August 2016 - Git - lists.phpmyadmin.net

[phpmyadmin/phpmyadmin] 9f3823: Sent CSP headers for phpinfo
by Isaac Bennetch 17 Aug '16

17 Aug '16

Branch: refs/heads/QA_4_6 Home: https://github.com/phpmyadmin/phpmyadmin Commit: 9f3823a6bc986e911b52b41338881ff35dccc37c https://github.com/phpmyadmin/phpmyadmin/commit/9f3823a6bc986e911b52b413388… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M phpinfo.php Log Message: ----------- Sent CSP headers for phpinfo Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4183bab696c68ef8ee5cb2d58cb8fb2795b0e802 https://github.com/phpmyadmin/phpmyadmin/commit/4183bab696c68ef8ee5cb2d58cb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M changelog.php Log Message: ----------- Send CSP headers on changelog Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5491d67fb545ef9878b59e05a10f814f7a92a7ad https://github.com/phpmyadmin/phpmyadmin/commit/5491d67fb545ef9878b59e05a10… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/Util.php Log Message: ----------- Avoid possible path traversal using MySQL username Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a82835cf09c20b381b9c8a7bfe337a11ab904ab2 https://github.com/phpmyadmin/phpmyadmin/commit/a82835cf09c20b381b9c8a7bfe3… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportPhparray.php Log Message: ----------- Generate valid PHP code even when table/database name contains PHP markup Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2b5915ce7b061df005373b3ebf5affe7345ef141 https://github.com/phpmyadmin/phpmyadmin/commit/2b5915ce7b061df005373b3ebf5… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportPhparray.php Log Message: ----------- Use phpMyAdmin version in PHP export header Using fixed 0.2b really makes no sense. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 99d7407aa2817cd9852bf7f4ed03a28d8aac293e https://github.com/phpmyadmin/phpmyadmin/commit/99d7407aa2817cd9852bf7f4ed0… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M test/classes/plugin/export/ExportPhparrayTest.php Log Message: ----------- Fix PHP export tests Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bd2080c40aa05b883109fbf9739ffb4c674af698 https://github.com/phpmyadmin/phpmyadmin/commit/bd2080c40aa05b883109fbf9739… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M test/classes/plugin/export/ExportXmlTest.php Log Message: ----------- Adjust test to not use HTML escaping layer Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 7de139b90ca6926d9ec06c2684ef8877a01b5ed7 https://github.com/phpmyadmin/phpmyadmin/commit/7de139b90ca6926d9ec06c2684e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportXml.php M test/classes/plugin/export/ExportXmlTest.php Log Message: ----------- Properly escape generated XML export Many fields could contain XML markup, so we need to ensure the generated XML is valid. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a97be3a604cb9a56074b76905792479251e744a7 https://github.com/phpmyadmin/phpmyadmin/commit/a97be3a604cb9a56074b7690579… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-08 (Fri, 08 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Improve cookie encryption - use MAC to validate content before decryption - create unique IV for every cookie Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c0b2d56ac0a94c371004f25a5ae3d0ec247516f5 https://github.com/phpmyadmin/phpmyadmin/commit/c0b2d56ac0a94c371004f25a5ae… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-09 (Sat, 09 Jul 2016) Changed paths: M doc/other.rst M js/tbl_structure.js M libraries/import.lib.php M libraries/plugins/import/README M po/az.po M po/bg.po M po/bn.po M po/ca.po M po/cs.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/es.po M po/et.po M po/fi.po M po/fr.po M po/gl.po M po/hi.po M po/hu.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ko.po M po/lt.po M po/nb.po M po/nl.po M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sv.po M po/th.po M po/tr.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php Log Message: ----------- Use https for wiki links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 1ed4007689ebbb6b6a08a242025382d0f8d347b1 https://github.com/phpmyadmin/phpmyadmin/commit/1ed4007689ebbb6b6a08a242025… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M libraries/replication_gui.lib.php M libraries/server_status_variables.lib.php Log Message: ----------- Properly escape MySQL status variables Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c4a595357f8393915f8a2258f8997b5d1ba6f1f0 https://github.com/phpmyadmin/phpmyadmin/commit/c4a595357f8393915f8a2258f89… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Add Secure and HttpOnly flags for session cookie setup in examples Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: 6aacd7dcfef8a04898393009dea11ddd07a3891d https://github.com/phpmyadmin/phpmyadmin/commit/6aacd7dcfef8a04898393009dea… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php M test/libraries/PMA_ip_allow_deny_test.php Log Message: ----------- Make proxy IP parsing aware of multiple proxies Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fc6ef261eb4469f764d1e305a4ac617d26ca1864 https://github.com/phpmyadmin/phpmyadmin/commit/fc6ef261eb4469f764d1e305a4a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M .scrutinizer.yml M build.xml M config.sample.inc.php M doc/config.rst M doc/setup.rst R examples/swekey.sample.conf M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/plugins/auth/AuthenticationCookie.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php M phpunit.xml.dist M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Remove Swekey support It is buggy and their servers are no longer working. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: de3181277e747a94fb0b0213f3d11576458b72cd https://github.com/phpmyadmin/phpmyadmin/commit/de3181277e747a94fb0b0213f3d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/Error.php Log Message: ----------- Include only relative path in backtrace Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 660e3a177f4933018c94ba1270a61b2437aa1163 https://github.com/phpmyadmin/phpmyadmin/commit/660e3a177f4933018c94ba1270a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Remove debugging code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: cc7d01daa7fe3c525718c7ef19f82d13e51cc080 https://github.com/phpmyadmin/phpmyadmin/commit/cc7d01daa7fe3c525718c7ef19f… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M templates/table/gis_visualization/gis_visualization.phtml Log Message: ----------- Fix XSS in tbl_gis_visualization.php Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: cbba4f4fdb18ad071e3d515a0e96067939d3352b https://github.com/phpmyadmin/phpmyadmin/commit/cbba4f4fdb18ad071e3d515a0e9… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/replication_gui.lib.php Log Message: ----------- Fix XSS in server_replication.php Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: 5873af7d75b123b9aa0d137cba2bb209e2bdd21f https://github.com/phpmyadmin/phpmyadmin/commit/5873af7d75b123b9aa0d137cba2… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M ChangeLog M libraries/Header.php M po/es.po M po/ko.po M po/pl.po M po/pt.po M po/pt_BR.po M po/sq.po M po/th.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 0bf21ebf720a552c8e727a6cca1c653e20c3160a https://github.com/phpmyadmin/phpmyadmin/commit/0bf21ebf720a552c8e727a6cca1… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php Log Message: ----------- Use whitelist rather than blacklist for URL filtering Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8b5cafc9f3d199d419d8f0e0ce9f3b5bb51d5d2b https://github.com/phpmyadmin/phpmyadmin/commit/8b5cafc9f3d199d419d8f0e0ce9… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M po/sq.po Log Message: ----------- Fix wrong merge resolution Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2090eb57aaada8a2fc1c6e34ceaae657ef2ec404 https://github.com/phpmyadmin/phpmyadmin/commit/2090eb57aaada8a2fc1c6e34cea… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M .travis.yml Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 3c06eede3fda803fb2b931598e26d61563a4502b https://github.com/phpmyadmin/phpmyadmin/commit/3c06eede3fda803fb2b931598e2… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M changelog.php M libraries/display_git_revision.lib.php M libraries/engines/Pbxt.php M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/sanitizing.lib.php M templates/list/item.phtml M themes.php Log Message: ----------- Add rel="noopener noreferrer" to all target="_blank" links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3b0115a32159608a930e03a4d3a8830cb3520c54 https://github.com/phpmyadmin/phpmyadmin/commit/3b0115a32159608a930e03a4d3a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M test/classes/DisplayResultsTest.php M test/classes/engines/PbxtTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php Log Message: ----------- Adjust tests to recent changes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2ea0b722d7cb7affbfa3f02c9442f0b6f0833306 https://github.com/phpmyadmin/phpmyadmin/commit/2ea0b722d7cb7affbfa3f02c944… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/ImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php M test/classes/plugin/transformations/TransformationPluginsTest.php Log Message: ----------- Use _blank target instead of invalid _new Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6da13e2a1cbcd204617ab140ab70e08258473e33 https://github.com/phpmyadmin/phpmyadmin/commit/6da13e2a1cbcd204617ab140ab7… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/export/ExportMediawiki.php Log Message: ----------- Escape HTML in Mediawiki comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 78bed3c4441bc8ea1b4bf380eb51d100e39841ca https://github.com/phpmyadmin/phpmyadmin/commit/78bed3c4441bc8ea1b4bf380eb5… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/tracking.lib.php Log Message: ----------- Ensure last version is numeric Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8095b837faec8508201e500b7c7ff25fe2269fbf https://github.com/phpmyadmin/phpmyadmin/commit/8095b837faec8508201e500b7c7… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Hide session error messages to avoid FPD Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 0d57c09bd582f6f138bb4583374a83b673520fa7 https://github.com/phpmyadmin/phpmyadmin/commit/0d57c09bd582f6f138bb4583374… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M import.php M libraries/File.php M libraries/file_listing.lib.php Log Message: ----------- Do not allow symlinks in UploadDir Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2f79bacefab46fc43cedd70917c50800caaa417a https://github.com/phpmyadmin/phpmyadmin/commit/2f79bacefab46fc43cedd70917c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.php Log Message: ----------- Use phpseclib's Crypt module to generate encryption keys Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2ef4fe3d842f25e1ad0551e7ca4781b5fc7a4e59 https://github.com/phpmyadmin/phpmyadmin/commit/2ef4fe3d842f25e1ad0551e7ca4… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/FormattedTransformationsPlugin.php M test/classes/plugin/transformations/TransformationPluginsTest.php Log Message: ----------- Use iframe sandbox for rendering HTML in transformation Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e749214b1681ce6af31df169f57b0c23d2a40232 https://github.com/phpmyadmin/phpmyadmin/commit/e749214b1681ce6af31df169f57… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/VersionInformation.php M libraries/error_report.lib.php Log Message: ----------- Prefer curl over file_get_contents Curl is better in SSL certificate verification. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 767195e197e1b75609875330602aa203782e8671 https://github.com/phpmyadmin/phpmyadmin/commit/767195e197e1b75609875330602… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/Validator.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.php M libraries/replication.inc.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php Log Message: ----------- Sanitize MySQL host name before connecting It can contain p: prefix which we don't want to honor. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ba072e42dc15123bdd61185ccce85e384ca452b6 https://github.com/phpmyadmin/phpmyadmin/commit/ba072e42dc15123bdd61185ccce… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/core.lib.php M libraries/tracking.lib.php A test/libraries/core/PMA_safeUnserialize_test.php Log Message: ----------- Validate serialized data before unserializing We need only strings, integers or arrays, so there is no need to unserialize strings containing any complex types. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bde4ef735b0620f8b11deb21f29a79d9942a98ce https://github.com/phpmyadmin/phpmyadmin/commit/bde4ef735b0620f8b11deb21f29… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M templates/server/databases/create.phtml Log Message: ----------- Escape suggested database name Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 80b03a4f1629957c4b3f22288147e5ed8495856b https://github.com/phpmyadmin/phpmyadmin/commit/80b03a4f1629957c4b3f2228814… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/db_designer.lib.php M libraries/plugins/export/ExportSql.php M libraries/plugins/schema/ExportRelationSchema.php M libraries/pmd_common.php M libraries/relation.lib.php Log Message: ----------- Ensure page number is integer Even if somebody decides to change configuration storage structure. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 7ef96c5cdc2adc16f4d8530ad90c76715825d471 https://github.com/phpmyadmin/phpmyadmin/commit/7ef96c5cdc2adc16f4d8530ad90… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/RecentFavoriteTable.php M libraries/Table.php Log Message: ----------- Correctly escape MySQL username in queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 1290f9895bbcda839d0ae0b150114b9d43ab33f7 https://github.com/phpmyadmin/phpmyadmin/commit/1290f9895bbcda839d0ae0b1501… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M po/ko.po Log Message: ----------- Fix merge error in po file Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 551031da09f461a8cef3f6e5883bd0baf1a872dc https://github.com/phpmyadmin/phpmyadmin/commit/551031da09f461a8cef3f6e5883… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Validate image scaling dimensions Ensure we pass only integers and they are not too big. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ceeef537488b348a9ec4c485159e7f097f71bea5 https://github.com/phpmyadmin/phpmyadmin/commit/ceeef537488b348a9ec4c485159… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/display_export.lib.php Log Message: ----------- Add missing escaping to the export type Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: dd732134f27abc6fc41d4ec52a9e02914ca8fdf6 https://github.com/phpmyadmin/phpmyadmin/commit/dd732134f27abc6fc41d4ec52a9… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugin_interface.lib.php Log Message: ----------- Do not try to create non existing classes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: dc52930bbab226ce7b7555c3f8714b3fd31d0499 https://github.com/phpmyadmin/phpmyadmin/commit/dc52930bbab226ce7b7555c3f87… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.php Log Message: ----------- Properly handle newlines in SQL comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 7e510e8e92b33493aded0086c0b87d8ed7bdec78 https://github.com/phpmyadmin/phpmyadmin/commit/7e510e8e92b33493aded0086c0b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M templates/table/structure/display_structure.phtml Log Message: ----------- Properly escape partition removal query Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 9e3492730ebf6d60dafd0283f605c6ad09f8271a https://github.com/phpmyadmin/phpmyadmin/commit/9e3492730ebf6d60dafd0283f60… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Do not use empty MIME type This will turn on content sniffing in browser leading to unwanted results. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c3a3531b61bb0c886d4d6838356c32f655a1123c https://github.com/phpmyadmin/phpmyadmin/commit/c3a3531b61bb0c886d4d6838356… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Escape HTML markup in transformation wrapper ...in case content type is html. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 9f11a0e81198ef39664453de8531f9d627819c9e https://github.com/phpmyadmin/phpmyadmin/commit/9f11a0e81198ef39664453de853… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/server_user_groups.lib.php Log Message: ----------- Add missing escaping in user group queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: cc6853538cec697b67e03fbfef2e5f2c7ebc481f https://github.com/phpmyadmin/phpmyadmin/commit/cc6853538cec697b67e03fbfef2… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/RegexValidationTransformationsPlugin.php Log Message: ----------- Properly escape error input in the message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c3310536b2896a12dab3e0f7715c7e693221de25 https://github.com/phpmyadmin/phpmyadmin/commit/c3310536b2896a12dab3e0f7715… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/ImageUploadTransformationsPlugin.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: dc899d8e7584b6bfb104d66668527e9609a80b36 https://github.com/phpmyadmin/phpmyadmin/commit/dc899d8e7584b6bfb104d666685… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e4be768781a6c17ece9d2d3f34f9aa0f3e2e1056 https://github.com/phpmyadmin/phpmyadmin/commit/e4be768781a6c17ece9d2d3f34f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 987cce0bcf2f0ba9b705638343872f56283a0508 https://github.com/phpmyadmin/phpmyadmin/commit/987cce0bcf2f0ba9b7056383438… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M js/tbl_relation.js Log Message: ----------- Properly escape foreign key selection Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 42c868b69171f7c6095a55ab3998481cb1674d2c https://github.com/phpmyadmin/phpmyadmin/commit/42c868b69171f7c6095a55ab399… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M templates/table/search/zoom_result_form.phtml Log Message: ----------- HML encode embedded JSON data Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: af8385dc878523a5aa648423b6f33c4f936de95b https://github.com/phpmyadmin/phpmyadmin/commit/af8385dc878523a5aa648423b6f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M test/classes/plugin/transformations/TransformationPluginsTest.php Log Message: ----------- Fix tests for transformations Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 205694982bf5f9a9d2bda80255fef22166dbd4a9 https://github.com/phpmyadmin/phpmyadmin/commit/205694982bf5f9a9d2bda80255f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.php Log Message: ----------- Fix exporting multiline comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 306c148098c105aa403a01620c79c56cd1f347c6 https://github.com/phpmyadmin/phpmyadmin/commit/306c148098c105aa403a01620c7… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/navigation/nodes/NodeDatabase.php Log Message: ----------- Add missing escaping in navigation pane Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: 3a4172525f07753a4ac120cef15df457f0560b6c https://github.com/phpmyadmin/phpmyadmin/commit/3a4172525f07753a4ac120cef15… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/plugins/auth/recaptcha/ReCaptcha/ReCaptcha.php A libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Curl.php A libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/CurlPost.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Socket.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/SocketPost.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestParameters.php M libraries/plugins/auth/recaptcha/autoload.php M libraries/tcpdf/README.TXT M libraries/tcpdf/include/sRGB.icc M libraries/tcpdf/include/tcpdf_fonts.php M libraries/tcpdf/include/tcpdf_images.php M libraries/tcpdf/include/tcpdf_static.php M libraries/tcpdf/tcpdf.php M po/ar.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: c0a05eced47cb83ff9953829853262a30addb142 https://github.com/phpmyadmin/phpmyadmin/commit/c0a05eced47cb83ff9953829853… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/navigation/nodes/NodeDatabase.php Log Message: ----------- Merge branch 'QA_4_6-security' of github.com:phpmyadmin/phpmyadmin-security into QA_4_6-security Commit: 1543be7138be5de37f6152a2b6d09cc74e1cb42f https://github.com/phpmyadmin/phpmyadmin/commit/1543be7138be5de37f6152a2b6d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M doc/config.rst M libraries/plugins/export/ExportXml.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/export/ExportXmlTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/PMA_sanitize_test.php M test/test_data/exploit_test.sql M test/test_data/phpmyadmin_importXML_For_Testing.xml M test/test_data/pma_bookmark.sql Log Message: ----------- Use https to access phpmyadmin.net Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 7e6edaf756201034b5e08b40f3ffb9f8af9a7d49 https://github.com/phpmyadmin/phpmyadmin/commit/7e6edaf756201034b5e08b40f3f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: A test/libraries/core/PMA_isAllowedDomain_test.php Log Message: ----------- Add tests for PMA_isAllowedDomain Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 67d6eeac42c599e53e81781961dadfcb3d8aac23 https://github.com/phpmyadmin/phpmyadmin/commit/67d6eeac42c599e53e81781961d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/core.lib.php M test/libraries/core/PMA_isAllowedDomain_test.php Log Message: ----------- Improve URL filtering in url.php Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3ba8a026fc403e68ae4854fa0addd00135eb7848 https://github.com/phpmyadmin/phpmyadmin/commit/3ba8a026fc403e68ae4854fa0ad… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Use hash_hmac for MAC rather than plain SHA1 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f45b8cd49cbad2c8b92d02fa2435921d15490b29 https://github.com/phpmyadmin/phpmyadmin/commit/f45b8cd49cbad2c8b92d02fa243… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php Log Message: ----------- Use different secret for MAC than encryption Generated using string splitting. