefully. Signed-off-by: Michal Čihař Commit: ef1493d9b4b5c89ff3ff9965068f3ebf5a3059bc https://github.com/phpmyadmin/phpmyadmin/commit/ef1493d9b4b5c89ff3ff9965068f3ebf5a3059bc Author: Michal Čihař Date: 2016-06-17 (Fri, 17 Jun 2016) Changed paths: M libraries/Util.php M libraries/config/FormDisplay.php Log Message: --- Move request conversion to generic code Signed-off-by: Michal Čihař Commit: 96e0aa35653ec0c66084a7e9343465e16c1f769b
[phpMyAdmin Git] [phpmyadmin/phpmyadmin] d76496: Setup script did not properly use input type passw...
Branch: refs/heads/QA_4_6 Home: https://github.com/phpmyadmin/phpmyadmin Commit: d76496ba1d11de13ba1f982a462e014f9d923b29 https://github.com/phpmyadmin/phpmyadmin/commit/d76496ba1d11de13ba1f982a462e014f9d923b29 Author: Isaac Bennetch Date: 2016-06-14 (Tue, 14 Jun 2016) Changed paths: M ChangeLog M libraries/config/FormDisplay.php Log Message: --- Setup script did not properly use input type password in all cases Signed-off-by: Isaac Bennetch Commit: 72213573182896bd6a6e5af5ba1881dd87c4a20b https://github.com/phpmyadmin/phpmyadmin/commit/72213573182896bd6a6e5af5ba1881dd87c4a20b Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M templates/table/structure/display_table_stats.phtml Log Message: --- Fix XSS on table structure Signed-off-by: Michal Čihař Commit: 03f73d48369703e0d3584699b08e24891c3295b8 https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e24891c3295b8 Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M libraries/server_privileges.lib.php Log Message: --- Fix XSS on server privileges Signed-off-by: Michal Čihař Commit: 55db1256c5d6e27c2d9fbd78e9c6f9fc11fe8571 https://github.com/phpmyadmin/phpmyadmin/commit/55db1256c5d6e27c2d9fbd78e9c6f9fc11fe8571 Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M ChangeLog M libraries/config/FormDisplay.php Log Message: --- Merge pull request #48 from phpmyadmin/security-45 Fix issue #45 input types in setup script Commit: 19eef4eebb528dcce0ec922947f9ee9da3b2a2b8 https://github.com/phpmyadmin/phpmyadmin/commit/19eef4eebb528dcce0ec922947f9ee9da3b2a2b8 Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M test/libraries/PMA_user_preferences_test.php Log Message: --- Merge branch 'QA_4_6' into QA_4_6-security Commit: 5633b1d57b23ddaa5a9a976a323c90c18d9be03d https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c90c18d9be03d Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M setup/frames/index.inc.php Log Message: --- Use javascript for redirection to https The current approach is broken since whitelisting is active in url.php and also allows potential bbcode injection. Signed-off-by: Michal Čihař Commit: 4767f24ea4c1e3822ce71a636c341e8ad8d07aa6 https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c341e8ad8d07aa6 Author: Michal Čihař Date: 2016-06-15 (Wed, 15 Jun 2016) Changed paths: M js/get_scripts.js.php Log Message: --- Limit number of included scripts in get_scripts.js.php This avoids potential DOS, the limit is same as we use for generating the URLs. Signed-off-by: Michal Čihař Commit: 27caf5b46bd0890e576fea7bd7b166a0639fdf68 https://github.com/phpmyadmin/phpmyadmin/commit/27caf5b46bd0890e576fea7bd7b166a0639fdf68 Author: Michal Čihař Date: 2016-06-16 (Thu, 16 Jun 2016) Changed paths: M libraries/Config.php M libraries/core.lib.php A test/libraries/core/PMA_cleanupPathInfo_test.php Log Message: --- Improve detection of script name In case PHP_SELF was not set by server, we used REQUEST_URI, which might embed PATH_INFO as well. However we really need to know the path without it, so let's strip it as well. Signed-off-by: Michal Čihař Commit: 6c5d5ffc7fac2cbf8d4d7eac5c983c84db588c3d https://github.com/phpmyadmin/phpmyadmin/commit/6c5d5ffc7fac2cbf8d4d7eac5c983c84db588c3d Author: Michal Čihař Date: 2016-06-17 (Fri, 17 Jun 2016) Changed paths: M ChangeLog M gis_data_editor.php M libraries/Index.php M libraries/gis/GISVisualization.php M libraries/rte/rte_list.lib.php M libraries/server_privileges.lib.php M po/fr.po M server_status_processes.php Log Message: --- Merge branch 'QA_4_6' into QA_4_6-security Commit: b0180f18c828706af3a6800f0fb01a536d3ef8c7 https://github.com/phpmyadmin/phpmyadmin/commit/b0180f18c828706af3a6800f0fb01a536d3ef8c7 Author: Michal Čihař Date: 2016-06-17 (Fri, 17 Jun 2016) Changed paths: M libraries/config/FormDisplay.php Log Message: --- Properly convert POST parameters We can get array instead of single parameter, so handle this gracefully. Signed-off-by: Michal Čihař Commit: ef1493d9b4b5c89ff3ff9965068f3ebf5a3059bc https://github.com/phpmyadmin/phpmyadmin/commit/ef1493d9b4b5c89ff3ff9965068f3ebf5a3059bc Author: Michal Čihař Date: 2016-06-17 (Fri, 17 Jun 2016) Changed paths: M libraries/Util.php M libraries/config/FormDisplay.php Log Message: --- Move request conversion to generic code Signed-off-by: Michal Čihař Commit: 96e0aa35653ec0c66084a7e9343465e16c1f769b