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2a2d865d50508458e683b96fa7d33ca5976b1d11 https://github.com/phpmyadmin/phpmyadmin/commit/2a2d865d50508458e683b96fa7d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Validate input data from cookies We expect strings only, so not accept anything else. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e2a25d773d28c9440087f3f54be45680d903d2d2 https://github.com/phpmyadmin/phpmyadmin/commit/e2a25d773d28c9440087f3f54be… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Merge pmaServer and pmaPass cookies This addresses several issues: - makes server name encrypted and authenticated, so that it can not be tampered - reduces cookie usage - reduces overhead of encryption/authentication The pmaUser cookie is still separate to avoid different lifetime (pmaUser has month lifetime, while pmaAuth is session only by default). Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d29df46b3aec576da5d8949b0792f25b63d0ac54 https://github.com/phpmyadmin/phpmyadmin/commit/d29df46b3aec576da5d8949b079… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Do not generate too long session secret We need 16+16 bytes, generating 256 is not really needed. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ef03daf658db501ddce304a1d2d0cd59dc4a6c71 https://github.com/phpmyadmin/phpmyadmin/commit/ef03daf658db501ddce304a1d2d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Remove hashing of blowfish secret New code doesn't have problems with longer secrets. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f07fd90ee910e4c6f31c310521faff460f046c28 https://github.com/phpmyadmin/phpmyadmin/commit/f07fd90ee910e4c6f31c310521f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/config/ServerConfigChecks.php Log Message: ----------- Document recommended length of 32 for blowfish_secret Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2b7be93829c38ccee7e05e769e4878280dc30ed6 https://github.com/phpmyadmin/phpmyadmin/commit/2b7be93829c38ccee7e05e769e4… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.php Log Message: ----------- Improve Blowfish secret generation in setup script Now generates secret containing all printable ASCII chars, making it way more random than with hex encoded random string. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f693c103be7103591902484a232728dcc79a8b02 https://github.com/phpmyadmin/phpmyadmin/commit/f693c103be7103591902484a232… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M config.sample.inc.php M doc/setup.rst Log Message: ----------- Document 32 chars length for blowfish_secret Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3ee65fc8bf3f3d105ed0c532c9344f5feab553ae https://github.com/phpmyadmin/phpmyadmin/commit/3ee65fc8bf3f3d105ed0c532c93… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Use MAC to verify IV as well Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 48764f226073be9fb52c7b68101fb8f7b12e3d5f https://github.com/phpmyadmin/phpmyadmin/commit/48764f226073be9fb52c7b68101… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.php Log Message: ----------- Delete temporary file before reporting error Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d9f918c36550e0e0706b00e5e9811068c6cb4bc8 https://github.com/phpmyadmin/phpmyadmin/commit/d9f918c36550e0e0706b00e5e98… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M doc/conf.py M libraries/server_privileges.lib.php M po/ckb.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: ddeab2a11ffd9ffdbb0db84e9c763ce202a4a4aa https://github.com/phpmyadmin/phpmyadmin/commit/ddeab2a11ffd9ffdbb0db84e9c7… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.php M libraries/zip_extension.lib.php M test/libraries/PMA_zip_extension_test.php Log Message: ----------- Sanitize filename on SHP import Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 41e3db158f15abfcc44840071a9e20beb00753ae https://github.com/phpmyadmin/phpmyadmin/commit/41e3db158f15abfcc44840071a9… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/navigation/NavigationTree.php M libraries/navigation/nodes/Node.php Log Message: ----------- Properly escape NavigationTreeDbSeparator in queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5d1a6af96f91a14c91e6a5d3ba3b1e0af5f43769 https://github.com/phpmyadmin/phpmyadmin/commit/5d1a6af96f91a14c91e6a5d3ba3… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/advisory_rules.txt M libraries/sanitizing.lib.php M test/classes/MessageTest.php M url.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 67b538efc3e480168c8377e4bf2390120a914c07 https://github.com/phpmyadmin/phpmyadmin/commit/67b538efc3e480168c8377e4bf2… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M url.php Log Message: ----------- Send standard set of HTTP headers on redirect Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 643681ee68b0e553a8acd0a33f01ca199d797a17 https://github.com/phpmyadmin/phpmyadmin/commit/643681ee68b0e553a8acd0a33f0… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Use consistent iv and encrypted text concatenation as other libs Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 9106b339334f9f40d814ea1bcd690a568726a8f5 https://github.com/phpmyadmin/phpmyadmin/commit/9106b339334f9f40d814ea1bcd6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Improve secrets splitting - ensure it has 16 bytes - extends it by copying content if original is too short - correctly handle corner cases (eg. 1 byte secret) Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 024a924b38aaf87c60e9eedc86b86c5b8d9f9aba https://github.com/phpmyadmin/phpmyadmin/commit/024a924b38aaf87c60e9eedc86b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php Log Message: ----------- Avoid calculating strlen twice Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d93b8736379ccc5cf0884ed9daa55ab7997b6ccb https://github.com/phpmyadmin/phpmyadmin/commit/d93b8736379ccc5cf0884ed9daa… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.php Log Message: ----------- Move return to correct place Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fd324e583ed72b21ccaca4f84ec6b0a858861ae6 https://github.com/phpmyadmin/phpmyadmin/commit/fd324e583ed72b21ccaca4f84ec… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.php Log Message: ----------- Revert "Move return to correct place" This reverts commit d93b8736379ccc5cf0884ed9daa55ab7997b6ccb. Commit: 28eb84ef435bc0be8446ce62c57f438cf5bbd070 https://github.com/phpmyadmin/phpmyadmin/commit/28eb84ef435bc0be8446ce62c57… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M ChangeLog M libraries/Table.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: ff1016e504770dd334ab30fa85de11e8559eee01 https://github.com/phpmyadmin/phpmyadmin/commit/ff1016e504770dd334ab30fa85d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/create_addfield.lib.php M normalization.php M tbl_addfield.php Log Message: ----------- Limit maximal numver of fields to 4096 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 623f5b46213b8b4fda16f52017dbaec3e44e1ce3 https://github.com/phpmyadmin/phpmyadmin/commit/623f5b46213b8b4fda16f52017d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M file_echo.php Log Message: ----------- Remove no longer used code It was used by old charts code to download charts. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 835958af3105d13754f3ba3c58de85dc7c25633e https://github.com/phpmyadmin/phpmyadmin/commit/835958af3105d13754f3ba3c58d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M ChangeLog M libraries/DisplayResults.php M libraries/Linter.php M libraries/PDF.php M libraries/plugins/schema/dia/Dia.php M libraries/plugins/schema/eps/Eps.php M libraries/plugins/schema/svg/Svg.php M libraries/tracking.lib.php M tbl_get_field.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 1e6b740e6feace1a7be44a19a980477ce62fdded https://github.com/phpmyadmin/phpmyadmin/commit/1e6b740e6feace1a7be44a19a98… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M import.php M libraries/dbi/DBIMysql.php M libraries/dbi/DBIMysqli.php Log Message: ----------- Enable LOAD DATA LOCAL INFILE only when needed There is no need to have this feature allowed for normal SQL queries, it can lead to leaking sensitive files from the web server. It's enough to enable it only in LDI import plugin, where we control what queries are executed. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f0f8f2b65e46f11ed23efe3262810132ffa2b1bf https://github.com/phpmyadmin/phpmyadmin/commit/f0f8f2b65e46f11ed23efe32628… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/server_privileges.lib.php Log Message: ----------- Escape routine privileges listing Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b932b94577ec7516283d765a645e29d2fb4d6d5a https://github.com/phpmyadmin/phpmyadmin/commit/b932b94577ec7516283d765a645… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/gis/GISGeometry.php Log Message: ----------- Ensure GIS point coordinates are numeric Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d3a91549be9fd63d3afe3ea542114aa72f4cd79a https://github.com/phpmyadmin/phpmyadmin/commit/d3a91549be9fd63d3afe3ea5421… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/session.inc.php Log Message: ----------- Remove file path from the session error message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 754c1c987bef11093e905dfa20b06273851647ea https://github.com/phpmyadmin/phpmyadmin/commit/754c1c987bef11093e905dfa20b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M lint.php Log Message: ----------- Properly mark requests to lint as AJAX request Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e67e69229a1df3a26df12b1bae89065834fd85b4 https://github.com/phpmyadmin/phpmyadmin/commit/e67e69229a1df3a26df12b1bae8… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php Log Message: ----------- Remove option to show phpinfo() ($cfg['ShowPhpInfo']) This is really more a PHP debugging feature than anything related to phpMyAdmin. If user wants to debug, it's as simple a creating file with one line of php code. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3ec8ba8693589b434283bb89489e5bf4908bfa79 https://github.com/phpmyadmin/phpmyadmin/commit/3ec8ba8693589b434283bb89489… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php Log Message: ----------- Merge pull request #179 from phpmyadmin/remove-phpinfo Remove option to show phpinfo() ($cfg['ShowPhpInfo']) Commit: c868852ae498893aa1717108b72e869146eaed49 https://github.com/phpmyadmin/phpmyadmin/commit/c868852ae498893aa1717108b72… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M ChangeLog M libraries/Config.php M libraries/VersionInformation.php M libraries/server_privileges.lib.php M user_password.php M view_create.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 99492bf42aee13181ec6b796c5d13db3ee915b94 https://github.com/phpmyadmin/phpmyadmin/commit/99492bf42aee13181ec6b796c5d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M ChangeLog M libraries/core.lib.php M libraries/session.inc.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/auth/AuthenticationHttpTest.php M test/classes/plugin/auth/AuthenticationSignonTest.php M test/libraries/core/PMA_headerLocation_test.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 9f64b31fccd588f5534ec7cca1de42f11c202888 https://github.com/phpmyadmin/phpmyadmin/commit/9f64b31fccd588f5534ec7cca1d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M ChangeLog Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 77a4d6ed9504b37d7cd26bcea26f30ecc6afdadd https://github.com/phpmyadmin/phpmyadmin/commit/77a4d6ed9504b37d7cd26bcea26… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh Log Message: ----------- Move generator scripts out of the code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: cc9d0f128ca51afb49f453d9327c851bcbe07f19 https://github.com/phpmyadmin/phpmyadmin/commit/cc9d0f128ca51afb49f453d9327… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M db_central_columns.php M libraries/DisplayResults.php M libraries/browse_foreigners.lib.php M libraries/controllers/server/ServerBinlogController.php M libraries/plugins/AuthenticationPlugin.php M libraries/plugins/auth/AuthenticationCookie.php M templates/columns_definitions/column_name.phtml M templates/table/search/options.phtml M templates/table/search/options_zoom.phtml Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: c90967071a3f43c7b53315c2595277748c1b4bed https://github.com/phpmyadmin/phpmyadmin/commit/c90967071a3f43c7b53315c2595… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M user_password.php Log Message: ----------- Do not allow to set too long password We do not accept password longer than 256 chars, so do not accept it on password change as well. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 774f0c1fefefa9b505838719c94ace9c61126bd6 https://github.com/phpmyadmin/phpmyadmin/commit/774f0c1fefefa9b505838719c94… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M libraries/ZipFile.php M libraries/engines/Innodb.php M libraries/sysinfo.lib.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 471c3377c1316a793960d4e99452990d2cefb9b1 https://github.com/phpmyadmin/phpmyadmin/commit/471c3377c1316a793960d4e9945… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 51b676c8e056cd18f2bf23521fa393282228a534 https://github.com/phpmyadmin/phpmyadmin/commit/51b676c8e056cd18f2bf23521fa… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M doc/config.rst M po/es.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: d31ff5a1e739d5a8b470b45960f8052d2ced1bba https://github.com/phpmyadmin/phpmyadmin/commit/d31ff5a1e739d5a8b470b45960f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M DCO M README M doc/config.rst M doc/copyright.rst M doc/credits.rst M doc/faq.rst M doc/glossary.rst A doc/images/usergroups.png M doc/privileges.rst M doc/require.rst M doc/setup.rst M doc/transformations.rst M libraries/config.default.php M libraries/dbi/DBIMysqli.php M libraries/error_report.lib.php M libraries/iconv_wrapper.lib.php M libraries/import.lib.php M libraries/ip_allow_deny.lib.php M libraries/plugins/export/ExportPhparray.php M libraries/plugins/transformations/TEMPLATE_ABSTRACT M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php M libraries/session.inc.php M libraries/url_generating.lib.php M scripts/line-counts.sh M scripts/revision-info M setup/index.php M test/README.rst M test/classes/AdvisorTest.php M test/classes/ConfigTest.php M test/classes/DisplayResultsTest.php M test/classes/MessageTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/auth/AuthenticationHttpTest.php M test/classes/plugin/auth/AuthenticationSignonTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/core/PMA_headerLocation_test.php M test/selenium/TestBase.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 4caa90a8324c928da3e6050f20736dbcbeaf1627 https://github.com/phpmyadmin/phpmyadmin/commit/4caa90a8324c928da3e6050f207… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/DbSearch.php Log Message: ----------- Escape string when showing confirmation message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 1eefa08bb05a3f857f57adad785f89c16c2d6ff8 https://github.com/phpmyadmin/phpmyadmin/commit/1eefa08bb05a3f857f57adad785… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M js/functions.js M version_check.php Log Message: ----------- Add login and token validation to version_check Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8dcaae5f83588b1aa65a05d3d93f408540dbf22d https://github.com/phpmyadmin/phpmyadmin/commit/8dcaae5f83588b1aa65a05d3d93… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/Response.php Log Message: ----------- Do not try to wrap output in case response handling is disabled Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 1221b5ea4a0b5023a379ccca7db784dbe410cf3c https://github.com/phpmyadmin/phpmyadmin/commit/1221b5ea4a0b5023a379ccca7db… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M ChangeLog M libraries/DatabaseInterface.php M libraries/Util.php M libraries/controllers/server/ServerDatabasesController.php M po/fi.po M server_privileges.php M test/classes/controllers/ServerDatabasesControllerTest.php M themes/original/css/common.css.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 1f595e37e0f68c98034a0d13787787607d5f74f1 https://github.com/phpmyadmin/phpmyadmin/commit/1f595e37e0f68c98034a0d13787… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M libraries/replication.inc.php Log Message: ----------- Move hostname sanitization to correct place Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d621855169f7ac97c1250c7982be8c160ae056ef https://github.com/phpmyadmin/phpmyadmin/commit/d621855169f7ac97c1250c7982b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M ChangeLog M import.php M libraries/config/messages.inc.php M libraries/sql.lib.php M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/brx.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/gu.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M sql.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: ef9bd20e7a1b793bf9a64b04b3c5a9e332bb80df https://github.com/phpmyadmin/phpmyadmin/commit/ef9bd20e7a1b793bf9a64b04b3c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M ChangeLog M doc/config.rst M doc/privileges.rst M po/ia.po M po/sl.po M user_password.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 493ece49ee378bd01beed56cea1ecd7656bec302 https://github.com/phpmyadmin/phpmyadmin/commit/493ece49ee378bd01beed56cea1… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M po/it.po M po/tr.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: e7d4ef2fbc8f3e83716af24941edc975d55b6554 https://github.com/phpmyadmin/phpmyadmin/commit/e7d4ef2fbc8f3e83716af24941e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M ChangeLog M index.php M js/ajax.js M libraries/DatabaseInterface.php M libraries/Footer.php M libraries/advisory_rules.txt M libraries/config/messages.inc.php M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/brx.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/gu.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M templates/privileges/edit_routine_privileges.phtml M templates/table/structure/display_table_stats.phtml M themes/original/css/common.css.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 2ec1f50d4580b4d2c22e39f908efa1cd5688b890 https://github.com/phpmyadmin/phpmyadmin/commit/2ec1f50d4580b4d2c22e39f908e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M ChangeLog M libraries/controllers/database/DatabaseStructureController.php M libraries/mult_submits.lib.php M libraries/transformations.lib.php M po/et.po M po/it.po M po/ja.po M po/nl.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 0f6b76b57844af5b43675c9ff5489d1a3a6baa63 https://github.com/phpmyadmin/phpmyadmin/commit/0f6b76b57844af5b43675c9ff54… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M .scrutinizer.yml M build.xml M changelog.php M config.sample.inc.php M doc/config.rst M doc/setup.rst M examples/openid.php M examples/signon.php R examples/swekey.sample.conf M file_echo.php M import.php M index.php M js/functions.js M js/tbl_relation.js M libraries/DbSearch.php M libraries/Error.php M libraries/File.php M libraries/RecentFavoriteTable.php M libraries/Response.php M libraries/Table.php M libraries/Util.php M libraries/VersionInformation.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/ServerConfigChecks.php M libraries/config/Validator.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/core.lib.php M libraries/create_addfield.lib.php M libraries/db_designer.lib.php M libraries/dbi/DBIMysql.php M libraries/dbi/DBIMysqli.php M libraries/display_export.lib.php M libraries/display_git_revision.lib.php M libraries/engines/Pbxt.php M libraries/error_report.lib.php M libraries/file_listing.lib.php M libraries/gis/GISGeometry.php M libraries/ip_allow_deny.lib.php M libraries/navigation/NavigationTree.php M libraries/navigation/nodes/Node.php M libraries/navigation/nodes/NodeDatabase.php M libraries/plugin_interface.lib.php M libraries/plugins/auth/AuthenticationCookie.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php M libraries/plugins/export/ExportMediawiki.php M libraries/plugins/export/ExportPhparray.php M libraries/plugins/export/ExportSql.php M libraries/plugins/export/ExportXml.php M libraries/plugins/import/ImportShp.php M libraries/plugins/schema/ExportRelationSchema.php M libraries/plugins/transformations/abs/FormattedTransformationsPlugin.php M libraries/plugins/transformations/abs/ImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/ImageUploadTransformationsPlugin.php M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php M libraries/plugins/transformations/abs/RegexValidationTransformationsPlugin.php M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh M libraries/pmd_common.php M libraries/relation.lib.php M libraries/replication.inc.php M libraries/replication_gui.lib.php M libraries/sanitizing.lib.php M libraries/server_privileges.lib.php M libraries/server_status_variables.lib.php M libraries/server_user_groups.lib.php M libraries/session.inc.php M libraries/tracking.lib.php M libraries/zip_extension.lib.php M lint.php M normalization.php R phpinfo.php M phpunit.xml.dist A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh M tbl_addfield.php M templates/list/item.phtml M templates/server/databases/create.phtml M templates/table/gis_visualization/gis_visualization.phtml M templates/table/search/zoom_result_form.phtml M templates/table/structure/display_structure.phtml M test/classes/DisplayResultsTest.php M test/classes/engines/PbxtTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/export/ExportPhparrayTest.php M test/classes/plugin/export/ExportXmlTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_ip_allow_deny_test.php M test/libraries/PMA_zip_extension_test.php A test/libraries/core/PMA_isAllowedDomain_test.php A test/libraries/core/PMA_safeUnserialize_test.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php M themes.php M transformation_wrapper.php M url.php M user_password.php M version_check.php Log Message: ----------- Merge remote-tracking branch 'security/QA_4_6-security' into QA_4_6 Commit: b9a6a9993e175ff13375462333ce1139095d01e1 https://github.com/phpmyadmin/phpmyadmin/commit/b9a6a9993e175ff13375462333c… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.php Log Message: ----------- Release 4.6.4 Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/13d341530bec...b9a6a9993e17

1 0

[phpmyadmin/phpmyadmin] d929c8: Sent CSP headers for phpinfo
by Isaac Bennetch 17 Aug '16

17 Aug '16

Branch: refs/heads/MAINT_4_4_15 Home: https://github.com/phpmyadmin/phpmyadmin Commit: d929c8962a047d439f7d066caaf815e1dd4112ba https://github.com/phpmyadmin/phpmyadmin/commit/d929c8962a047d439f7d066caaf… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M phpinfo.php Log Message: ----------- Sent CSP headers for phpinfo Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2989e4943b85e08e8a2e284e597e62ab7c823c0d https://github.com/phpmyadmin/phpmyadmin/commit/2989e4943b85e08e8a2e284e597… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/Util.class.php Log Message: ----------- Avoid possible path traversal using MySQL username Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6b310f055e109de21af3ec9cda6ae4ff0f5f6f7e https://github.com/phpmyadmin/phpmyadmin/commit/6b310f055e109de21af3ec9cda6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportPhparray.class.php Log Message: ----------- Generate valid PHP code even when table/database name contains PHP markup Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e47a77db5d5a322e9beca989b71bcf53f48c6570 https://github.com/phpmyadmin/phpmyadmin/commit/e47a77db5d5a322e9beca989b71… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M test/classes/plugin/export/PMA_ExportPhparray_test.php Log Message: ----------- Fix PHP export tests Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fac2bb1f7050c44af405b23b2cbab9822857914e https://github.com/phpmyadmin/phpmyadmin/commit/fac2bb1f7050c44af405b23b2cb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportXml.class.php M test/classes/plugin/export/PMA_ExportXml_test.php Log Message: ----------- Properly escape generated XML export Many fields could contain XML markup, so we need to ensure the generated XML is valid. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: cd682a6ab8e31f22bbd13a26d0b71bfd601c9f5c https://github.com/phpmyadmin/phpmyadmin/commit/cd682a6ab8e31f22bbd13a26d0b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-08 (Fri, 08 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Improve cookie encryption - use MAC to validate content before decryption - create unique IV for every cookie Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ab0f14901fcaab649213fa6fd42832b52b34c4de https://github.com/phpmyadmin/phpmyadmin/commit/ab0f14901fcaab649213fa6fd42… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-09 (Sat, 09 Jul 2016) Changed paths: M composer.json M doc/other.rst M index.php M libraries/config/messages.inc.php M libraries/import.lib.php M libraries/plugins/import/README M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php Log Message: ----------- Use https for wiki links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fd8cdd79333e5ab47d395f5f5178faaaf795d39e https://github.com/phpmyadmin/phpmyadmin/commit/fd8cdd79333e5ab47d395f5f517… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M libraries/replication_gui.lib.php M libraries/server_status_variables.lib.php Log Message: ----------- Properly escape MySQL status variables Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bec52644f1faf641bf11b8bc365a21a8f84a639d https://github.com/phpmyadmin/phpmyadmin/commit/bec52644f1faf641bf11b8bc365… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Add Secure and HttpOnly flags for session cookie setup in examples Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: e291300af3cd3686c438ba36d9cd94c80353a820 https://github.com/phpmyadmin/phpmyadmin/commit/e291300af3cd3686c438ba36d9c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Make proxy IP parsing aware of multiple proxies Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2257e60f78cf9d813f33b613524fd01e7be302eb https://github.com/phpmyadmin/phpmyadmin/commit/2257e60f78cf9d813f33b613524… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M .scrutinizer.yml M build.xml M config.sample.inc.php M doc/config.rst M doc/setup.rst R examples/swekey.sample.conf M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/plugins/auth/AuthenticationCookie.class.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php M phpunit.xml.dist M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Remove Swekey support It is buggy and their servers are no longer working. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3d47645c55d6c18e4e140ebc4bbde746e7456959 https://github.com/phpmyadmin/phpmyadmin/commit/3d47645c55d6c18e4e140ebc4bb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Remove debugging code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: de89b270f23c5210646d6d0867b5de34972befc9 https://github.com/phpmyadmin/phpmyadmin/commit/de89b270f23c5210646d6d0867b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Fix syntax error in older PHP versions Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d0b6abf5eb78ce7a175515165cd39e18bdb5836f https://github.com/phpmyadmin/phpmyadmin/commit/d0b6abf5eb78ce7a175515165cd… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/tbl_gis_visualization.lib.php Log Message: ----------- Fix XSS in tbl_gis_visualization.php Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: 1dc9c7d1fca15c3f6170729429912b88e513e970 https://github.com/phpmyadmin/phpmyadmin/commit/1dc9c7d1fca15c3f61707294299… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/replication_gui.lib.php Log Message: ----------- Fix XSS in server_replication.php Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: 63af274953f7047bae39bc4d2aa59bd450cf9f05 https://github.com/phpmyadmin/phpmyadmin/commit/63af274953f7047bae39bc4d2aa… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php Log Message: ----------- Use whitelist rather than blacklist for URL filtering Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: cee1a8d3f5de1ebe21df0b484c16822293b94130 https://github.com/phpmyadmin/phpmyadmin/commit/cee1a8d3f5de1ebe21df0b484c1… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M changelog.php M index.php M libraries/display_git_revision.lib.php M libraries/engines/pbxt.lib.php M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/sanitizing.lib.php M themes.php Log Message: ----------- Add rel="noopener noreferrer" to all target="_blank" links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 37a1f4f4995a918af9e060813eb2a86cf211d0b7 https://github.com/phpmyadmin/phpmyadmin/commit/37a1f4f4995a918af9e060813eb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M test/classes/PMA_DisplayResults_test.php M test/classes/plugin/transformations/Transformation_Plugins_test.php M test/engines/PMA_StorageEngine_pbxt_test.php Log Message: ----------- Adjust tests to recent changes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bf322fdea3ec06275e2588d1d879b410e2c8d2d9 https://github.com/phpmyadmin/phpmyadmin/commit/bf322fdea3ec06275e2588d1d87… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/ImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php M test/classes/plugin/transformations/Transformation_Plugins_test.php Log Message: ----------- Use _blank target instead of invalid _new Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 76b5dd2948bd114e2468afd375b3e9a6bbc30059 https://github.com/phpmyadmin/phpmyadmin/commit/76b5dd2948bd114e2468afd375b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/export/ExportMediawiki.class.php Log Message: ----------- Escape HTML in Mediawiki comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6e8a1c03d2fc31714ef35a0ea24277cf863b44a2 https://github.com/phpmyadmin/phpmyadmin/commit/6e8a1c03d2fc31714ef35a0ea24… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/tracking.lib.php Log Message: ----------- Ensure last version is numeric Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b758a9e36705932f0fe35b33a9faca354ed62a3a https://github.com/phpmyadmin/phpmyadmin/commit/b758a9e36705932f0fe35b33a9f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Hide session error messages to avoid FPD Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c976baa8f6606cf4f127bcd44bf8a2b79459c550 https://github.com/phpmyadmin/phpmyadmin/commit/c976baa8f6606cf4f127bcd44bf… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M import.php M libraries/File.class.php M libraries/file_listing.lib.php Log Message: ----------- Do not allow symlinks in UploadDir Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 698ef5155a1220d4d1392ebe37c21132115e32ce https://github.com/phpmyadmin/phpmyadmin/commit/698ef5155a1220d4d1392ebe37c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.class.php Log Message: ----------- Use phpseclib's Crypt module to generate encryption keys Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2cd97c646650e6554b9a519606dd213b78546b64 https://github.com/phpmyadmin/phpmyadmin/commit/2cd97c646650e6554b9a519606d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php M test/classes/plugin/transformations/Transformation_Plugins_test.php Log Message: ----------- Use iframe sandbox for rendering HTML in transformation Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: beaaaa9efd7f3e6e61aa038edfede98632599fe6 https://github.com/phpmyadmin/phpmyadmin/commit/beaaaa9efd7f3e6e61aa038edfe… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/VersionInformation.php M libraries/error_report.lib.php Log Message: ----------- Prefer curl over file_get_contents Curl is better in SSL certificate verification. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 10bdb0df4a73013112d146a0c046c903d1e2b3e3 https://github.com/phpmyadmin/phpmyadmin/commit/10bdb0df4a73013112d146a0c04… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/Validator.class.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/replication.inc.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php Log Message: ----------- Sanitize MySQL host name before connecting It can contain p: prefix which we don't want to honor. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2104fb66eb2b0194dabd96c0685b874db2de9af2 https://github.com/phpmyadmin/phpmyadmin/commit/2104fb66eb2b0194dabd96c0685… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/core.lib.php M libraries/tracking.lib.php A test/libraries/core/PMA_safeUnserialize_test.php Log Message: ----------- Validate serialized data before unserializing We need only strings, integers or arrays, so there is no need to unserialize strings containing any complex types. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b1801af0c118e4a47a54968c7e1236cd39c670af https://github.com/phpmyadmin/phpmyadmin/commit/b1801af0c118e4a47a54968c7e1… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/display_create_database.lib.php Log Message: ----------- Escape suggested database name Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5d427d65089af5106ae0e306379d99b6d3c51764 https://github.com/phpmyadmin/phpmyadmin/commit/5d427d65089af5106ae0e306379… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/db_designer.lib.php M libraries/plugins/schema/Export_Relation_Schema.class.php M libraries/pmd_common.php M libraries/relation.lib.php Log Message: ----------- Ensure page number is integer Even if somebody decides to change configuration storage structure. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b49dba4bdcb58a8717c42e351a6cce462efd2599 https://github.com/phpmyadmin/phpmyadmin/commit/b49dba4bdcb58a8717c42e351a6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/RecentFavoriteTable.class.php M libraries/Table.class.php Log Message: ----------- Correctly escape MySQL username in queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2582fa1018e19f2b58b541bbe466a20f2cbd88d4 https://github.com/phpmyadmin/phpmyadmin/commit/2582fa1018e19f2b58b541bbe46… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Validate image scaling dimensions Ensure we pass only integers and they are not too big. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5b7da187d0bfc3de3ff8a15767f88556363281d7 https://github.com/phpmyadmin/phpmyadmin/commit/5b7da187d0bfc3de3ff8a15767f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugin_interface.lib.php Log Message: ----------- Do not try to create non existing classes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4f8a16cc008ebf81a06eef0656d3f46f5380ffe9 https://github.com/phpmyadmin/phpmyadmin/commit/4f8a16cc008ebf81a06eef0656d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Properly handle newlines in SQL comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 566a6885e82aa54f25843664443b11ca45c106bc https://github.com/phpmyadmin/phpmyadmin/commit/566a6885e82aa54f25843664443… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Do not use empty MIME type This will turn on content sniffing in browser leading to unwanted results. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fb0e7ea4b4f795946f6b723dd8086594aed49d5e https://github.com/phpmyadmin/phpmyadmin/commit/fb0e7ea4b4f795946f6b723dd80… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Escape HTML markup in transformation wrapper ...in case content type is html. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 93a6913196e60d87772e795b1374fab894475f84 https://github.com/phpmyadmin/phpmyadmin/commit/93a6913196e60d87772e795b137… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/server_user_groups.lib.php Log Message: ----------- Add missing escaping in user group queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4062df92df1ef0f3c548807da3b6c7b63d2f74d6 https://github.com/phpmyadmin/phpmyadmin/commit/4062df92df1ef0f3c548807da3b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/RegexValidationTransformationsPlugin.class.php Log Message: ----------- Properly escape error input in the message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 1c62be26242489ca30357a8fe423b708c5659059 https://github.com/phpmyadmin/phpmyadmin/commit/1c62be26242489ca30357a8fe42… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/ImageUploadTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f6af4f32cd4112d774d823e236982a218569d13c https://github.com/phpmyadmin/phpmyadmin/commit/f6af4f32cd4112d774d823e2369… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5ea073c2a3b07e4d58dc4d9be3106526f1edf6c3 https://github.com/phpmyadmin/phpmyadmin/commit/5ea073c2a3b07e4d58dc4d9be31… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6f3cd526e3e6acd655899c6edccb92cdcb62a493 https://github.com/phpmyadmin/phpmyadmin/commit/6f3cd526e3e6acd655899c6edcc… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M js/tbl_relation.js Log Message: ----------- Properly escape foreign key selection Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b8c216c81910f77dffaae6dba49631324d9afbbc https://github.com/phpmyadmin/phpmyadmin/commit/b8c216c81910f77dffaae6dba49… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/TableSearch.class.php Log Message: ----------- HML encode embedded JSON data Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2ac1359292f8ae081a7f9565a70ecb6afbd1f78b https://github.com/phpmyadmin/phpmyadmin/commit/2ac1359292f8ae081a7f9565a70… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Fix exporting multiline comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3b885af874762abb1b0b28c7fa8ca3406115abfc https://github.com/phpmyadmin/phpmyadmin/commit/3b885af874762abb1b0b28c7fa8… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M test/classes/plugin/transformations/Transformation_Plugins_test.php Log Message: ----------- Fix tests for transformations Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 91336e1d5c556b5f4d6a6a8fa79ad12369fa5412 https://github.com/phpmyadmin/phpmyadmin/commit/91336e1d5c556b5f4d6a6a8fa79… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M test/classes/PMA_TableSearch_test.php Log Message: ----------- Fix test for table search Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 20db714269a65b4a6e893e9ae8b52be53cb378e7 https://github.com/phpmyadmin/phpmyadmin/commit/20db714269a65b4a6e893e9ae8b… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/navigation/Nodes/Node_Database.class.php Log Message: ----------- Add missing escaping in navigation pane Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: bf9ad3a8eb4e66892d394f7073af669d483d4e31 https://github.com/phpmyadmin/phpmyadmin/commit/bf9ad3a8eb4e66892d394f7073a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M ChangeLog M README M README.rst M changelog.php M config.sample.inc.php M doc/config.rst M doc/transformations.rst M index.php M libraries/Util.class.php M libraries/error_report.lib.php M libraries/plugins/export/ExportLatex.class.php M libraries/plugins/export/ExportSql.class.php M libraries/plugins/export/ExportXml.class.php M po/es.po M test/classes/PMA_Config_test.php M test/classes/PMA_Message_test.php M test/classes/config/PMA_FormDisplay_test.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php M test/classes/plugin/export/PMA_ExportXml_test.php M test/classes/plugin/transformations/Transformation_Plugins_test.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/PMA_sanitize_test.php M test/libraries/PMA_user_preferences_test.php M test/libraries/common/PMA_showDocu_test.php M test/test_data/exploit_test.sql M test/test_data/phpmyadmin_importXML_For_Testing.xml M test/test_data/pma_bookmark.sql Log Message: ----------- Use https to access phpmyadmin.net Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 88c72dc8dfc7033453cdc0f266b9c472e11db07c https://github.com/phpmyadmin/phpmyadmin/commit/88c72dc8dfc7033453cdc0f266b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Improve URL filtering in url.php Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e31ac0b6832a594a0344ddeb0b7d4516516454bf https://github.com/phpmyadmin/phpmyadmin/commit/e31ac0b6832a594a0344ddeb0b7… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php Log Message: ----------- Delete temporary file before reporting error Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f80a250873210f7c98b5dc5a7131adeaa057486e https://github.com/phpmyadmin/phpmyadmin/commit/f80a250873210f7c98b5dc5a713… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php M libraries/zip_extension.lib.php M test/libraries/PMA_zip_extension_test.php Log Message: ----------- Sanitize filename on SHP import Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 06a1677fef6e89ecad1df455f5af77a3457d3805 https://github.com/phpmyadmin/phpmyadmin/commit/06a1677fef6e89ecad1df455f5a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/navigation/NavigationTree.class.php M libraries/navigation/Nodes/Node.class.php Log Message: ----------- Properly escape NavigationTreeDbSeparator in queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5c9f25db4648fa81a2e0b7375a61495b60313394 https://github.com/phpmyadmin/phpmyadmin/commit/5c9f25db4648fa81a2e0b7375a6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M url.php Log Message: ----------- Send standard set of HTTP headers on redirect Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ec62a6d7d9fbbaf9ecf41477eaca7a52e0aade74 https://github.com/phpmyadmin/phpmyadmin/commit/ec62a6d7d9fbbaf9ecf41477eac… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst M index.php M libraries/config/ServerConfigChecks.class.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Backport cookie encryption from 4.6 branch - Use hash_hmac for MAC rather than plain SHA1 - Use different secret for MAC than encryption - Merge pmaServer and pmaPass cookies - Document 32 chars length for blowfish_secret Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d5570787a79ac1fe503bca6b340e860f7dcaf9d8 https://github.com/phpmyadmin/phpmyadmin/commit/d5570787a79ac1fe503bca6b340… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.class.php Log Message: ----------- Move return to correct place Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 1586714fe94098ea2bd7d4b57c9bd6e0b921322a https://github.com/phpmyadmin/phpmyadmin/commit/1586714fe94098ea2bd7d4b57c9… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.class.php Log Message: ----------- Revert "Move return to correct place" This reverts commit d5570787a79ac1fe503bca6b340e860f7dcaf9d8. Commit: 62ae47c0bc83ba53e4c200fba1fb832f765fb5f0 https://github.com/phpmyadmin/phpmyadmin/commit/62ae47c0bc83ba53e4c200fba1f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/create_addfield.lib.php M normalization.php M tbl_addfield.php Log Message: ----------- Limit maximal numver of fields to 4096 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a553a11764292dd96815ef60486cac93f55ed08b https://github.com/phpmyadmin/phpmyadmin/commit/a553a11764292dd96815ef60486… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M file_echo.php Log Message: ----------- Remove no longer used code It was used by old charts code to download charts. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d02d61ada7c8e29753fd37440b511a1088efb060 https://github.com/phpmyadmin/phpmyadmin/commit/d02d61ada7c8e29753fd37440b5… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M import.php M libraries/dbi/DBIMysql.class.php M libraries/dbi/DBIMysqli.class.php Log Message: ----------- Enable LOAD DATA LOCAL INFILE only when needed There is no need to have this feature allowed for normal SQL queries, it can lead to leaking sensitive files from the web server. It's enough to enable it only in LDI import plugin, where we control what queries are executed. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2cfe5137695df8c917a7d50fdbe3afbbd22c66da https://github.com/phpmyadmin/phpmyadmin/commit/2cfe5137695df8c917a7d50fdbe… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Adjust cookie tests to match current code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3ded2394686bbdbee13caa13c5f59e424712482d https://github.com/phpmyadmin/phpmyadmin/commit/3ded2394686bbdbee13caa13c5f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/gis/GIS_Geometry.class.php Log Message: ----------- Ensure GIS point coordinates are numeric Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 61591c4438ff1ab25c0d5a5fb3f0f363a627fe2c https://github.com/phpmyadmin/phpmyadmin/commit/61591c4438ff1ab25c0d5a5fb3f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php Log Message: ----------- Remove option to show phpinfo() ($cfg['ShowPhpInfo']) This is really more a PHP debugging feature than anything related to phpMyAdmin. If user wants to debug, it's as simple a creating file with one line of php code. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 0a3c6d3ddc1bdebf3d4cd12bae0f23c42b1b3915 https://github.com/phpmyadmin/phpmyadmin/commit/0a3c6d3ddc1bdebf3d4cd12bae0… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh Log Message: ----------- Move generator scripts out of the code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 0cbf74792ff0344389dd0be2d6eb226b9b2c23e4 https://github.com/phpmyadmin/phpmyadmin/commit/0cbf74792ff0344389dd0be2d6e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M user_password.php Log Message: ----------- Do not allow to set too long password We do not accept password longer than 256 chars, so do not accept it on password change as well. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c3f6c8e5c834bef2d6d0577fe7251969e423639c https://github.com/phpmyadmin/phpmyadmin/commit/c3f6c8e5c834bef2d6d0577fe72… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/DbSearch.class.php Log Message: ----------- Escape string when showing confirmation message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a1d29fabf8ee96b50f084887342d526bbf375c69 https://github.com/phpmyadmin/phpmyadmin/commit/a1d29fabf8ee96b50f084887342… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/Response.class.php Log Message: ----------- Do not try to wrap output in case response handling is disabled Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4ef7964f60d6e998ef5f656542e751158aa98a3f https://github.com/phpmyadmin/phpmyadmin/commit/4ef7964f60d6e998ef5f656542e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M js/functions.js M version_check.php Log Message: ----------- Add login and token validation to version_check Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4dcdf5fc845261bd3de136ca71818dc4b482ac1d https://github.com/phpmyadmin/phpmyadmin/commit/4dcdf5fc845261bd3de136ca718… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M libraries/replication.inc.php Log Message: ----------- Move hostname sanitization to correct place Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 39864227e7c33f9a6ef29890017e48164df54858 https://github.com/phpmyadmin/phpmyadmin/commit/39864227e7c33f9a6ef29890017… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php Log Message: ----------- Release 4.4.15.8 Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/9cb8b301194b...39864227e7c3

1 0

[phpmyadmin/phpmyadmin] e46fdb: Sent CSP headers for phpinfo
by Isaac Bennetch 17 Aug '16

17 Aug '16

Branch: refs/heads/MAINT_4_0_10 Home: https://github.com/phpmyadmin/phpmyadmin Commit: e46fdb8e5e5fab4df762d0af54e328f290f442a8 https://github.com/phpmyadmin/phpmyadmin/commit/e46fdb8e5e5fab4df762d0af54e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M phpinfo.php Log Message: ----------- Sent CSP headers for phpinfo Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c6cfb58834267c36169d045bc42ebbcacfa7f1c2 https://github.com/phpmyadmin/phpmyadmin/commit/c6cfb58834267c36169d045bc42… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/Util.class.php Log Message: ----------- Avoid possible path traversal using MySQL username Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 34a1cebf762af07ba80e9d3aa05ffcd20b4025c7 https://github.com/phpmyadmin/phpmyadmin/commit/34a1cebf762af07ba80e9d3aa05… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportPhparray.class.php Log Message: ----------- Generate valid PHP code even when table/database name contains PHP markup Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 59e0f3dee4b7cfe05375f8b0e90adb19e1af6377 https://github.com/phpmyadmin/phpmyadmin/commit/59e0f3dee4b7cfe05375f8b0e90… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportXml.class.php Log Message: ----------- Properly escape generated XML export Many fields could contain XML markup, so we need to ensure the generated XML is valid. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 95b7b7d6dd1402aba6a0d9ccc8683b7ef53602b4 https://github.com/phpmyadmin/phpmyadmin/commit/95b7b7d6dd1402aba6a0d9ccc86… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-08 (Fri, 08 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Improve cookie encryption - use MAC to validate content before decryption - create unique IV for every cookie Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: cf2e0afdb7b247a54192e85b298ec89adaecebca https://github.com/phpmyadmin/phpmyadmin/commit/cf2e0afdb7b247a54192e85b298… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-09 (Sat, 09 Jul 2016) Changed paths: M composer.json M doc/other.rst M index.php M libraries/config/FormDisplay.class.php M libraries/config/messages.inc.php M libraries/import.lib.php M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/gl.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/ko.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php Log Message: ----------- Use https for wiki links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a9005b20bcb81b1e2007ab69c6bd67a3679d56b3 https://github.com/phpmyadmin/phpmyadmin/commit/a9005b20bcb81b1e2007ab69c6b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M libraries/replication_gui.lib.php M server_status_variables.php Log Message: ----------- Properly escape MySQL status variables Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: eb2c702ab22e58cb6e719f6c8a0e0c9816e3e1a1 https://github.com/phpmyadmin/phpmyadmin/commit/eb2c702ab22e58cb6e719f6c8a0… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Add Secure and HttpOnly flags for session cookie setup in examples Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: 4440790902618c98f81f23a28747ccc117bfe53b https://github.com/phpmyadmin/phpmyadmin/commit/4440790902618c98f81f23a2874… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Make proxy IP parsing aware of multiple proxies Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ec2bd5d84c4583a38f0086bac207e88f27d77749 https://github.com/phpmyadmin/phpmyadmin/commit/ec2bd5d84c4583a38f0086bac20… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst R examples/swekey.sample.conf M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/plugins/auth/AuthenticationCookie.class.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php Log Message: ----------- Remove Swekey support It is buggy and their servers are no longer working. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ee6557a689a73b21449ba3ad29c7317aeb06011e https://github.com/phpmyadmin/phpmyadmin/commit/ee6557a689a73b21449ba3ad29c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Remove debugging code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: dc2518974124b98a57107e9486084df76a655227 https://github.com/phpmyadmin/phpmyadmin/commit/dc2518974124b98a57107e94860… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Fix syntax error in older PHP versions Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6cbbcdb719829075aaa2d5a91828831dbf1d74e1 https://github.com/phpmyadmin/phpmyadmin/commit/6cbbcdb719829075aaa2d5a9182… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/replication_gui.lib.php Log Message: ----------- Fix XSS in server_replication.php Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: a416cbe6c7dd14b843f4ceed6d17be112ad4aad6 https://github.com/phpmyadmin/phpmyadmin/commit/a416cbe6c7dd14b843f4ceed6d1… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php Log Message: ----------- Use whitelist rather than blacklist for URL filtering Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 63a5fdaa21ed2f755b164376aeb661425e8a1ba7 https://github.com/phpmyadmin/phpmyadmin/commit/63a5fdaa21ed2f755b164376aeb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M changelog.php M index.php M libraries/display_git_revision.lib.php M libraries/engines/pbxt.lib.php M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/sanitizing.lib.php M themes.php Log Message: ----------- Add rel="noopener noreferrer" to all target="_blank" links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 0a4cdc25f1b30db18186726d9122e68b4cba120a https://github.com/phpmyadmin/phpmyadmin/commit/0a4cdc25f1b30db18186726d912… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php Log Message: ----------- Use _blank target instead of invalid _new Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e9a4de70a769312d3dce61b69f65015cdd2c4681 https://github.com/phpmyadmin/phpmyadmin/commit/e9a4de70a769312d3dce61b69f6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/export/ExportMediawiki.class.php Log Message: ----------- Escape HTML in Mediawiki comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 41684ff1a1fe2380c93fc3a0bf2d68ceb81b55e5 https://github.com/phpmyadmin/phpmyadmin/commit/41684ff1a1fe2380c93fc3a0bf2… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Hide session error messages to avoid FPD Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ab05803a4257c12ee75c3cf1cbc941b3ab1dcf7e https://github.com/phpmyadmin/phpmyadmin/commit/ab05803a4257c12ee75c3cf1cbc… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M import.php M libraries/File.class.php M libraries/file_listing.lib.php Log Message: ----------- Do not allow symlinks in UploadDir Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c8297b4718d46f1d78ec7405cdbeb3b3f937001f https://github.com/phpmyadmin/phpmyadmin/commit/c8297b4718d46f1d78ec7405cdb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php M setup/lib/index.lib.php Log Message: ----------- Use phpseclib's Crypt module to generate encryption keys Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 14fd2758114040d4aa2d49c50f425f1e5a046a7f https://github.com/phpmyadmin/phpmyadmin/commit/14fd2758114040d4aa2d49c50f4… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php Log Message: ----------- Use iframe sandbox for rendering HTML in transformation Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bdc7436c7796c7500a53d84bf44c6e24bf96fa74 https://github.com/phpmyadmin/phpmyadmin/commit/bdc7436c7796c7500a53d84bf44… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M version_check.php Log Message: ----------- Prefer curl over file_get_contents Curl is better in SSL certificate verification. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8e0918cc410fea4bb58a26caa0bb07b65c8da77c https://github.com/phpmyadmin/phpmyadmin/commit/8e0918cc410fea4bb58a26caa0b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/validate.lib.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/replication.inc.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php Log Message: ----------- Sanitize MySQL host name before connecting It can contain p: prefix which we don't want to honor. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 80c93025a7523da0fd7ba25c11d10adbe425d439 https://github.com/phpmyadmin/phpmyadmin/commit/80c93025a7523da0fd7ba25c11d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/core.lib.php M tbl_tracking.php A test/libraries/core/PMA_safeUnserialize_test.php Log Message: ----------- Validate serialized data before unserializing We need only strings, integers or arrays, so there is no need to unserialize strings containing any complex types. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a3953f88ef5ab287718bf73c454733947ce52128 https://github.com/phpmyadmin/phpmyadmin/commit/a3953f88ef5ab287718bf73c454… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/display_create_database.lib.php Log Message: ----------- Escape suggested database name Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fec9b98a22afd6e484e584c71990cc1325e96f2c https://github.com/phpmyadmin/phpmyadmin/commit/fec9b98a22afd6e484e584c7199… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/schema/Export_Relation_Schema.class.php M libraries/schema/User_Schema.class.php M pmd_pdf.php Log Message: ----------- Ensure page number is integer Even if somebody decides to change configuration storage structure. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8ac57b1281250cbf3f0eee3db23fed281ad2ba3d https://github.com/phpmyadmin/phpmyadmin/commit/8ac57b1281250cbf3f0eee3db23… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/RecentTable.class.php M libraries/Table.class.php Log Message: ----------- Correctly escape MySQL username in queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ff88cdbed224273b65e3df3a584c16e8b893cbbf https://github.com/phpmyadmin/phpmyadmin/commit/ff88cdbed224273b65e3df3a584… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Validate image scaling dimensions Ensure we pass only integers and they are not too big. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 7f7a8ac4678d8488759ee68ff751f45821546dd3 https://github.com/phpmyadmin/phpmyadmin/commit/7f7a8ac4678d8488759ee68ff75… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugin_interface.lib.php Log Message: ----------- Do not try to create non existing classes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 56e13501184d1354b84b63dce7c00deae5066e9b https://github.com/phpmyadmin/phpmyadmin/commit/56e13501184d1354b84b63dce7c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Properly handle newlines in SQL comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8f3ee9f9dbcbaddebcdd95f4cbd7c7ea00ab17da https://github.com/phpmyadmin/phpmyadmin/commit/8f3ee9f9dbcbaddebcdd95f4cbd… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Do not use empty MIME type This will turn on content sniffing in browser leading to unwanted results. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 09a427b288cbbd1508a055a5594f906c22a60dec https://github.com/phpmyadmin/phpmyadmin/commit/09a427b288cbbd1508a055a5594… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Escape HTML markup in transformation wrapper ...in case content type is html. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 31546255f3ba8c8f2fc1e001aabff2da4054d293 https://github.com/phpmyadmin/phpmyadmin/commit/31546255f3ba8c8f2fc1e001aab… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 04156efeb02ade052e46e09c93c74b95e2da9175 https://github.com/phpmyadmin/phpmyadmin/commit/04156efeb02ade052e46e09c93c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 0f87b73ae203d79f74765c97f637a51b87205515 https://github.com/phpmyadmin/phpmyadmin/commit/0f87b73ae203d79f74765c97f63… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/TableSearch.class.php Log Message: ----------- HML encode embedded JSON data Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ab26a8fe97be18f854c12ffda704f253c7706dfd https://github.com/phpmyadmin/phpmyadmin/commit/ab26a8fe97be18f854c12ffda70… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Fix exporting multiline comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 714818f3ad21aa44ed2017ede8009cbc30d4816d https://github.com/phpmyadmin/phpmyadmin/commit/714818f3ad21aa44ed2017ede80… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M ChangeLog M README M README.rst M changelog.php M composer.json M config.sample.inc.php M doc/developers.rst M doc/faq.rst M doc/intro.rst M doc/other.rst M doc/transformations.rst M index.php M libraries/Util.class.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/plugins/export/ExportLatex.class.php M libraries/plugins/export/ExportSql.class.php M libraries/plugins/export/ExportXml.class.php M po/es.po M test/classes/PMA_Message_test.php M test/libraries/PMA_sanitize_test.php M test/libraries/common/PMA_showDocu_test.php M test/test_data/exploit_test.sql M themes.php M version_check.php Log Message: ----------- Use https to access phpmyadmin.net Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e8c5cab3c117e68a0d837319e0e83bdfc50be1fb https://github.com/phpmyadmin/phpmyadmin/commit/e8c5cab3c117e68a0d837319e0e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Improve URL filtering in url.php Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6f8eb0993d1a37f14608b90e433791b723c51085 https://github.com/phpmyadmin/phpmyadmin/commit/6f8eb0993d1a37f14608b90e433… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php Log Message: ----------- Delete temporary file before reporting error Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 378c3820bf1a3c184640cd8bbe95a3b1f30ff747 https://github.com/phpmyadmin/phpmyadmin/commit/378c3820bf1a3c184640cd8bbe9… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php M libraries/zip_extension.lib.php M test/libraries/PMA_zip_extension_test.php Log Message: ----------- Sanitize filename on SHP import Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 85e1d6ec808634834927ef33e1bc77f617a67ca1 https://github.com/phpmyadmin/phpmyadmin/commit/85e1d6ec808634834927ef33e1b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/OutputBuffering.class.php M url.php Log Message: ----------- Send standard set of HTTP headers on redirect Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ae8693db68581d4d0d3a25e317f4ca7cf55b128f https://github.com/phpmyadmin/phpmyadmin/commit/ae8693db68581d4d0d3a25e317f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst M index.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M setup/lib/index.lib.php Log Message: ----------- Backport cookie encryption from 4.6 branch - Use hash_hmac for MAC rather than plain SHA1 - Use different secret for MAC than encryption - Merge pmaServer and pmaPass cookies - Document 32 chars length for blowfish_secret Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5a28b63f9c3f96e0510740625cade52ea32dc392 https://github.com/phpmyadmin/phpmyadmin/commit/5a28b63f9c3f96e0510740625ca… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M tbl_addfield.php M tbl_create.php Log Message: ----------- Limit maximal numver of fields to 4096 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f261abbdf9fa7f96e30e8e040866a326f5e9b95d https://github.com/phpmyadmin/phpmyadmin/commit/f261abbdf9fa7f96e30e8e04086… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M file_echo.php Log Message: ----------- Remove no longer used code It was used by old charts code to download charts. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d03954bf9ca3b1cc4037214e7983617732282872 https://github.com/phpmyadmin/phpmyadmin/commit/d03954bf9ca3b1cc4037214e798… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M import.php M libraries/dbi/mysql.dbi.lib.php M libraries/dbi/mysqli.dbi.lib.php Log Message: ----------- Enable LOAD DATA LOCAL INFILE only when needed There is no need to have this feature allowed for normal SQL queries, it can lead to leaking sensitive files from the web server. It's enough to enable it only in LDI import plugin, where we control what queries are executed. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4d15f6b131a7ffc107714d9503f8a93e4c7461af https://github.com/phpmyadmin/phpmyadmin/commit/4d15f6b131a7ffc107714d9503f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Fix random invocation Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ac703223e97398d1d3ad902afd036e303dc3de9b https://github.com/phpmyadmin/phpmyadmin/commit/ac703223e97398d1d3ad902afd0… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/gis/pma_gis_geometry.php Log Message: ----------- Ensure GIS point coordinates are numeric Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: eec14404a738b1259ee7dfc4fbdf17b47e497f1d https://github.com/phpmyadmin/phpmyadmin/commit/eec14404a738b1259ee7dfc4fbd… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php Log Message: ----------- Remove option to show phpinfo() ($cfg['ShowPhpInfo']) This is really more a PHP debugging feature than anything related to phpMyAdmin. If user wants to debug, it's as simple a creating file with one line of php code. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 47d00af08a90c5aa47c23f5eaa7b31818bffe9d6 https://github.com/phpmyadmin/phpmyadmin/commit/47d00af08a90c5aa47c23f5eaa7… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh Log Message: ----------- Move generator scripts out of the code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 262aa8ec73641a9cba264711575c04424757d655 https://github.com/phpmyadmin/phpmyadmin/commit/262aa8ec73641a9cba264711575… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M user_password.php Log Message: ----------- Fix password change with cookie auth Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b0e66715ba77d2171458c2a0ef5e2673e9f7ff76 https://github.com/phpmyadmin/phpmyadmin/commit/b0e66715ba77d2171458c2a0ef5… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M user_password.php Log Message: ----------- Do not allow to set too long password We do not accept password longer than 256 chars, so do not accept it on password change as well. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 126321da378cf14165f845309446be410470229b https://github.com/phpmyadmin/phpmyadmin/commit/126321da378cf14165f84530944… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/DbSearch.class.php Log Message: ----------- Escape string when showing confirmation message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 533ffa49427c2c5e9a1a7a332df54a8b7f7e57f5 https://github.com/phpmyadmin/phpmyadmin/commit/533ffa49427c2c5e9a1a7a332df… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M js/functions.js M version_check.php Log Message: ----------- Add login and token validation to version_check Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2922cb7c70300e76cbaa7509c007f48615ac879d https://github.com/phpmyadmin/phpmyadmin/commit/2922cb7c70300e76cbaa7509c00… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/Response.class.php Log Message: ----------- Do not try to wrap output in case response handling is disabled Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 12db0baeaee530007fe7b1915faf3e9867356f7b https://github.com/phpmyadmin/phpmyadmin/commit/12db0baeaee530007fe7b1915fa… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M libraries/replication.inc.php Log Message: ----------- Move hostname sanitization to correct place Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5ba96c8804d9dd18ad380e9c5cb713201ab3cb89 https://github.com/phpmyadmin/phpmyadmin/commit/5ba96c8804d9dd18ad380e9c5cb… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php Log Message: ----------- Release 4.0.10.17 Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/01673e94ddc4...5ba96c8804d9

1 0

[phpmyadmin/phpmyadmin] d929c8: Sent CSP headers for phpinfo
by Isaac Bennetch 17 Aug '16

17 Aug '16

Branch: refs/tags/RELEASE_4_4_15_8 Home: https://github.com/phpmyadmin/phpmyadmin Commit: d929c8962a047d439f7d066caaf815e1dd4112ba https://github.com/phpmyadmin/phpmyadmin/commit/d929c8962a047d439f7d066caaf… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M phpinfo.php Log Message: ----------- Sent CSP headers for phpinfo Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2989e4943b85e08e8a2e284e597e62ab7c823c0d https://github.com/phpmyadmin/phpmyadmin/commit/2989e4943b85e08e8a2e284e597… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/Util.class.php Log Message: ----------- Avoid possible path traversal using MySQL username Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6b310f055e109de21af3ec9cda6ae4ff0f5f6f7e https://github.com/phpmyadmin/phpmyadmin/commit/6b310f055e109de21af3ec9cda6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportPhparray.class.php Log Message: ----------- Generate valid PHP code even when table/database name contains PHP markup Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e47a77db5d5a322e9beca989b71bcf53f48c6570 https://github.com/phpmyadmin/phpmyadmin/commit/e47a77db5d5a322e9beca989b71… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M test/classes/plugin/export/PMA_ExportPhparray_test.php Log Message: ----------- Fix PHP export tests Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fac2bb1f7050c44af405b23b2cbab9822857914e https://github.com/phpmyadmin/phpmyadmin/commit/fac2bb1f7050c44af405b23b2cb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportXml.class.php M test/classes/plugin/export/PMA_ExportXml_test.php Log Message: ----------- Properly escape generated XML export Many fields could contain XML markup, so we need to ensure the generated XML is valid. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: cd682a6ab8e31f22bbd13a26d0b71bfd601c9f5c https://github.com/phpmyadmin/phpmyadmin/commit/cd682a6ab8e31f22bbd13a26d0b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-08 (Fri, 08 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Improve cookie encryption - use MAC to validate content before decryption - create unique IV for every cookie Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ab0f14901fcaab649213fa6fd42832b52b34c4de https://github.com/phpmyadmin/phpmyadmin/commit/ab0f14901fcaab649213fa6fd42… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-09 (Sat, 09 Jul 2016) Changed paths: M composer.json M doc/other.rst M index.php M libraries/config/messages.inc.php M libraries/import.lib.php M libraries/plugins/import/README M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php Log Message: ----------- Use https for wiki links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fd8cdd79333e5ab47d395f5f5178faaaf795d39e https://github.com/phpmyadmin/phpmyadmin/commit/fd8cdd79333e5ab47d395f5f517… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M libraries/replication_gui.lib.php M libraries/server_status_variables.lib.php Log Message: ----------- Properly escape MySQL status variables Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bec52644f1faf641bf11b8bc365a21a8f84a639d https://github.com/phpmyadmin/phpmyadmin/commit/bec52644f1faf641bf11b8bc365… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Add Secure and HttpOnly flags for session cookie setup in examples Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: e291300af3cd3686c438ba36d9cd94c80353a820 https://github.com/phpmyadmin/phpmyadmin/commit/e291300af3cd3686c438ba36d9c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Make proxy IP parsing aware of multiple proxies Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2257e60f78cf9d813f33b613524fd01e7be302eb https://github.com/phpmyadmin/phpmyadmin/commit/2257e60f78cf9d813f33b613524… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M .scrutinizer.yml M build.xml M config.sample.inc.php M doc/config.rst M doc/setup.rst R examples/swekey.sample.conf M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/plugins/auth/AuthenticationCookie.class.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php M phpunit.xml.dist M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Remove Swekey support It is buggy and their servers are no longer working. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3d47645c55d6c18e4e140ebc4bbde746e7456959 https://github.com/phpmyadmin/phpmyadmin/commit/3d47645c55d6c18e4e140ebc4bb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Remove debugging code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: de89b270f23c5210646d6d0867b5de34972befc9 https://github.com/phpmyadmin/phpmyadmin/commit/de89b270f23c5210646d6d0867b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Fix syntax error in older PHP versions Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d0b6abf5eb78ce7a175515165cd39e18bdb5836f https://github.com/phpmyadmin/phpmyadmin/commit/d0b6abf5eb78ce7a175515165cd… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/tbl_gis_visualization.lib.php Log Message: ----------- Fix XSS in tbl_gis_visualization.php Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: 1dc9c7d1fca15c3f6170729429912b88e513e970 https://github.com/phpmyadmin/phpmyadmin/commit/1dc9c7d1fca15c3f61707294299… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/replication_gui.lib.php Log Message: ----------- Fix XSS in server_replication.php Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: 63af274953f7047bae39bc4d2aa59bd450cf9f05 https://github.com/phpmyadmin/phpmyadmin/commit/63af274953f7047bae39bc4d2aa… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php Log Message: ----------- Use whitelist rather than blacklist for URL filtering Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: cee1a8d3f5de1ebe21df0b484c16822293b94130 https://github.com/phpmyadmin/phpmyadmin/commit/cee1a8d3f5de1ebe21df0b484c1… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M changelog.php M index.php M libraries/display_git_revision.lib.php M libraries/engines/pbxt.lib.php M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/sanitizing.lib.php M themes.php Log Message: ----------- Add rel="noopener noreferrer" to all target="_blank" links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 37a1f4f4995a918af9e060813eb2a86cf211d0b7 https://github.com/phpmyadmin/phpmyadmin/commit/37a1f4f4995a918af9e060813eb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M test/classes/PMA_DisplayResults_test.php M test/classes/plugin/transformations/Transformation_Plugins_test.php M test/engines/PMA_StorageEngine_pbxt_test.php Log Message: ----------- Adjust tests to recent changes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bf322fdea3ec06275e2588d1d879b410e2c8d2d9 https://github.com/phpmyadmin/phpmyadmin/commit/bf322fdea3ec06275e2588d1d87… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/ImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php M test/classes/plugin/transformations/Transformation_Plugins_test.php Log Message: ----------- Use _blank target instead of invalid _new Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 76b5dd2948bd114e2468afd375b3e9a6bbc30059 https://github.com/phpmyadmin/phpmyadmin/commit/76b5dd2948bd114e2468afd375b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/export/ExportMediawiki.class.php Log Message: ----------- Escape HTML in Mediawiki comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6e8a1c03d2fc31714ef35a0ea24277cf863b44a2 https://github.com/phpmyadmin/phpmyadmin/commit/6e8a1c03d2fc31714ef35a0ea24… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/tracking.lib.php Log Message: ----------- Ensure last version is numeric Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b758a9e36705932f0fe35b33a9faca354ed62a3a https://github.com/phpmyadmin/phpmyadmin/commit/b758a9e36705932f0fe35b33a9f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Hide session error messages to avoid FPD Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c976baa8f6606cf4f127bcd44bf8a2b79459c550 https://github.com/phpmyadmin/phpmyadmin/commit/c976baa8f6606cf4f127bcd44bf… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M import.php M libraries/File.class.php M libraries/file_listing.lib.php Log Message: ----------- Do not allow symlinks in UploadDir Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 698ef5155a1220d4d1392ebe37c21132115e32ce https://github.com/phpmyadmin/phpmyadmin/commit/698ef5155a1220d4d1392ebe37c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.class.php Log Message: ----------- Use phpseclib's Crypt module to generate encryption keys Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2cd97c646650e6554b9a519606dd213b78546b64 https://github.com/phpmyadmin/phpmyadmin/commit/2cd97c646650e6554b9a519606d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php M test/classes/plugin/transformations/Transformation_Plugins_test.php Log Message: ----------- Use iframe sandbox for rendering HTML in transformation Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: beaaaa9efd7f3e6e61aa038edfede98632599fe6 https://github.com/phpmyadmin/phpmyadmin/commit/beaaaa9efd7f3e6e61aa038edfe… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/VersionInformation.php M libraries/error_report.lib.php Log Message: ----------- Prefer curl over file_get_contents Curl is better in SSL certificate verification. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 10bdb0df4a73013112d146a0c046c903d1e2b3e3 https://github.com/phpmyadmin/phpmyadmin/commit/10bdb0df4a73013112d146a0c04… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/Validator.class.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/replication.inc.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php Log Message: ----------- Sanitize MySQL host name before connecting It can contain p: prefix which we don't want to honor. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2104fb66eb2b0194dabd96c0685b874db2de9af2 https://github.com/phpmyadmin/phpmyadmin/commit/2104fb66eb2b0194dabd96c0685… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/core.lib.php M libraries/tracking.lib.php A test/libraries/core/PMA_safeUnserialize_test.php Log Message: ----------- Validate serialized data before unserializing We need only strings, integers or arrays, so there is no need to unserialize strings containing any complex types. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b1801af0c118e4a47a54968c7e1236cd39c670af https://github.com/phpmyadmin/phpmyadmin/commit/b1801af0c118e4a47a54968c7e1… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/display_create_database.lib.php Log Message: ----------- Escape suggested database name Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5d427d65089af5106ae0e306379d99b6d3c51764 https://github.com/phpmyadmin/phpmyadmin/commit/5d427d65089af5106ae0e306379… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/db_designer.lib.php M libraries/plugins/schema/Export_Relation_Schema.class.php M libraries/pmd_common.php M libraries/relation.lib.php Log Message: ----------- Ensure page number is integer Even if somebody decides to change configuration storage structure. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b49dba4bdcb58a8717c42e351a6cce462efd2599 https://github.com/phpmyadmin/phpmyadmin/commit/b49dba4bdcb58a8717c42e351a6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/RecentFavoriteTable.class.php M libraries/Table.class.php Log Message: ----------- Correctly escape MySQL username in queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2582fa1018e19f2b58b541bbe466a20f2cbd88d4 https://github.com/phpmyadmin/phpmyadmin/commit/2582fa1018e19f2b58b541bbe46… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Validate image scaling dimensions Ensure we pass only integers and they are not too big. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5b7da187d0bfc3de3ff8a15767f88556363281d7 https://github.com/phpmyadmin/phpmyadmin/commit/5b7da187d0bfc3de3ff8a15767f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugin_interface.lib.php Log Message: ----------- Do not try to create non existing classes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4f8a16cc008ebf81a06eef0656d3f46f5380ffe9 https://github.com/phpmyadmin/phpmyadmin/commit/4f8a16cc008ebf81a06eef0656d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Properly handle newlines in SQL comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 566a6885e82aa54f25843664443b11ca45c106bc https://github.com/phpmyadmin/phpmyadmin/commit/566a6885e82aa54f25843664443… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Do not use empty MIME type This will turn on content sniffing in browser leading to unwanted results. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fb0e7ea4b4f795946f6b723dd8086594aed49d5e https://github.com/phpmyadmin/phpmyadmin/commit/fb0e7ea4b4f795946f6b723dd80… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Escape HTML markup in transformation wrapper ...in case content type is html. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 93a6913196e60d87772e795b1374fab894475f84 https://github.com/phpmyadmin/phpmyadmin/commit/93a6913196e60d87772e795b137… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/server_user_groups.lib.php Log Message: ----------- Add missing escaping in user group queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4062df92df1ef0f3c548807da3b6c7b63d2f74d6 https://github.com/phpmyadmin/phpmyadmin/commit/4062df92df1ef0f3c548807da3b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/RegexValidationTransformationsPlugin.class.php Log Message: ----------- Properly escape error input in the message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 1c62be26242489ca30357a8fe423b708c5659059 https://github.com/phpmyadmin/phpmyadmin/commit/1c62be26242489ca30357a8fe42… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/ImageUploadTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f6af4f32cd4112d774d823e236982a218569d13c https://github.com/phpmyadmin/phpmyadmin/commit/f6af4f32cd4112d774d823e2369… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5ea073c2a3b07e4d58dc4d9be3106526f1edf6c3 https://github.com/phpmyadmin/phpmyadmin/commit/5ea073c2a3b07e4d58dc4d9be31… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6f3cd526e3e6acd655899c6edccb92cdcb62a493 https://github.com/phpmyadmin/phpmyadmin/commit/6f3cd526e3e6acd655899c6edcc… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M js/tbl_relation.js Log Message: ----------- Properly escape foreign key selection Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b8c216c81910f77dffaae6dba49631324d9afbbc https://github.com/phpmyadmin/phpmyadmin/commit/b8c216c81910f77dffaae6dba49… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/TableSearch.class.php Log Message: ----------- HML encode embedded JSON data Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2ac1359292f8ae081a7f9565a70ecb6afbd1f78b https://github.com/phpmyadmin/phpmyadmin/commit/2ac1359292f8ae081a7f9565a70… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Fix exporting multiline comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3b885af874762abb1b0b28c7fa8ca3406115abfc https://github.com/phpmyadmin/phpmyadmin/commit/3b885af874762abb1b0b28c7fa8… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M test/classes/plugin/transformations/Transformation_Plugins_test.php Log Message: ----------- Fix tests for transformations Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 91336e1d5c556b5f4d6a6a8fa79ad12369fa5412 https://github.com/phpmyadmin/phpmyadmin/commit/91336e1d5c556b5f4d6a6a8fa79… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M test/classes/PMA_TableSearch_test.php Log Message: ----------- Fix test for table search Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 20db714269a65b4a6e893e9ae8b52be53cb378e7 https://github.com/phpmyadmin/phpmyadmin/commit/20db714269a65b4a6e893e9ae8b… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/navigation/Nodes/Node_Database.class.php Log Message: ----------- Add missing escaping in navigation pane Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: bf9ad3a8eb4e66892d394f7073af669d483d4e31 https://github.com/phpmyadmin/phpmyadmin/commit/bf9ad3a8eb4e66892d394f7073a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M ChangeLog M README M README.rst M changelog.php M config.sample.inc.php M doc/config.rst M doc/transformations.rst M index.php M libraries/Util.class.php M libraries/error_report.lib.php M libraries/plugins/export/ExportLatex.class.php M libraries/plugins/export/ExportSql.class.php M libraries/plugins/export/ExportXml.class.php M po/es.po M test/classes/PMA_Config_test.php M test/classes/PMA_Message_test.php M test/classes/config/PMA_FormDisplay_test.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php M test/classes/plugin/export/PMA_ExportXml_test.php M test/classes/plugin/transformations/Transformation_Plugins_test.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/PMA_sanitize_test.php M test/libraries/PMA_user_preferences_test.php M test/libraries/common/PMA_showDocu_test.php M test/test_data/exploit_test.sql M test/test_data/phpmyadmin_importXML_For_Testing.xml M test/test_data/pma_bookmark.sql Log Message: ----------- Use https to access phpmyadmin.net Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 88c72dc8dfc7033453cdc0f266b9c472e11db07c https://github.com/phpmyadmin/phpmyadmin/commit/88c72dc8dfc7033453cdc0f266b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Improve URL filtering in url.php Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e31ac0b6832a594a0344ddeb0b7d4516516454bf https://github.com/phpmyadmin/phpmyadmin/commit/e31ac0b6832a594a0344ddeb0b7… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php Log Message: ----------- Delete temporary file before reporting error Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f80a250873210f7c98b5dc5a7131adeaa057486e https://github.com/phpmyadmin/phpmyadmin/commit/f80a250873210f7c98b5dc5a713… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php M libraries/zip_extension.lib.php M test/libraries/PMA_zip_extension_test.php Log Message: ----------- Sanitize filename on SHP import Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 06a1677fef6e89ecad1df455f5af77a3457d3805 https://github.com/phpmyadmin/phpmyadmin/commit/06a1677fef6e89ecad1df455f5a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/navigation/NavigationTree.class.php M libraries/navigation/Nodes/Node.class.php Log Message: ----------- Properly escape NavigationTreeDbSeparator in queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5c9f25db4648fa81a2e0b7375a61495b60313394 https://github.com/phpmyadmin/phpmyadmin/commit/5c9f25db4648fa81a2e0b7375a6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M url.php Log Message: ----------- Send standard set of HTTP headers on redirect Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ec62a6d7d9fbbaf9ecf41477eaca7a52e0aade74 https://github.com/phpmyadmin/phpmyadmin/commit/ec62a6d7d9fbbaf9ecf41477eac… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst M index.php M libraries/config/ServerConfigChecks.class.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Backport cookie encryption from 4.6 branch - Use hash_hmac for MAC rather than plain SHA1 - Use different secret for MAC than encryption - Merge pmaServer and pmaPass cookies - Document 32 chars length for blowfish_secret Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d5570787a79ac1fe503bca6b340e860f7dcaf9d8 https://github.com/phpmyadmin/phpmyadmin/commit/d5570787a79ac1fe503bca6b340… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.class.php Log Message: ----------- Move return to correct place Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 1586714fe94098ea2bd7d4b57c9bd6e0b921322a https://github.com/phpmyadmin/phpmyadmin/commit/1586714fe94098ea2bd7d4b57c9… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.class.php Log Message: ----------- Revert "Move return to correct place" This reverts commit d5570787a79ac1fe503bca6b340e860f7dcaf9d8. Commit: 62ae47c0bc83ba53e4c200fba1fb832f765fb5f0 https://github.com/phpmyadmin/phpmyadmin/commit/62ae47c0bc83ba53e4c200fba1f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/create_addfield.lib.php M normalization.php M tbl_addfield.php Log Message: ----------- Limit maximal numver of fields to 4096 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a553a11764292dd96815ef60486cac93f55ed08b https://github.com/phpmyadmin/phpmyadmin/commit/a553a11764292dd96815ef60486… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M file_echo.php Log Message: ----------- Remove no longer used code It was used by old charts code to download charts. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d02d61ada7c8e29753fd37440b511a1088efb060 https://github.com/phpmyadmin/phpmyadmin/commit/d02d61ada7c8e29753fd37440b5… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M import.php M libraries/dbi/DBIMysql.class.php M libraries/dbi/DBIMysqli.class.php Log Message: ----------- Enable LOAD DATA LOCAL INFILE only when needed There is no need to have this feature allowed for normal SQL queries, it can lead to leaking sensitive files from the web server. It's enough to enable it only in LDI import plugin, where we control what queries are executed. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2cfe5137695df8c917a7d50fdbe3afbbd22c66da https://github.com/phpmyadmin/phpmyadmin/commit/2cfe5137695df8c917a7d50fdbe… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Adjust cookie tests to match current code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3ded2394686bbdbee13caa13c5f59e424712482d https://github.com/phpmyadmin/phpmyadmin/commit/3ded2394686bbdbee13caa13c5f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/gis/GIS_Geometry.class.php Log Message: ----------- Ensure GIS point coordinates are numeric Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 61591c4438ff1ab25c0d5a5fb3f0f363a627fe2c https://github.com/phpmyadmin/phpmyadmin/commit/61591c4438ff1ab25c0d5a5fb3f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php Log Message: ----------- Remove option to show phpinfo() ($cfg['ShowPhpInfo']) This is really more a PHP debugging feature than anything related to phpMyAdmin. If user wants to debug, it's as simple a creating file with one line of php code. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 0a3c6d3ddc1bdebf3d4cd12bae0f23c42b1b3915 https://github.com/phpmyadmin/phpmyadmin/commit/0a3c6d3ddc1bdebf3d4cd12bae0… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh Log Message: ----------- Move generator scripts out of the code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 0cbf74792ff0344389dd0be2d6eb226b9b2c23e4 https://github.com/phpmyadmin/phpmyadmin/commit/0cbf74792ff0344389dd0be2d6e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M user_password.php Log Message: ----------- Do not allow to set too long password We do not accept password longer than 256 chars, so do not accept it on password change as well. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c3f6c8e5c834bef2d6d0577fe7251969e423639c https://github.com/phpmyadmin/phpmyadmin/commit/c3f6c8e5c834bef2d6d0577fe72… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/DbSearch.class.php Log Message: ----------- Escape string when showing confirmation message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a1d29fabf8ee96b50f084887342d526bbf375c69 https://github.com/phpmyadmin/phpmyadmin/commit/a1d29fabf8ee96b50f084887342… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/Response.class.php Log Message: ----------- Do not try to wrap output in case response handling is disabled Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4ef7964f60d6e998ef5f656542e751158aa98a3f https://github.com/phpmyadmin/phpmyadmin/commit/4ef7964f60d6e998ef5f656542e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M js/functions.js M version_check.php Log Message: ----------- Add login and token validation to version_check Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4dcdf5fc845261bd3de136ca71818dc4b482ac1d https://github.com/phpmyadmin/phpmyadmin/commit/4dcdf5fc845261bd3de136ca718… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M libraries/replication.inc.php Log Message: ----------- Move hostname sanitization to correct place Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 39864227e7c33f9a6ef29890017e48164df54858 https://github.com/phpmyadmin/phpmyadmin/commit/39864227e7c33f9a6ef29890017… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php Log Message: ----------- Release 4.4.15.8 Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/d929c8962a04^...39864227e7…

1 0

[phpmyadmin/phpmyadmin] e46fdb: Sent CSP headers for phpinfo
by Isaac Bennetch 17 Aug '16

17 Aug '16

Branch: refs/tags/RELEASE_4_0_10_17 Home: https://github.com/phpmyadmin/phpmyadmin Commit: e46fdb8e5e5fab4df762d0af54e328f290f442a8 https://github.com/phpmyadmin/phpmyadmin/commit/e46fdb8e5e5fab4df762d0af54e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M phpinfo.php Log Message: ----------- Sent CSP headers for phpinfo Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c6cfb58834267c36169d045bc42ebbcacfa7f1c2 https://github.com/phpmyadmin/phpmyadmin/commit/c6cfb58834267c36169d045bc42… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/Util.class.php Log Message: ----------- Avoid possible path traversal using MySQL username Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 34a1cebf762af07ba80e9d3aa05ffcd20b4025c7 https://github.com/phpmyadmin/phpmyadmin/commit/34a1cebf762af07ba80e9d3aa05… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportPhparray.class.php Log Message: ----------- Generate valid PHP code even when table/database name contains PHP markup Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 59e0f3dee4b7cfe05375f8b0e90adb19e1af6377 https://github.com/phpmyadmin/phpmyadmin/commit/59e0f3dee4b7cfe05375f8b0e90… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportXml.class.php Log Message: ----------- Properly escape generated XML export Many fields could contain XML markup, so we need to ensure the generated XML is valid. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 95b7b7d6dd1402aba6a0d9ccc8683b7ef53602b4 https://github.com/phpmyadmin/phpmyadmin/commit/95b7b7d6dd1402aba6a0d9ccc86… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-08 (Fri, 08 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Improve cookie encryption - use MAC to validate content before decryption - create unique IV for every cookie Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: cf2e0afdb7b247a54192e85b298ec89adaecebca https://github.com/phpmyadmin/phpmyadmin/commit/cf2e0afdb7b247a54192e85b298… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-09 (Sat, 09 Jul 2016) Changed paths: M composer.json M doc/other.rst M index.php M libraries/config/FormDisplay.class.php M libraries/config/messages.inc.php M libraries/import.lib.php M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/gl.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/ko.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php Log Message: ----------- Use https for wiki links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a9005b20bcb81b1e2007ab69c6bd67a3679d56b3 https://github.com/phpmyadmin/phpmyadmin/commit/a9005b20bcb81b1e2007ab69c6b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M libraries/replication_gui.lib.php M server_status_variables.php Log Message: ----------- Properly escape MySQL status variables Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: eb2c702ab22e58cb6e719f6c8a0e0c9816e3e1a1 https://github.com/phpmyadmin/phpmyadmin/commit/eb2c702ab22e58cb6e719f6c8a0… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Add Secure and HttpOnly flags for session cookie setup in examples Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: 4440790902618c98f81f23a28747ccc117bfe53b https://github.com/phpmyadmin/phpmyadmin/commit/4440790902618c98f81f23a2874… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Make proxy IP parsing aware of multiple proxies Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ec2bd5d84c4583a38f0086bac207e88f27d77749 https://github.com/phpmyadmin/phpmyadmin/commit/ec2bd5d84c4583a38f0086bac20… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst R examples/swekey.sample.conf M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/plugins/auth/AuthenticationCookie.class.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php Log Message: ----------- Remove Swekey support It is buggy and their servers are no longer working. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ee6557a689a73b21449ba3ad29c7317aeb06011e https://github.com/phpmyadmin/phpmyadmin/commit/ee6557a689a73b21449ba3ad29c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Remove debugging code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: dc2518974124b98a57107e9486084df76a655227 https://github.com/phpmyadmin/phpmyadmin/commit/dc2518974124b98a57107e94860… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Fix syntax error in older PHP versions Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6cbbcdb719829075aaa2d5a91828831dbf1d74e1 https://github.com/phpmyadmin/phpmyadmin/commit/6cbbcdb719829075aaa2d5a9182… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/replication_gui.lib.php Log Message: ----------- Fix XSS in server_replication.php Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: a416cbe6c7dd14b843f4ceed6d17be112ad4aad6 https://github.com/phpmyadmin/phpmyadmin/commit/a416cbe6c7dd14b843f4ceed6d1… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php Log Message: ----------- Use whitelist rather than blacklist for URL filtering Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 63a5fdaa21ed2f755b164376aeb661425e8a1ba7 https://github.com/phpmyadmin/phpmyadmin/commit/63a5fdaa21ed2f755b164376aeb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M changelog.php M index.php M libraries/display_git_revision.lib.php M libraries/engines/pbxt.lib.php M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/sanitizing.lib.php M themes.php Log Message: ----------- Add rel="noopener noreferrer" to all target="_blank" links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 0a4cdc25f1b30db18186726d9122e68b4cba120a https://github.com/phpmyadmin/phpmyadmin/commit/0a4cdc25f1b30db18186726d912… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php Log Message: ----------- Use _blank target instead of invalid _new Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e9a4de70a769312d3dce61b69f65015cdd2c4681 https://github.com/phpmyadmin/phpmyadmin/commit/e9a4de70a769312d3dce61b69f6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/export/ExportMediawiki.class.php Log Message: ----------- Escape HTML in Mediawiki comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 41684ff1a1fe2380c93fc3a0bf2d68ceb81b55e5 https://github.com/phpmyadmin/phpmyadmin/commit/41684ff1a1fe2380c93fc3a0bf2… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Hide session error messages to avoid FPD Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ab05803a4257c12ee75c3cf1cbc941b3ab1dcf7e https://github.com/phpmyadmin/phpmyadmin/commit/ab05803a4257c12ee75c3cf1cbc… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M import.php M libraries/File.class.php M libraries/file_listing.lib.php Log Message: ----------- Do not allow symlinks in UploadDir Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c8297b4718d46f1d78ec7405cdbeb3b3f937001f https://github.com/phpmyadmin/phpmyadmin/commit/c8297b4718d46f1d78ec7405cdb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php M setup/lib/index.lib.php Log Message: ----------- Use phpseclib's Crypt module to generate encryption keys Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 14fd2758114040d4aa2d49c50f425f1e5a046a7f https://github.com/phpmyadmin/phpmyadmin/commit/14fd2758114040d4aa2d49c50f4… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php Log Message: ----------- Use iframe sandbox for rendering HTML in transformation Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bdc7436c7796c7500a53d84bf44c6e24bf96fa74 https://github.com/phpmyadmin/phpmyadmin/commit/bdc7436c7796c7500a53d84bf44… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M version_check.php Log Message: ----------- Prefer curl over file_get_contents Curl is better in SSL certificate verification. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8e0918cc410fea4bb58a26caa0bb07b65c8da77c https://github.com/phpmyadmin/phpmyadmin/commit/8e0918cc410fea4bb58a26caa0b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/validate.lib.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/replication.inc.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php Log Message: ----------- Sanitize MySQL host name before connecting It can contain p: prefix which we don't want to honor. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 80c93025a7523da0fd7ba25c11d10adbe425d439 https://github.com/phpmyadmin/phpmyadmin/commit/80c93025a7523da0fd7ba25c11d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/core.lib.php M tbl_tracking.php A test/libraries/core/PMA_safeUnserialize_test.php Log Message: ----------- Validate serialized data before unserializing We need only strings, integers or arrays, so there is no need to unserialize strings containing any complex types. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a3953f88ef5ab287718bf73c454733947ce52128 https://github.com/phpmyadmin/phpmyadmin/commit/a3953f88ef5ab287718bf73c454… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/display_create_database.lib.php Log Message: ----------- Escape suggested database name Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fec9b98a22afd6e484e584c71990cc1325e96f2c https://github.com/phpmyadmin/phpmyadmin/commit/fec9b98a22afd6e484e584c7199… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/schema/Export_Relation_Schema.class.php M libraries/schema/User_Schema.class.php M pmd_pdf.php Log Message: ----------- Ensure page number is integer Even if somebody decides to change configuration storage structure. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8ac57b1281250cbf3f0eee3db23fed281ad2ba3d https://github.com/phpmyadmin/phpmyadmin/commit/8ac57b1281250cbf3f0eee3db23… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/RecentTable.class.php M libraries/Table.class.php Log Message: ----------- Correctly escape MySQL username in queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ff88cdbed224273b65e3df3a584c16e8b893cbbf https://github.com/phpmyadmin/phpmyadmin/commit/ff88cdbed224273b65e3df3a584… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Validate image scaling dimensions Ensure we pass only integers and they are not too big. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 7f7a8ac4678d8488759ee68ff751f45821546dd3 https://github.com/phpmyadmin/phpmyadmin/commit/7f7a8ac4678d8488759ee68ff75… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugin_interface.lib.php Log Message: ----------- Do not try to create non existing classes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 56e13501184d1354b84b63dce7c00deae5066e9b https://github.com/phpmyadmin/phpmyadmin/commit/56e13501184d1354b84b63dce7c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Properly handle newlines in SQL comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8f3ee9f9dbcbaddebcdd95f4cbd7c7ea00ab17da https://github.com/phpmyadmin/phpmyadmin/commit/8f3ee9f9dbcbaddebcdd95f4cbd… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Do not use empty MIME type This will turn on content sniffing in browser leading to unwanted results. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 09a427b288cbbd1508a055a5594f906c22a60dec https://github.com/phpmyadmin/phpmyadmin/commit/09a427b288cbbd1508a055a5594… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Escape HTML markup in transformation wrapper ...in case content type is html. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 31546255f3ba8c8f2fc1e001aabff2da4054d293 https://github.com/phpmyadmin/phpmyadmin/commit/31546255f3ba8c8f2fc1e001aab… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 04156efeb02ade052e46e09c93c74b95e2da9175 https://github.com/phpmyadmin/phpmyadmin/commit/04156efeb02ade052e46e09c93c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 0f87b73ae203d79f74765c97f637a51b87205515 https://github.com/phpmyadmin/phpmyadmin/commit/0f87b73ae203d79f74765c97f63… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/TableSearch.class.php Log Message: ----------- HML encode embedded JSON data Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ab26a8fe97be18f854c12ffda704f253c7706dfd https://github.com/phpmyadmin/phpmyadmin/commit/ab26a8fe97be18f854c12ffda70… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Fix exporting multiline comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 714818f3ad21aa44ed2017ede8009cbc30d4816d https://github.com/phpmyadmin/phpmyadmin/commit/714818f3ad21aa44ed2017ede80… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M ChangeLog M README M README.rst M changelog.php M composer.json M config.sample.inc.php M doc/developers.rst M doc/faq.rst M doc/intro.rst M doc/other.rst M doc/transformations.rst M index.php M libraries/Util.class.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/plugins/export/ExportLatex.class.php M libraries/plugins/export/ExportSql.class.php M libraries/plugins/export/ExportXml.class.php M po/es.po M test/classes/PMA_Message_test.php M test/libraries/PMA_sanitize_test.php M test/libraries/common/PMA_showDocu_test.php M test/test_data/exploit_test.sql M themes.php M version_check.php Log Message: ----------- Use https to access phpmyadmin.net Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e8c5cab3c117e68a0d837319e0e83bdfc50be1fb https://github.com/phpmyadmin/phpmyadmin/commit/e8c5cab3c117e68a0d837319e0e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Improve URL filtering in url.php Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6f8eb0993d1a37f14608b90e433791b723c51085 https://github.com/phpmyadmin/phpmyadmin/commit/6f8eb0993d1a37f14608b90e433… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php Log Message: ----------- Delete temporary file before reporting error Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 378c3820bf1a3c184640cd8bbe95a3b1f30ff747 https://github.com/phpmyadmin/phpmyadmin/commit/378c3820bf1a3c184640cd8bbe9… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php M libraries/zip_extension.lib.php M test/libraries/PMA_zip_extension_test.php Log Message: ----------- Sanitize filename on SHP import Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 85e1d6ec808634834927ef33e1bc77f617a67ca1 https://github.com/phpmyadmin/phpmyadmin/commit/85e1d6ec808634834927ef33e1b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/OutputBuffering.class.php M url.php Log Message: ----------- Send standard set of HTTP headers on redirect Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ae8693db68581d4d0d3a25e317f4ca7cf55b128f https://github.com/phpmyadmin/phpmyadmin/commit/ae8693db68581d4d0d3a25e317f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst M index.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M setup/lib/index.lib.php Log Message: ----------- Backport cookie encryption from 4.6 branch - Use hash_hmac for MAC rather than plain SHA1 - Use different secret for MAC than encryption - Merge pmaServer and pmaPass cookies - Document 32 chars length for blowfish_secret Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5a28b63f9c3f96e0510740625cade52ea32dc392 https://github.com/phpmyadmin/phpmyadmin/commit/5a28b63f9c3f96e0510740625ca… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M tbl_addfield.php M tbl_create.php Log Message: ----------- Limit maximal numver of fields to 4096 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f261abbdf9fa7f96e30e8e040866a326f5e9b95d https://github.com/phpmyadmin/phpmyadmin/commit/f261abbdf9fa7f96e30e8e04086… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M file_echo.php Log Message: ----------- Remove no longer used code It was used by old charts code to download charts. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d03954bf9ca3b1cc4037214e7983617732282872 https://github.com/phpmyadmin/phpmyadmin/commit/d03954bf9ca3b1cc4037214e798… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M import.php M libraries/dbi/mysql.dbi.lib.php M libraries/dbi/mysqli.dbi.lib.php Log Message: ----------- Enable LOAD DATA LOCAL INFILE only when needed There is no need to have this feature allowed for normal SQL queries, it can lead to leaking sensitive files from the web server. It's enough to enable it only in LDI import plugin, where we control what queries are executed. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4d15f6b131a7ffc107714d9503f8a93e4c7461af https://github.com/phpmyadmin/phpmyadmin/commit/4d15f6b131a7ffc107714d9503f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Fix random invocation Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ac703223e97398d1d3ad902afd036e303dc3de9b https://github.com/phpmyadmin/phpmyadmin/commit/ac703223e97398d1d3ad902afd0… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/gis/pma_gis_geometry.php Log Message: ----------- Ensure GIS point coordinates are numeric Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: eec14404a738b1259ee7dfc4fbdf17b47e497f1d https://github.com/phpmyadmin/phpmyadmin/commit/eec14404a738b1259ee7dfc4fbd… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php Log Message: ----------- Remove option to show phpinfo() ($cfg['ShowPhpInfo']) This is really more a PHP debugging feature than anything related to phpMyAdmin. If user wants to debug, it's as simple a creating file with one line of php code. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 47d00af08a90c5aa47c23f5eaa7b31818bffe9d6 https://github.com/phpmyadmin/phpmyadmin/commit/47d00af08a90c5aa47c23f5eaa7… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh Log Message: ----------- Move generator scripts out of the code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 262aa8ec73641a9cba264711575c04424757d655 https://github.com/phpmyadmin/phpmyadmin/commit/262aa8ec73641a9cba264711575… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M user_password.php Log Message: ----------- Fix password change with cookie auth Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b0e66715ba77d2171458c2a0ef5e2673e9f7ff76 https://github.com/phpmyadmin/phpmyadmin/commit/b0e66715ba77d2171458c2a0ef5… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M user_password.php Log Message: ----------- Do not allow to set too long password We do not accept password longer than 256 chars, so do not accept it on password change as well. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 126321da378cf14165f845309446be410470229b https://github.com/phpmyadmin/phpmyadmin/commit/126321da378cf14165f84530944… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/DbSearch.class.php Log Message: ----------- Escape string when showing confirmation message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 533ffa49427c2c5e9a1a7a332df54a8b7f7e57f5 https://github.com/phpmyadmin/phpmyadmin/commit/533ffa49427c2c5e9a1a7a332df… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M js/functions.js M version_check.php Log Message: ----------- Add login and token validation to version_check Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2922cb7c70300e76cbaa7509c007f48615ac879d https://github.com/phpmyadmin/phpmyadmin/commit/2922cb7c70300e76cbaa7509c00… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/Response.class.php Log Message: ----------- Do not try to wrap output in case response handling is disabled Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 12db0baeaee530007fe7b1915faf3e9867356f7b https://github.com/phpmyadmin/phpmyadmin/commit/12db0baeaee530007fe7b1915fa… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M libraries/replication.inc.php Log Message: ----------- Move hostname sanitization to correct place Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5ba96c8804d9dd18ad380e9c5cb713201ab3cb89 https://github.com/phpmyadmin/phpmyadmin/commit/5ba96c8804d9dd18ad380e9c5cb… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php Log Message: ----------- Release 4.0.10.17 Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/e46fdb8e5e5f^...5ba96c8804…

1 0

[phpmyadmin/phpmyadmin]
by ibennetch 17 Aug '16

17 Aug '16

Branch: refs/tags/RELEASE_4_6_4 Home: https://github.com/phpmyadmin/phpmyadmin

1 0

[phpmyadmin/phpmyadmin] 58534c: Prepare for 4.6.4-dev
by Isaac Bennetch 17 Aug '16

17 Aug '16

Branch: refs/heads/STABLE Home: https://github.com/phpmyadmin/phpmyadmin Commit: 58534ce2fc4f964c78dfe83ff5f21e05793c3a4f https://github.com/phpmyadmin/phpmyadmin/commit/58534ce2fc4f964c78dfe83ff5f… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-06-23 (Thu, 23 Jun 2016) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.php Log Message: ----------- Prepare for 4.6.4-dev Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: cfb38bbcbfd352bb20805b53234609f67bbbe45a https://github.com/phpmyadmin/phpmyadmin/commit/cfb38bbcbfd352bb20805b53234… Author: Peter Chen <petercpg(a)gmail.com> Date: 2016-06-24 (Fri, 24 Jun 2016) Changed paths: M po/zh_TW.po Log Message: ----------- Translated using Weblate (Chinese (Taiwan)) Currently translated at 100.0% (3209 of 3209 strings) [CI skip] Commit: 52a01c4bfb576ef0b1fd2137cd4afbd253933404 https://github.com/phpmyadmin/phpmyadmin/commit/52a01c4bfb576ef0b1fd2137cd4… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-24 (Fri, 24 Jun 2016) Changed paths: M libraries/config/FormDisplay.php Log Message: ----------- Fix type conversion for numeric values Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f2042085409550bea9fc01fb20b4d0f782287c5c https://github.com/phpmyadmin/phpmyadmin/commit/f2042085409550bea9fc01fb20b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-24 (Fri, 24 Jun 2016) Changed paths: M libraries/controllers/table/TableSearchController.php M templates/database/designer/database_tables.phtml Log Message: ----------- Move count() call outside loop Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 9f3823a6bc986e911b52b41338881ff35dccc37c https://github.com/phpmyadmin/phpmyadmin/commit/9f3823a6bc986e911b52b413388… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M phpinfo.php Log Message: ----------- Sent CSP headers for phpinfo Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4183bab696c68ef8ee5cb2d58cb8fb2795b0e802 https://github.com/phpmyadmin/phpmyadmin/commit/4183bab696c68ef8ee5cb2d58cb… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M changelog.php Log Message: ----------- Send CSP headers on changelog Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5491d67fb545ef9878b59e05a10f814f7a92a7ad https://github.com/phpmyadmin/phpmyadmin/commit/5491d67fb545ef9878b59e05a10… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/Util.php Log Message: ----------- Avoid possible path traversal using MySQL username Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a82835cf09c20b381b9c8a7bfe337a11ab904ab2 https://github.com/phpmyadmin/phpmyadmin/commit/a82835cf09c20b381b9c8a7bfe3… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportPhparray.php Log Message: ----------- Generate valid PHP code even when table/database name contains PHP markup Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2b5915ce7b061df005373b3ebf5affe7345ef141 https://github.com/phpmyadmin/phpmyadmin/commit/2b5915ce7b061df005373b3ebf5… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportPhparray.php Log Message: ----------- Use phpMyAdmin version in PHP export header Using fixed 0.2b really makes no sense. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 99d7407aa2817cd9852bf7f4ed03a28d8aac293e https://github.com/phpmyadmin/phpmyadmin/commit/99d7407aa2817cd9852bf7f4ed0… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M test/classes/plugin/export/ExportPhparrayTest.php Log Message: ----------- Fix PHP export tests Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bd2080c40aa05b883109fbf9739ffb4c674af698 https://github.com/phpmyadmin/phpmyadmin/commit/bd2080c40aa05b883109fbf9739… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M test/classes/plugin/export/ExportXmlTest.php Log Message: ----------- Adjust test to not use HTML escaping layer Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 7de139b90ca6926d9ec06c2684ef8877a01b5ed7 https://github.com/phpmyadmin/phpmyadmin/commit/7de139b90ca6926d9ec06c2684e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportXml.php M test/classes/plugin/export/ExportXmlTest.php Log Message: ----------- Properly escape generated XML export Many fields could contain XML markup, so we need to ensure the generated XML is valid. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 997a7bb793bd64bff9cc377e82b752cf1943a30d https://github.com/phpmyadmin/phpmyadmin/commit/997a7bb793bd64bff9cc377e82b… Author: Kyeong Su Shin <cdac1234(a)gmail.com> Date: 2016-07-01 (Fri, 01 Jul 2016) Changed paths: M po/ko.po Log Message: ----------- Translated using Weblate (Korean) Currently translated at 78.1% (2508 of 3209 strings) [CI skip] Commit: c7fc778fadc0b9e5da4d38352d993f3f5e14155a https://github.com/phpmyadmin/phpmyadmin/commit/c7fc778fadc0b9e5da4d38352d9… Author: Bartosz Pazoła <mmmalfc(a)gmail.com> Date: 2016-07-02 (Sat, 02 Jul 2016) Changed paths: M po/pl.po Log Message: ----------- Translated using Weblate (Polish) Currently translated at 82.6% (2652 of 3209 strings) [CI skip] Commit: a879cd8b77970a4e976c8759ae520fae1bf54761 https://github.com/phpmyadmin/phpmyadmin/commit/a879cd8b77970a4e976c8759ae5… Author: Arben Çokaj <acokaj(a)shkoder.net> Date: 2016-07-03 (Sun, 03 Jul 2016) Changed paths: M po/sq.po Log Message: ----------- Translated using Weblate (Albanian) Currently translated at 100.0% (3209 of 3209 strings) [CI skip] Commit: 68f10806ceb6ba7ae59d0e1d113b5e5851ef2b3b https://github.com/phpmyadmin/phpmyadmin/commit/68f10806ceb6ba7ae59d0e1d113… Author: Franco <fulanodetal.github1(a)openaliasbox.org> Date: 2016-07-05 (Tue, 05 Jul 2016) Changed paths: M po/es.po Log Message: ----------- Translated using Weblate (Spanish) Currently translated at 99.6% (3198 of 3209 strings) [CI skip] Commit: a97be3a604cb9a56074b76905792479251e744a7 https://github.com/phpmyadmin/phpmyadmin/commit/a97be3a604cb9a56074b7690579… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-08 (Fri, 08 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Improve cookie encryption - use MAC to validate content before decryption - create unique IV for every cookie Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c0b2d56ac0a94c371004f25a5ae3d0ec247516f5 https://github.com/phpmyadmin/phpmyadmin/commit/c0b2d56ac0a94c371004f25a5ae… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-09 (Sat, 09 Jul 2016) Changed paths: M doc/other.rst M js/tbl_structure.js M libraries/import.lib.php M libraries/plugins/import/README M po/az.po M po/bg.po M po/bn.po M po/ca.po M po/cs.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/es.po M po/et.po M po/fi.po M po/fr.po M po/gl.po M po/hi.po M po/hu.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ko.po M po/lt.po M po/nb.po M po/nl.po M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sv.po M po/th.po M po/tr.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php Log Message: ----------- Use https for wiki links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 394f77dc70be4e48c69e58269da22bcca4b17058 https://github.com/phpmyadmin/phpmyadmin/commit/394f77dc70be4e48c69e58269da… Author: Phongphan A Bunlom <phongphan117(a)hotmail.co.th> Date: 2016-07-09 (Sat, 09 Jul 2016) Changed paths: M po/th.po Log Message: ----------- Translated using Weblate (Thai) Currently translated at 30.7% (986 of 3209 strings) [CI skip] Commit: 1ed4007689ebbb6b6a08a242025382d0f8d347b1 https://github.com/phpmyadmin/phpmyadmin/commit/1ed4007689ebbb6b6a08a242025… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M libraries/replication_gui.lib.php M libraries/server_status_variables.lib.php Log Message: ----------- Properly escape MySQL status variables Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c4a595357f8393915f8a2258f8997b5d1ba6f1f0 https://github.com/phpmyadmin/phpmyadmin/commit/c4a595357f8393915f8a2258f89… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Add Secure and HttpOnly flags for session cookie setup in examples Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: 6aacd7dcfef8a04898393009dea11ddd07a3891d https://github.com/phpmyadmin/phpmyadmin/commit/6aacd7dcfef8a04898393009dea… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php M test/libraries/PMA_ip_allow_deny_test.php Log Message: ----------- Make proxy IP parsing aware of multiple proxies Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fc6ef261eb4469f764d1e305a4ac617d26ca1864 https://github.com/phpmyadmin/phpmyadmin/commit/fc6ef261eb4469f764d1e305a4a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M .scrutinizer.yml M build.xml M config.sample.inc.php M doc/config.rst M doc/setup.rst R examples/swekey.sample.conf M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/plugins/auth/AuthenticationCookie.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php M phpunit.xml.dist M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Remove Swekey support It is buggy and their servers are no longer working. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: de3181277e747a94fb0b0213f3d11576458b72cd https://github.com/phpmyadmin/phpmyadmin/commit/de3181277e747a94fb0b0213f3d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/Error.php Log Message: ----------- Include only relative path in backtrace Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 660e3a177f4933018c94ba1270a61b2437aa1163 https://github.com/phpmyadmin/phpmyadmin/commit/660e3a177f4933018c94ba1270a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Remove debugging code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 64b1f13200e021f6d6ef5c619f8179d003cba517 https://github.com/phpmyadmin/phpmyadmin/commit/64b1f13200e021f6d6ef5c619f8… Author: Saulo Castro <saulocastrolp(a)gmail.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M po/pt_BR.po Log Message: ----------- Translated using Weblate (Portuguese (Brazil)) Currently translated at 93.3% (2997 of 3209 strings) [CI skip] Commit: cc7d01daa7fe3c525718c7ef19f82d13e51cc080 https://github.com/phpmyadmin/phpmyadmin/commit/cc7d01daa7fe3c525718c7ef19f… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M templates/table/gis_visualization/gis_visualization.phtml Log Message: ----------- Fix XSS in tbl_gis_visualization.php Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: cbba4f4fdb18ad071e3d515a0e96067939d3352b https://github.com/phpmyadmin/phpmyadmin/commit/cbba4f4fdb18ad071e3d515a0e9… Author: Madhura Jayaratne <madhura.cj(a)gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/replication_gui.lib.php Log Message: ----------- Fix XSS in server_replication.php Signed-off-by: Madhura Jayaratne <madhura.cj(a)gmail.com> Commit: f28925adb010b9bcd9fe54597bdddeee2290df6f https://github.com/phpmyadmin/phpmyadmin/commit/f28925adb010b9bcd9fe54597bd… Author: José Camilo Fernandes Coelho <camilocoelho93(a)gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M po/pt.po Log Message: ----------- Translated using Weblate (Portuguese) Currently translated at 53.9% (1731 of 3209 strings) [CI skip] Commit: b8b1bdd77e1954f13995decef5aa9b22b74c0388 https://github.com/phpmyadmin/phpmyadmin/commit/b8b1bdd77e1954f13995decef5a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M ChangeLog M libraries/Header.php Log Message: ----------- Include X-Robots-Tag header in responses Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5873af7d75b123b9aa0d137cba2bb209e2bdd21f https://github.com/phpmyadmin/phpmyadmin/commit/5873af7d75b123b9aa0d137cba2… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M ChangeLog M libraries/Header.php M po/es.po M po/ko.po M po/pl.po M po/pt.po M po/pt_BR.po M po/sq.po M po/th.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 0bf21ebf720a552c8e727a6cca1c653e20c3160a https://github.com/phpmyadmin/phpmyadmin/commit/0bf21ebf720a552c8e727a6cca1… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php Log Message: ----------- Use whitelist rather than blacklist for URL filtering Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8b5cafc9f3d199d419d8f0e0ce9f3b5bb51d5d2b https://github.com/phpmyadmin/phpmyadmin/commit/8b5cafc9f3d199d419d8f0e0ce9… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M po/sq.po Log Message: ----------- Fix wrong merge resolution Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c0450b29157d180014ab719c0e870f44cb79ca02 https://github.com/phpmyadmin/phpmyadmin/commit/c0450b29157d180014ab719c0e8… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M .travis.yml Log Message: ----------- Remove allowed failures test from maintenance branch Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2090eb57aaada8a2fc1c6e34ceaae657ef2ec404 https://github.com/phpmyadmin/phpmyadmin/commit/2090eb57aaada8a2fc1c6e34cea… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M .travis.yml Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 3c06eede3fda803fb2b931598e26d61563a4502b https://github.com/phpmyadmin/phpmyadmin/commit/3c06eede3fda803fb2b931598e2… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M changelog.php M libraries/display_git_revision.lib.php M libraries/engines/Pbxt.php M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/sanitizing.lib.php M templates/list/item.phtml M themes.php Log Message: ----------- Add rel="noopener noreferrer" to all target="_blank" links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3b0115a32159608a930e03a4d3a8830cb3520c54 https://github.com/phpmyadmin/phpmyadmin/commit/3b0115a32159608a930e03a4d3a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M test/classes/DisplayResultsTest.php M test/classes/engines/PbxtTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php Log Message: ----------- Adjust tests to recent changes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2ea0b722d7cb7affbfa3f02c9442f0b6f0833306 https://github.com/phpmyadmin/phpmyadmin/commit/2ea0b722d7cb7affbfa3f02c944… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/ImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php M test/classes/plugin/transformations/TransformationPluginsTest.php Log Message: ----------- Use _blank target instead of invalid _new Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 6da13e2a1cbcd204617ab140ab70e08258473e33 https://github.com/phpmyadmin/phpmyadmin/commit/6da13e2a1cbcd204617ab140ab7… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/export/ExportMediawiki.php Log Message: ----------- Escape HTML in Mediawiki comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 78bed3c4441bc8ea1b4bf380eb51d100e39841ca https://github.com/phpmyadmin/phpmyadmin/commit/78bed3c4441bc8ea1b4bf380eb5… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/tracking.lib.php Log Message: ----------- Ensure last version is numeric Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8095b837faec8508201e500b7c7ff25fe2269fbf https://github.com/phpmyadmin/phpmyadmin/commit/8095b837faec8508201e500b7c7… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Hide session error messages to avoid FPD Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 0d57c09bd582f6f138bb4583374a83b673520fa7 https://github.com/phpmyadmin/phpmyadmin/commit/0d57c09bd582f6f138bb4583374… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M import.php M libraries/File.php M libraries/file_listing.lib.php Log Message: ----------- Do not allow symlinks in UploadDir Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2f79bacefab46fc43cedd70917c50800caaa417a https://github.com/phpmyadmin/phpmyadmin/commit/2f79bacefab46fc43cedd70917c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.php Log Message: ----------- Use phpseclib's Crypt module to generate encryption keys Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2ef4fe3d842f25e1ad0551e7ca4781b5fc7a4e59 https://github.com/phpmyadmin/phpmyadmin/commit/2ef4fe3d842f25e1ad0551e7ca4… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/FormattedTransformationsPlugin.php M test/classes/plugin/transformations/TransformationPluginsTest.php Log Message: ----------- Use iframe sandbox for rendering HTML in transformation Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e749214b1681ce6af31df169f57b0c23d2a40232 https://github.com/phpmyadmin/phpmyadmin/commit/e749214b1681ce6af31df169f57… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/VersionInformation.php M libraries/error_report.lib.php Log Message: ----------- Prefer curl over file_get_contents Curl is better in SSL certificate verification. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 767195e197e1b75609875330602aa203782e8671 https://github.com/phpmyadmin/phpmyadmin/commit/767195e197e1b75609875330602… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/Validator.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.php M libraries/replication.inc.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php Log Message: ----------- Sanitize MySQL host name before connecting It can contain p: prefix which we don't want to honor. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ba072e42dc15123bdd61185ccce85e384ca452b6 https://github.com/phpmyadmin/phpmyadmin/commit/ba072e42dc15123bdd61185ccce… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/core.lib.php M libraries/tracking.lib.php A test/libraries/core/PMA_safeUnserialize_test.php Log Message: ----------- Validate serialized data before unserializing We need only strings, integers or arrays, so there is no need to unserialize strings containing any complex types. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bde4ef735b0620f8b11deb21f29a79d9942a98ce https://github.com/phpmyadmin/phpmyadmin/commit/bde4ef735b0620f8b11deb21f29… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M templates/server/databases/create.phtml Log Message: ----------- Escape suggested database name Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 80b03a4f1629957c4b3f22288147e5ed8495856b https://github.com/phpmyadmin/phpmyadmin/commit/80b03a4f1629957c4b3f2228814… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/db_designer.lib.php M libraries/plugins/export/ExportSql.php M libraries/plugins/schema/ExportRelationSchema.php M libraries/pmd_common.php M libraries/relation.lib.php Log Message: ----------- Ensure page number is integer Even if somebody decides to change configuration storage structure. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 7ef96c5cdc2adc16f4d8530ad90c76715825d471 https://github.com/phpmyadmin/phpmyadmin/commit/7ef96c5cdc2adc16f4d8530ad90… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/RecentFavoriteTable.php M libraries/Table.php Log Message: ----------- Correctly escape MySQL username in queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 1290f9895bbcda839d0ae0b150114b9d43ab33f7 https://github.com/phpmyadmin/phpmyadmin/commit/1290f9895bbcda839d0ae0b1501… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M po/ko.po Log Message: ----------- Fix merge error in po file Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 551031da09f461a8cef3f6e5883bd0baf1a872dc https://github.com/phpmyadmin/phpmyadmin/commit/551031da09f461a8cef3f6e5883… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Validate image scaling dimensions Ensure we pass only integers and they are not too big. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ceeef537488b348a9ec4c485159e7f097f71bea5 https://github.com/phpmyadmin/phpmyadmin/commit/ceeef537488b348a9ec4c485159… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/display_export.lib.php Log Message: ----------- Add missing escaping to the export type Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: dd732134f27abc6fc41d4ec52a9e02914ca8fdf6 https://github.com/phpmyadmin/phpmyadmin/commit/dd732134f27abc6fc41d4ec52a9… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugin_interface.lib.php Log Message: ----------- Do not try to create non existing classes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: dc52930bbab226ce7b7555c3f8714b3fd31d0499 https://github.com/phpmyadmin/phpmyadmin/commit/dc52930bbab226ce7b7555c3f87… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.php Log Message: ----------- Properly handle newlines in SQL comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 7e510e8e92b33493aded0086c0b87d8ed7bdec78 https://github.com/phpmyadmin/phpmyadmin/commit/7e510e8e92b33493aded0086c0b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M templates/table/structure/display_structure.phtml Log Message: ----------- Properly escape partition removal query Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 9e3492730ebf6d60dafd0283f605c6ad09f8271a https://github.com/phpmyadmin/phpmyadmin/commit/9e3492730ebf6d60dafd0283f60… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Do not use empty MIME type This will turn on content sniffing in browser leading to unwanted results. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c3a3531b61bb0c886d4d6838356c32f655a1123c https://github.com/phpmyadmin/phpmyadmin/commit/c3a3531b61bb0c886d4d6838356… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Escape HTML markup in transformation wrapper ...in case content type is html. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 9f11a0e81198ef39664453de8531f9d627819c9e https://github.com/phpmyadmin/phpmyadmin/commit/9f11a0e81198ef39664453de853… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/server_user_groups.lib.php Log Message: ----------- Add missing escaping in user group queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: cc6853538cec697b67e03fbfef2e5f2c7ebc481f https://github.com/phpmyadmin/phpmyadmin/commit/cc6853538cec697b67e03fbfef2… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/RegexValidationTransformationsPlugin.php Log Message: ----------- Properly escape error input in the message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c3310536b2896a12dab3e0f7715c7e693221de25 https://github.com/phpmyadmin/phpmyadmin/commit/c3310536b2896a12dab3e0f7715… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/ImageUploadTransformationsPlugin.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: dc899d8e7584b6bfb104d66668527e9609a80b36 https://github.com/phpmyadmin/phpmyadmin/commit/dc899d8e7584b6bfb104d666685… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e4be768781a6c17ece9d2d3f34f9aa0f3e2e1056 https://github.com/phpmyadmin/phpmyadmin/commit/e4be768781a6c17ece9d2d3f34f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 987cce0bcf2f0ba9b705638343872f56283a0508 https://github.com/phpmyadmin/phpmyadmin/commit/987cce0bcf2f0ba9b7056383438… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M js/tbl_relation.js Log Message: ----------- Properly escape foreign key selection Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 42c868b69171f7c6095a55ab3998481cb1674d2c https://github.com/phpmyadmin/phpmyadmin/commit/42c868b69171f7c6095a55ab399… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M templates/table/search/zoom_result_form.phtml Log Message: ----------- HML encode embedded JSON data Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: af8385dc878523a5aa648423b6f33c4f936de95b https://github.com/phpmyadmin/phpmyadmin/commit/af8385dc878523a5aa648423b6f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M test/classes/plugin/transformations/TransformationPluginsTest.php Log Message: ----------- Fix tests for transformations Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 205694982bf5f9a9d2bda80255fef22166dbd4a9 https://github.com/phpmyadmin/phpmyadmin/commit/205694982bf5f9a9d2bda80255f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.php Log Message: ----------- Fix exporting multiline comments Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 306c148098c105aa403a01620c79c56cd1f347c6 https://github.com/phpmyadmin/phpmyadmin/commit/306c148098c105aa403a01620c7… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/navigation/nodes/NodeDatabase.php Log Message: ----------- Add missing escaping in navigation pane Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: 0f1d629043d5e8a68856e55483b00c9aedc2a6d6 https://github.com/phpmyadmin/phpmyadmin/commit/0f1d629043d5e8a68856e55483b… Author: ‫حمودي الجيلاني‬‎ <darhost56(a)gmail.com> Date: 2016-07-16 (Sat, 16 Jul 2016) Changed paths: M po/ar.po Log Message: ----------- Translated using Weblate (Arabic) Currently translated at 34.2% (1098 of 3209 strings) [CI skip] Commit: d35c3d9ed5ffc972a783564d17640af11276eaad https://github.com/phpmyadmin/phpmyadmin/commit/d35c3d9ed5ffc972a783564d176… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/plugins/auth/recaptcha/ReCaptcha/ReCaptcha.php A libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Curl.php A libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/CurlPost.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Socket.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/SocketPost.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestParameters.php M libraries/plugins/auth/recaptcha/autoload.php Log Message: ----------- Update ReCaptcha library to 1.1.2 There should be no functional changes. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ff9291964cdd12358d45f352c69e4ef8633866c2 https://github.com/phpmyadmin/phpmyadmin/commit/ff9291964cdd12358d45f352c69… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/tcpdf/README.TXT M libraries/tcpdf/include/sRGB.icc M libraries/tcpdf/include/tcpdf_fonts.php M libraries/tcpdf/include/tcpdf_images.php M libraries/tcpdf/include/tcpdf_static.php M libraries/tcpdf/tcpdf.php Log Message: ----------- Update TCPDF to 6.2.12 Changelog: 6.2.12 (2015-09-12) - fix composer package name to tecnickcom/tcpdf 6.2.11 (2015-08-02) - "PNG regression in 6.2.9 (they appear as their alpha channel)" was fixed. - "Encoded SRC URLs in <img> tags don't work anymore" was fixed. 6.2.10 (2015-07-28) - Minor mod to PNG parsing. - Make dependency on mcrypt optional. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3a4172525f07753a4ac120cef15df457f0560b6c https://github.com/phpmyadmin/phpmyadmin/commit/3a4172525f07753a4ac120cef15… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/plugins/auth/recaptcha/ReCaptcha/ReCaptcha.php A libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Curl.php A libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/CurlPost.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Socket.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/SocketPost.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestParameters.php M libraries/plugins/auth/recaptcha/autoload.php M libraries/tcpdf/README.TXT M libraries/tcpdf/include/sRGB.icc M libraries/tcpdf/include/tcpdf_fonts.php M libraries/tcpdf/include/tcpdf_images.php M libraries/tcpdf/include/tcpdf_static.php M libraries/tcpdf/tcpdf.php M po/ar.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: c0a05eced47cb83ff9953829853262a30addb142 https://github.com/phpmyadmin/phpmyadmin/commit/c0a05eced47cb83ff9953829853… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/navigation/nodes/NodeDatabase.php Log Message: ----------- Merge branch 'QA_4_6-security' of github.com:phpmyadmin/phpmyadmin-security into QA_4_6-security Commit: 1543be7138be5de37f6152a2b6d09cc74e1cb42f https://github.com/phpmyadmin/phpmyadmin/commit/1543be7138be5de37f6152a2b6d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M doc/config.rst M libraries/plugins/export/ExportXml.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/export/ExportXmlTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/PMA_sanitize_test.php M test/test_data/exploit_test.sql M test/test_data/phpmyadmin_importXML_For_Testing.xml M test/test_data/pma_bookmark.sql Log Message: ----------- Use https to access phpmyadmin.net Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 7e6edaf756201034b5e08b40f3ffb9f8af9a7d49 https://github.com/phpmyadmin/phpmyadmin/commit/7e6edaf756201034b5e08b40f3f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: A test/libraries/core/PMA_isAllowedDomain_test.php Log Message: ----------- Add tests for PMA_isAllowedDomain Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 67d6eeac42c599e53e81781961dadfcb3d8aac23 https://github.com/phpmyadmin/phpmyadmin/commit/67d6eeac42c599e53e81781961d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/core.lib.php M test/libraries/core/PMA_isAllowedDomain_test.php Log Message: ----------- Improve URL filtering in url.php Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3ba8a026fc403e68ae4854fa0addd00135eb7848 https://github.com/phpmyadmin/phpmyadmin/commit/3ba8a026fc403e68ae4854fa0ad… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Use hash_hmac for MAC rather than plain SHA1 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 0fad7290c90f9b192aff4e4946b3276803946a70 https://github.com/phpmyadmin/phpmyadmin/commit/0fad7290c90f9b192aff4e4946b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-19 (Tue, 19 Jul 2016) Changed paths: M libraries/server_privileges.lib.php Log Message: ----------- Escape database name in SQL query Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 69c38579f634bf5bee9c48f329dc49f13df6b24e https://github.com/phpmyadmin/phpmyadmin/commit/69c38579f634bf5bee9c48f329d… Author: Kamyar Sec <kamofanar(a)gmail.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M po/ckb.po Log Message: ----------- Translated using Weblate (Kurdish Sorani) Currently translated at 18.1% (582 of 3209 strings) [CI skip] Commit: f45b8cd49cbad2c8b92d02fa2435921d15490b29 https://github.com/phpmyadmin/phpmyadmin/commit/f45b8cd49cbad2c8b92d02fa243… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php Log Message: ----------- Use different secret for MAC than encryption Generated using string splitting. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2a2d865d50508458e683b96fa7d33ca5976b1d11 https://github.com/phpmyadmin/phpmyadmin/commit/2a2d865d50508458e683b96fa7d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Validate input data from cookies We expect strings only, so not accept anything else. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e2a25d773d28c9440087f3f54be45680d903d2d2 https://github.com/phpmyadmin/phpmyadmin/commit/e2a25d773d28c9440087f3f54be… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Merge pmaServer and pmaPass cookies This addresses several issues: - makes server name encrypted and authenticated, so that it can not be tampered - reduces cookie usage - reduces overhead of encryption/authentication The pmaUser cookie is still separate to avoid different lifetime (pmaUser has month lifetime, while pmaAuth is session only by default). Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d29df46b3aec576da5d8949b0792f25b63d0ac54 https://github.com/phpmyadmin/phpmyadmin/commit/d29df46b3aec576da5d8949b079… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Do not generate too long session secret We need 16+16 bytes, generating 256 is not really needed. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ef03daf658db501ddce304a1d2d0cd59dc4a6c71 https://github.com/phpmyadmin/phpmyadmin/commit/ef03daf658db501ddce304a1d2d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Remove hashing of blowfish secret New code doesn't have problems with longer secrets. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f07fd90ee910e4c6f31c310521faff460f046c28 https://github.com/phpmyadmin/phpmyadmin/commit/f07fd90ee910e4c6f31c310521f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/config/ServerConfigChecks.php Log Message: ----------- Document recommended length of 32 for blowfish_secret Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2b7be93829c38ccee7e05e769e4878280dc30ed6 https://github.com/phpmyadmin/phpmyadmin/commit/2b7be93829c38ccee7e05e769e4… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.php Log Message: ----------- Improve Blowfish secret generation in setup script Now generates secret containing all printable ASCII chars, making it way more random than with hex encoded random string. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f693c103be7103591902484a232728dcc79a8b02 https://github.com/phpmyadmin/phpmyadmin/commit/f693c103be7103591902484a232… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M config.sample.inc.php M doc/setup.rst Log Message: ----------- Document 32 chars length for blowfish_secret Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3ee65fc8bf3f3d105ed0c532c9344f5feab553ae https://github.com/phpmyadmin/phpmyadmin/commit/3ee65fc8bf3f3d105ed0c532c93… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Use MAC to verify IV as well Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a32b3ceb6e74394cdea3e57dacd5070c0afad50a https://github.com/phpmyadmin/phpmyadmin/commit/a32b3ceb6e74394cdea3e57dacd… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/server_privileges.lib.php Log Message: ----------- Use single quotes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bc6fbbe032d464000787de9af0c48ce8493095a9 https://github.com/phpmyadmin/phpmyadmin/commit/bc6fbbe032d464000787de9af0c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M doc/conf.py Log Message: ----------- Update documentation copyright Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 48764f226073be9fb52c7b68101fb8f7b12e3d5f https://github.com/phpmyadmin/phpmyadmin/commit/48764f226073be9fb52c7b68101… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.php Log Message: ----------- Delete temporary file before reporting error Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d9f918c36550e0e0706b00e5e9811068c6cb4bc8 https://github.com/phpmyadmin/phpmyadmin/commit/d9f918c36550e0e0706b00e5e98… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M doc/conf.py M libraries/server_privileges.lib.php M po/ckb.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: ddeab2a11ffd9ffdbb0db84e9c763ce202a4a4aa https://github.com/phpmyadmin/phpmyadmin/commit/ddeab2a11ffd9ffdbb0db84e9c7… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.php M libraries/zip_extension.lib.php M test/libraries/PMA_zip_extension_test.php Log Message: ----------- Sanitize filename on SHP import Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 41e3db158f15abfcc44840071a9e20beb00753ae https://github.com/phpmyadmin/phpmyadmin/commit/41e3db158f15abfcc44840071a9… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/navigation/NavigationTree.php M libraries/navigation/nodes/Node.php Log Message: ----------- Properly escape NavigationTreeDbSeparator in queries Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 23695db151b7c45522ad627319ea83b9de5e8577 https://github.com/phpmyadmin/phpmyadmin/commit/23695db151b7c45522ad627319e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/advisory_rules.txt Log Message: ----------- Change advisory rules links to https Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 1d70a1ba64f4bace7a15aa3f153abc81fde4881c https://github.com/phpmyadmin/phpmyadmin/commit/1d70a1ba64f4bace7a15aa3f153… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/sanitizing.lib.php M test/classes/MessageTest.php M test/libraries/PMA_sanitize_test.php M url.php Log Message: ----------- Allow only https outgoing links We no longer produce http links, so it's better to filter out these at all levels. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 5d1a6af96f91a14c91e6a5d3ba3b1e0af5f43769 https://github.com/phpmyadmin/phpmyadmin/commit/5d1a6af96f91a14c91e6a5d3ba3… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/advisory_rules.txt M libraries/sanitizing.lib.php M test/classes/MessageTest.php M url.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 67b538efc3e480168c8377e4bf2390120a914c07 https://github.com/phpmyadmin/phpmyadmin/commit/67b538efc3e480168c8377e4bf2… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M url.php Log Message: ----------- Send standard set of HTTP headers on redirect Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 643681ee68b0e553a8acd0a33f01ca199d797a17 https://github.com/phpmyadmin/phpmyadmin/commit/643681ee68b0e553a8acd0a33f0… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Use consistent iv and encrypted text concatenation as other libs Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 9106b339334f9f40d814ea1bcd690a568726a8f5 https://github.com/phpmyadmin/phpmyadmin/commit/9106b339334f9f40d814ea1bcd6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php Log Message: ----------- Improve secrets splitting - ensure it has 16 bytes - extends it by copying content if original is too short - correctly handle corner cases (eg. 1 byte secret) Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 024a924b38aaf87c60e9eedc86b86c5b8d9f9aba https://github.com/phpmyadmin/phpmyadmin/commit/024a924b38aaf87c60e9eedc86b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php Log Message: ----------- Avoid calculating strlen twice Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d93b8736379ccc5cf0884ed9daa55ab7997b6ccb https://github.com/phpmyadmin/phpmyadmin/commit/d93b8736379ccc5cf0884ed9daa… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.php Log Message: ----------- Move return to correct place Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: fd324e583ed72b21ccaca4f84ec6b0a858861ae6 https://github.com/phpmyadmin/phpmyadmin/commit/fd324e583ed72b21ccaca4f84ec… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.php Log Message: ----------- Revert "Move return to correct place" This reverts commit d93b8736379ccc5cf0884ed9daa55ab7997b6ccb. Commit: 99903101d9ce64fe52b650ad820f959badbaa3b6 https://github.com/phpmyadmin/phpmyadmin/commit/99903101d9ce64fe52b650ad820… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M ChangeLog M libraries/Table.php Log Message: ----------- Enfornce numeric field length when creating table Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 28eb84ef435bc0be8446ce62c57f438cf5bbd070 https://github.com/phpmyadmin/phpmyadmin/commit/28eb84ef435bc0be8446ce62c57… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M ChangeLog M libraries/Table.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: ff1016e504770dd334ab30fa85de11e8559eee01 https://github.com/phpmyadmin/phpmyadmin/commit/ff1016e504770dd334ab30fa85d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/create_addfield.lib.php M normalization.php M tbl_addfield.php Log Message: ----------- Limit maximal numver of fields to 4096 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 76e87c3e336b5e0a9c53dd6e0eec5ddc0508c868 https://github.com/phpmyadmin/phpmyadmin/commit/76e87c3e336b5e0a9c53dd6e0ee… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/DisplayResults.php M libraries/Linter.php M libraries/plugins/auth/AuthenticationCookie.php M tbl_get_field.php Log Message: ----------- Do not use mb_strlen on data we know are bytes Issue #12397 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 61150656df98de9be65bd5d4182c36950e74318a https://github.com/phpmyadmin/phpmyadmin/commit/61150656df98de9be65bd5d4182… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M ChangeLog M file_echo.php M libraries/PDF.php M libraries/plugins/schema/dia/Dia.php M libraries/plugins/schema/eps/Eps.php M libraries/plugins/schema/svg/Svg.php M libraries/tracking.lib.php Log Message: ----------- Fixed invalid Content-Length in some HTTP responses Use strlen for calculating HTTP response size, we're interested in bytes not utf-8 chars. Issue #12397 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 623f5b46213b8b4fda16f52017dbaec3e44e1ce3 https://github.com/phpmyadmin/phpmyadmin/commit/623f5b46213b8b4fda16f52017d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M file_echo.php Log Message: ----------- Remove no longer used code It was used by old charts code to download charts. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 835958af3105d13754f3ba3c58de85dc7c25633e https://github.com/phpmyadmin/phpmyadmin/commit/835958af3105d13754f3ba3c58d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M ChangeLog M libraries/DisplayResults.php M libraries/Linter.php M libraries/PDF.php M libraries/plugins/schema/dia/Dia.php M libraries/plugins/schema/eps/Eps.php M libraries/plugins/schema/svg/Svg.php M libraries/tracking.lib.php M tbl_get_field.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 1e6b740e6feace1a7be44a19a980477ce62fdded https://github.com/phpmyadmin/phpmyadmin/commit/1e6b740e6feace1a7be44a19a98… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M import.php M libraries/dbi/DBIMysql.php M libraries/dbi/DBIMysqli.php Log Message: ----------- Enable LOAD DATA LOCAL INFILE only when needed There is no need to have this feature allowed for normal SQL queries, it can lead to leaking sensitive files from the web server. It's enough to enable it only in LDI import plugin, where we control what queries are executed. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f0f8f2b65e46f11ed23efe3262810132ffa2b1bf https://github.com/phpmyadmin/phpmyadmin/commit/f0f8f2b65e46f11ed23efe32628… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/server_privileges.lib.php Log Message: ----------- Escape routine privileges listing Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b932b94577ec7516283d765a645e29d2fb4d6d5a https://github.com/phpmyadmin/phpmyadmin/commit/b932b94577ec7516283d765a645… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/gis/GISGeometry.php Log Message: ----------- Ensure GIS point coordinates are numeric Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d3a91549be9fd63d3afe3ea542114aa72f4cd79a https://github.com/phpmyadmin/phpmyadmin/commit/d3a91549be9fd63d3afe3ea5421… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/session.inc.php Log Message: ----------- Remove file path from the session error message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 754c1c987bef11093e905dfa20b06273851647ea https://github.com/phpmyadmin/phpmyadmin/commit/754c1c987bef11093e905dfa20b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M lint.php Log Message: ----------- Properly mark requests to lint as AJAX request Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e67e69229a1df3a26df12b1bae89065834fd85b4 https://github.com/phpmyadmin/phpmyadmin/commit/e67e69229a1df3a26df12b1bae8… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php Log Message: ----------- Remove option to show phpinfo() ($cfg['ShowPhpInfo']) This is really more a PHP debugging feature than anything related to phpMyAdmin. If user wants to debug, it's as simple a creating file with one line of php code. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 622a6f238971c3b9e0b736404d4a6962723f4bb2 https://github.com/phpmyadmin/phpmyadmin/commit/622a6f238971c3b9e0b736404d4… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M view_create.php Log Message: ----------- Fix #12394 : Create view should require a view name Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: 7d0ce4bb8b90f8ec281f99509402548d77d1e589 https://github.com/phpmyadmin/phpmyadmin/commit/7d0ce4bb8b90f8ec281f9950940… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M ChangeLog Log Message: ----------- ChangeLog entry for #12394 Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: 25182fb6c349a95de3a7b2e2453d3fe22913d439 https://github.com/phpmyadmin/phpmyadmin/commit/25182fb6c349a95de3a7b2e2453… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M ChangeLog M libraries/server_privileges.lib.php M user_password.php Log Message: ----------- Fix #12391 : Message with 'Change password successfully' displayed, but does not take effect Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: 3ec8ba8693589b434283bb89489e5bf4908bfa79 https://github.com/phpmyadmin/phpmyadmin/commit/3ec8ba8693589b434283bb89489… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php Log Message: ----------- Merge pull request #179 from phpmyadmin/remove-phpinfo Remove option to show phpinfo() ($cfg['ShowPhpInfo']) Commit: 53af6a569925cabd3d93763bc99eec38b2a883bd https://github.com/phpmyadmin/phpmyadmin/commit/53af6a569925cabd3d93763bc99… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M libraries/Config.php M libraries/VersionInformation.php Log Message: ----------- Simplify session handling on possibly long requests We really do not have to reconfigure sessions on restarting them. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c868852ae498893aa1717108b72e869146eaed49 https://github.com/phpmyadmin/phpmyadmin/commit/c868852ae498893aa1717108b72… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M ChangeLog M libraries/Config.php M libraries/VersionInformation.php M libraries/server_privileges.lib.php M user_password.php M view_create.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 6c95b73f9028f27ee3e9e4b56eda2d285c807b30 https://github.com/phpmyadmin/phpmyadmin/commit/6c95b73f9028f27ee3e9e4b56ed… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M libraries/core.lib.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/auth/AuthenticationHttpTest.php M test/classes/plugin/auth/AuthenticationSignonTest.php M test/libraries/core/PMA_headerLocation_test.php Log Message: ----------- Do not append session IDs to all URLs in redirect There is no need to do that as we rely on session cookies anyway. Also appending sesson ID to external URLs is not a good idea. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 64f033d3b9d3fd698927500eb5fd2db8f88b9986 https://github.com/phpmyadmin/phpmyadmin/commit/64f033d3b9d3fd698927500eb5f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M ChangeLog M libraries/session.inc.php Log Message: ----------- Tighthen control on PHP sessions and session cookies - use only cookies for session - use http only cookies - disable transparent session IDs Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 99492bf42aee13181ec6b796c5d13db3ee915b94 https://github.com/phpmyadmin/phpmyadmin/commit/99492bf42aee13181ec6b796c5d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M ChangeLog M libraries/core.lib.php M libraries/session.inc.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/auth/AuthenticationHttpTest.php M test/classes/plugin/auth/AuthenticationSignonTest.php M test/libraries/core/PMA_headerLocation_test.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 5f0267979f874afd37b76c22b25388edf50e0e51 https://github.com/phpmyadmin/phpmyadmin/commit/5f0267979f874afd37b76c22b25… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M ChangeLog Log Message: ----------- Fix typos in changelog Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 9f64b31fccd588f5534ec7cca1de42f11c202888 https://github.com/phpmyadmin/phpmyadmin/commit/9f64b31fccd588f5534ec7cca1d… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M ChangeLog Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 77a4d6ed9504b37d7cd26bcea26f30ecc6afdadd https://github.com/phpmyadmin/phpmyadmin/commit/77a4d6ed9504b37d7cd26bcea26… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh Log Message: ----------- Move generator scripts out of the code Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 16c4ca0daa9648257d5a2548e4035d2988805fd5 https://github.com/phpmyadmin/phpmyadmin/commit/16c4ca0daa9648257d5a2548e40… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M db_central_columns.php M libraries/DisplayResults.php M libraries/browse_foreigners.lib.php M libraries/controllers/server/ServerBinlogController.php M libraries/plugins/AuthenticationPlugin.php M libraries/plugins/auth/AuthenticationCookie.php M templates/columns_definitions/column_name.phtml M templates/table/search/options.phtml M templates/table/search/options_zoom.phtml Log Message: ----------- Properly escape configuration parameters when rendering Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: cc9d0f128ca51afb49f453d9327c851bcbe07f19 https://github.com/phpmyadmin/phpmyadmin/commit/cc9d0f128ca51afb49f453d9327… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M db_central_columns.php M libraries/DisplayResults.php M libraries/browse_foreigners.lib.php M libraries/controllers/server/ServerBinlogController.php M libraries/plugins/AuthenticationPlugin.php M libraries/plugins/auth/AuthenticationCookie.php M templates/columns_definitions/column_name.phtml M templates/table/search/options.phtml M templates/table/search/options_zoom.phtml Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: c90967071a3f43c7b53315c2595277748c1b4bed https://github.com/phpmyadmin/phpmyadmin/commit/c90967071a3f43c7b53315c2595… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M user_password.php Log Message: ----------- Do not allow to set too long password We do not accept password longer than 256 chars, so do not accept it on password change as well. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f727695dd3a51fec44605790854c041b88e12a56 https://github.com/phpmyadmin/phpmyadmin/commit/f727695dd3a51fec44605790854… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M libraries/sysinfo.lib.php Log Message: ----------- Use new URL for phpsysinfo Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 94f4a5439c6ec9382e3bf4a066266eaf9a0df75d https://github.com/phpmyadmin/phpmyadmin/commit/94f4a5439c6ec9382e3bf4a0662… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M libraries/engines/Innodb.php Log Message: ----------- Remove confusing mentions about InnoDB plugin It is integrated in MySQL for years. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a39b9909bb5e188fd4026a7b9fdaa7a18dfa6963 https://github.com/phpmyadmin/phpmyadmin/commit/a39b9909bb5e188fd4026a7b9fd… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M libraries/ZipFile.php Log Message: ----------- Change url to https Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 774f0c1fefefa9b505838719c94ace9c61126bd6 https://github.com/phpmyadmin/phpmyadmin/commit/774f0c1fefefa9b505838719c94… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M libraries/ZipFile.php M libraries/engines/Innodb.php M libraries/sysinfo.lib.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 870ca1cc7a12f57b02fbbabad971745b201ffe1b https://github.com/phpmyadmin/phpmyadmin/commit/870ca1cc7a12f57b02fbbabad97… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M doc/other.rst M js/tbl_structure.js M libraries/import.lib.php M libraries/plugins/import/README M po/az.po M po/bg.po M po/bn.po M po/ca.po M po/cs.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/es.po M po/et.po M po/fi.po M po/fr.po M po/gl.po M po/hi.po M po/hu.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ko.po M po/lt.po M po/nb.po M po/nl.po M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sv.po M po/th.po M po/tr.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php Log Message: ----------- Use https for wiki links Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: af337d20541c5c4e594fc392a88ab3c3af267e56 https://github.com/phpmyadmin/phpmyadmin/commit/af337d20541c5c4e594fc392a88… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M doc/config.rst M libraries/plugins/export/ExportXml.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/export/ExportXmlTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/test_data/exploit_test.sql M test/test_data/phpmyadmin_importXML_For_Testing.xml M test/test_data/pma_bookmark.sql Log Message: ----------- Use https to access phpmyadmin.net Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 23b6499dc8a65ab3d3995d796f0383b492c652f3 https://github.com/phpmyadmin/phpmyadmin/commit/23b6499dc8a65ab3d3995d796f0… Author: jorge jansen abreu <condecalifornia(a)hotmail.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M po/es.po Log Message: ----------- Translated using Weblate (Spanish) Currently translated at 99.7% (3202 of 3209 strings) [CI skip] Commit: 6cff8cada5acd2cdcc70e011942c20d43607d027 https://github.com/phpmyadmin/phpmyadmin/commit/6cff8cada5acd2cdcc70e011942… Author: Weblate <noreply(a)weblate.org> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M doc/config.rst M doc/other.rst M js/tbl_structure.js M libraries/ZipFile.php M libraries/engines/Innodb.php M libraries/import.lib.php M libraries/plugins/export/ExportXml.php M libraries/plugins/import/README M libraries/sysinfo.lib.php M po/az.po M po/bg.po M po/bn.po M po/ca.po M po/cs.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/es.po M po/et.po M po/fi.po M po/fr.po M po/gl.po M po/hi.po M po/hu.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ko.po M po/lt.po M po/nb.po M po/nl.po M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sv.po M po/th.po M po/tr.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/export/ExportXmlTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/core/PMA_getLinks_test.php M test/test_data/exploit_test.sql M test/test_data/phpmyadmin_importXML_For_Testing.xml M test/test_data/pma_bookmark.sql Log Message: ----------- Merge remote-tracking branch 'origin/QA_4_6' into QA_4_6 Commit: 471c3377c1316a793960d4e99452990d2cefb9b1 https://github.com/phpmyadmin/phpmyadmin/commit/471c3377c1316a793960d4e9945… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 2f4fec52d62acca374d846acd8bbc6bd33bde7c1 https://github.com/phpmyadmin/phpmyadmin/commit/2f4fec52d62acca374d846acd8b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M doc/config.rst Log Message: ----------- Document setup of *Dirs Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 51b676c8e056cd18f2bf23521fa393282228a534 https://github.com/phpmyadmin/phpmyadmin/commit/51b676c8e056cd18f2bf23521fa… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M doc/config.rst M po/es.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 07d75e1b00ab046c839cb131b233e83c59907f2a https://github.com/phpmyadmin/phpmyadmin/commit/07d75e1b00ab046c839cb131b23… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M doc/config.rst Log Message: ----------- Clarify documentation on AllowUserDropDatabase Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3c4226cb8c72402aea73ea175d04cc0029e72740 https://github.com/phpmyadmin/phpmyadmin/commit/3c4226cb8c72402aea73ea175d0… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M doc/config.rst A doc/images/usergroups.png M doc/privileges.rst Log Message: ----------- Add documentation for user groups Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: c310304712e010100265efcd54352aafd8623eba https://github.com/phpmyadmin/phpmyadmin/commit/c310304712e010100265efcd543… Author: Pavel Rochnyack <pavel2000(a)ngs.ru> Date: 2016-07-27 (Wed, 27 Jul 2016) Changed paths: M libraries/DatabaseInterface.php M libraries/controllers/server/ServerDatabasesController.php M test/classes/controllers/ServerDatabasesControllerTest.php Log Message: ----------- Restore Overhead column in Server > Databases > Enable Statistics. (Was removed in 582b02262bcda6edb10ffc6df1b67c47468bbe59) Signed-off-by: Pavel Rochnyack <pavel2000(a)ngs.ru> Commit: 43a199bdcaab7a71d470d33654e8cf23ed50b159 https://github.com/phpmyadmin/phpmyadmin/commit/43a199bdcaab7a71d470d33654e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M scripts/line-counts.sh Log Message: ----------- Use single quotes for filename Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4072c1d29abb54ef85908de746ede1f9f0460494 https://github.com/phpmyadmin/phpmyadmin/commit/4072c1d29abb54ef85908de746e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php M test/classes/AdvisorTest.php M test/classes/ConfigTest.php M test/classes/DisplayResultsTest.php M test/classes/MessageTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/auth/AuthenticationHttpTest.php M test/classes/plugin/auth/AuthenticationSignonTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/core/PMA_headerLocation_test.php M test/selenium/TestBase.php Log Message: ----------- Use example.com for sample test urls Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 257e65ba9f6ae6e8ce94d261165260dedaa58a03 https://github.com/phpmyadmin/phpmyadmin/commit/257e65ba9f6ae6e8ce94d261165… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M DCO M README M libraries/config.default.php M libraries/dbi/DBIMysqli.php M libraries/error_report.lib.php M libraries/iconv_wrapper.lib.php M libraries/import.lib.php M libraries/ip_allow_deny.lib.php M libraries/plugins/export/ExportPhparray.php M libraries/plugins/transformations/TEMPLATE_ABSTRACT M libraries/session.inc.php M libraries/url_generating.lib.php M scripts/revision-info M setup/index.php M test/README.rst Log Message: ----------- Use https for outbound links where applicable Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 298f19b3be9895d312a3e13ac5747d5d6c7190a2 https://github.com/phpmyadmin/phpmyadmin/commit/298f19b3be9895d312a3e13ac57… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M doc/config.rst M doc/copyright.rst M doc/credits.rst M doc/faq.rst M doc/glossary.rst M doc/require.rst M doc/setup.rst M doc/transformations.rst Log Message: ----------- Use https links in docs where available Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d31ff5a1e739d5a8b470b45960f8052d2ced1bba https://github.com/phpmyadmin/phpmyadmin/commit/d31ff5a1e739d5a8b470b45960f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M DCO M README M doc/config.rst M doc/copyright.rst M doc/credits.rst M doc/faq.rst M doc/glossary.rst A doc/images/usergroups.png M doc/privileges.rst M doc/require.rst M doc/setup.rst M doc/transformations.rst M libraries/config.default.php M libraries/dbi/DBIMysqli.php M libraries/error_report.lib.php M libraries/iconv_wrapper.lib.php M libraries/import.lib.php M libraries/ip_allow_deny.lib.php M libraries/plugins/export/ExportPhparray.php M libraries/plugins/transformations/TEMPLATE_ABSTRACT M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php M libraries/session.inc.php M libraries/url_generating.lib.php M scripts/line-counts.sh M scripts/revision-info M setup/index.php M test/README.rst M test/classes/AdvisorTest.php M test/classes/ConfigTest.php M test/classes/DisplayResultsTest.php M test/classes/MessageTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/auth/AuthenticationHttpTest.php M test/classes/plugin/auth/AuthenticationSignonTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/core/PMA_headerLocation_test.php M test/selenium/TestBase.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 4caa90a8324c928da3e6050f20736dbcbeaf1627 https://github.com/phpmyadmin/phpmyadmin/commit/4caa90a8324c928da3e6050f207… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/DbSearch.php Log Message: ----------- Escape string when showing confirmation message Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 1eefa08bb05a3f857f57adad785f89c16c2d6ff8 https://github.com/phpmyadmin/phpmyadmin/commit/1eefa08bb05a3f857f57adad785… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M js/functions.js M version_check.php Log Message: ----------- Add login and token validation to version_check Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 8dcaae5f83588b1aa65a05d3d93f408540dbf22d https://github.com/phpmyadmin/phpmyadmin/commit/8dcaae5f83588b1aa65a05d3d93… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/Response.php Log Message: ----------- Do not try to wrap output in case response handling is disabled Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 263318850ca41072b6870ef39d065c631f7def47 https://github.com/phpmyadmin/phpmyadmin/commit/263318850ca41072b6870ef39d0… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/DatabaseInterface.php M libraries/controllers/server/ServerDatabasesController.php M test/classes/controllers/ServerDatabasesControllerTest.php Log Message: ----------- Merge pull request #12409 from rpv-tomsk/restore-overhead-column Restore Overhead column in Server > Databases > Enable Statistics. Commit: 76f94e4228b8df44401607ae70366b6c541e5546 https://github.com/phpmyadmin/phpmyadmin/commit/76f94e4228b8df44401607ae703… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M ChangeLog Log Message: ----------- Add changelog entry for issue #12409 Re-enable overhead on server databases view Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b705dc5f6784dfec60fd788e9bdaa969668fb150 https://github.com/phpmyadmin/phpmyadmin/commit/b705dc5f6784dfec60fd788e9bd… Author: Pavel Rochnyack <pavel2000(a)ngs.ru> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M libraries/controllers/server/ServerDatabasesController.php Log Message: ----------- Fix replication status output in Server > Databases Broken by 829a84b46e101cc5caa3a4252ea6f4453c49528d refactoring. Incorrectly fixed in c4710c3e1d20c95b6cf5081d02ac50eda86d2538 Signed-off-by: Pavel Rochnyack <pavel2000(a)ngs.ru> Commit: c63b11d2bb0ec56671c3c12601f635ff8cb59871 https://github.com/phpmyadmin/phpmyadmin/commit/c63b11d2bb0ec56671c3c12601f… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M ChangeLog M themes/original/css/common.css.php Log Message: ----------- Fixed rendering of Original theme Fixes #12414 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 489970f218cdaf6ed81ad3843f5228f5dcf5ed97 https://github.com/phpmyadmin/phpmyadmin/commit/489970f218cdaf6ed81ad3843f5… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M ChangeLog M server_privileges.php Log Message: ----------- Fixed deleting users in non English locales Fixes #12413 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 74016bceeaddcd91ddcae045de61ddec53a5ce55 https://github.com/phpmyadmin/phpmyadmin/commit/74016bceeaddcd91ddcae045de6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M libraries/controllers/server/ServerDatabasesController.php Log Message: ----------- Merge pull request #12416 from rpv-tomsk/fix-replication-status Fix replication status output in Server > Databases Commit: de1e473a9dfc50d2a7e71b618706c9e13a87f13d https://github.com/phpmyadmin/phpmyadmin/commit/de1e473a9dfc50d2a7e71b61870… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M ChangeLog Log Message: ----------- Changelog entry for issue #12416 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: b27020f10882cf74317b26c93034a7312e4656a9 https://github.com/phpmyadmin/phpmyadmin/commit/b27020f10882cf74317b26c9303… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M ChangeLog M libraries/Util.php Log Message: ----------- Avoid typecasting to float when not needed Fixes #12303 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 62ad40ef049f63e49df6885b179357326d474049 https://github.com/phpmyadmin/phpmyadmin/commit/62ad40ef049f63e49df6885b179… Author: Juha <jremes(a)outlook.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M po/fi.po Log Message: ----------- Translated using Weblate (Finnish) Currently translated at 67.7% (2173 of 3209 strings) [CI skip] Commit: 7d57024d9568caa6d67e71937af3cb8486bd9149 https://github.com/phpmyadmin/phpmyadmin/commit/7d57024d9568caa6d67e71937af… Author: Weblate <noreply(a)weblate.org> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M ChangeLog M libraries/Util.php Log Message: ----------- Merge remote-tracking branch 'origin/QA_4_6' into QA_4_6 Commit: 1221b5ea4a0b5023a379ccca7db784dbe410cf3c https://github.com/phpmyadmin/phpmyadmin/commit/1221b5ea4a0b5023a379ccca7db… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M ChangeLog M libraries/DatabaseInterface.php M libraries/Util.php M libraries/controllers/server/ServerDatabasesController.php M po/fi.po M server_privileges.php M test/classes/controllers/ServerDatabasesControllerTest.php M themes/original/css/common.css.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 1f595e37e0f68c98034a0d13787787607d5f74f1 https://github.com/phpmyadmin/phpmyadmin/commit/1f595e37e0f68c98034a0d13787… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M libraries/replication.inc.php Log Message: ----------- Move hostname sanitization to correct place Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: bebca1139fd1410634fd1cca3b19d0db1d759bc7 https://github.com/phpmyadmin/phpmyadmin/commit/bebca1139fd1410634fd1cca3b1… Author: Juha Remes <jremes(a)outlook.com> Date: 2016-07-31 (Sun, 31 Jul 2016) Changed paths: M po/fi.po Log Message: ----------- Translated using Weblate (Finnish) Currently translated at 68.8% (2209 of 3209 strings) [CI skip] Commit: 17a26ab55f41e134a54fc36dd4ff306f674e13af https://github.com/phpmyadmin/phpmyadmin/commit/17a26ab55f41e134a54fc36dd4f… Author: Sevdimali İsa <sevdimaliisayev(a)mail.ru> Date: 2016-07-31 (Sun, 31 Jul 2016) Changed paths: M po/az.po Log Message: ----------- Translated using Weblate (Azerbaijani) Currently translated at 52.5% (1685 of 3209 strings) [CI skip] Commit: ed284f06a87ae93bfa37ea83945f2248172e0838 https://github.com/phpmyadmin/phpmyadmin/commit/ed284f06a87ae93bfa37ea83945… Author: 서준원 <junwon1994(a)gmail.com> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M po/ko.po Log Message: ----------- Translated using Weblate (Korean) Currently translated at 78.2% (2511 of 3209 strings) [CI skip] Commit: 37c2886845869da97d274815adbe05aa68e51fc6 https://github.com/phpmyadmin/phpmyadmin/commit/37c2886845869da97d274815adb… Author: Pavel Rochnyack <pavel2000(a)ngs.ru> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M index.php M js/ajax.js M libraries/Footer.php M themes/original/css/common.css.php Log Message: ----------- Improved indents, alignment and rtl in Original theme * Fixed list items aligment in rtl view * Fixed notices icon alignment in rtl and ltr views * Fixed Footer.php getErrorMessages() to avoid <div id="pma_errors"><div id="pma_errors">....</div></div> nested blocks. * Removed indentation by   Signed-off-by: Pavel Rochnyack <pavel2000(a)ngs.ru> Commit: 9d3da1b4084928f03bab680b908c47a396b64f27 https://github.com/phpmyadmin/phpmyadmin/commit/9d3da1b4084928f03bab680b908… Author: Pavel Rochnyack <pavel2000(a)ngs.ru> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M libraries/controllers/database/DatabaseStructureController.php Log Message: ----------- Fix replication status output in database tables list. Issue is second part to #12416 Signed-off-by: Pavel Rochnyack <pavel2000(a)ngs.ru> Commit: 9f1f0551771787b394f12ac4428a70e71a3a2a6d https://github.com/phpmyadmin/phpmyadmin/commit/9f1f0551771787b394f12ac4428… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M libraries/config/messages.inc.php Log Message: ----------- Fix #12425 : Removed double usage of same var name; Fix typo introduced in 545db4a4 Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: 9ee479b25a100b8a62168b6588f811614fe248dd https://github.com/phpmyadmin/phpmyadmin/commit/9ee479b25a100b8a62168b6588f… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M po/az.po M po/fi.po M po/ko.po Log Message: ----------- Merge branch 'QA_4_6' of http://github.com/phpmyadmin/phpmyadmin into QA_4_6 Commit: 2c5541a94b12fea64ffbe67a504dddb1725cbaf0 https://github.com/phpmyadmin/phpmyadmin/commit/2c5541a94b12fea64ffbe67a504… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M import.php M libraries/sql.lib.php M sql.php Log Message: ----------- Fix #12399: Adding index to table shows wrong top navigation If the SQL query analyzing sets the $table value to '', don't update the original value Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: 2ee0e4ed0e86572f15764fea6ef37bdaf546e6ee https://github.com/phpmyadmin/phpmyadmin/commit/2ee0e4ed0e86572f15764fea6ef… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M ChangeLog Log Message: ----------- ChangeLog entries for #12425 and #12399 Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: aecf9de8faacf2c0b02aa14f3b5558c2fa086b10 https://github.com/phpmyadmin/phpmyadmin/commit/aecf9de8faacf2c0b02aa14f3b5… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/brx.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/gu.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po Log Message: ----------- Update po files [CI skip] Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d621855169f7ac97c1250c7982be8c160ae056ef https://github.com/phpmyadmin/phpmyadmin/commit/d621855169f7ac97c1250c7982b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M ChangeLog M import.php M libraries/config/messages.inc.php M libraries/sql.lib.php M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/brx.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/gu.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M sql.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 8d413e7ddea4d48df5fa8240c420d19ce47e56f3 https://github.com/phpmyadmin/phpmyadmin/commit/8d413e7ddea4d48df5fa8240c42… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M doc/config.rst M doc/privileges.rst Log Message: ----------- Minor grammar improvements Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: d48b88284b9e2e34c48fa28ebba8289339a3dcc0 https://github.com/phpmyadmin/phpmyadmin/commit/d48b88284b9e2e34c48fa28ebba… Author: Pavel Rochnyack <pavel2000(a)ngs.ru> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M libraries/config/messages.inc.php M po/ar.po M po/az.po M po/be.po M po/bg.po M po/bn.po M po/br.po M po/ca.po M po/ckb.po M po/cs.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/es.po M po/et.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/kk.po M po/kn.po M po/ko.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/nl.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tr.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/zh_CN.po M po/zh_TW.po M templates/privileges/edit_routine_privileges.phtml M templates/table/structure/display_table_stats.phtml Log Message: ----------- Translation improvements * Improved Russian translation * Translated 'Go' button in edit_routine_privileges.phtml * Removed whitespace from end of "Table comments: " phrase. * Removed \n and whitespaces from phrase in libraries/config/messages.inc.php:813. * Unified form of changed phrases in translation files. Signed-off-by: Pavel Rochnyack <pavel2000(a)ngs.ru> Commit: eae10b89f9b2d775d9981d5b2fb2749157e09185 https://github.com/phpmyadmin/phpmyadmin/commit/eae10b89f9b2d775d9981d5b2fb… Author: Pavel Rochnyack <pavel2000(a)ngs.ru> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M libraries/advisory_rules.txt M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/brx.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/gu.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po Log Message: ----------- Fix advisory rule 'Slow launch time' Issue string: 'Slow_launch_thread' changed to 'Slow_launch_time' to match variable checked. Signed-off-by: Pavel Rochnyack <pavel2000(a)ngs.ru> Commit: 25c4ab1abed9f043e45fbc666dadd2ac2e540c11 https://github.com/phpmyadmin/phpmyadmin/commit/25c4ab1abed9f043e45fbc666da… Author: Giovanni Sora <g.sora(a)tiscali.it> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M po/ia.po Log Message: ----------- Translated using Weblate (Interlingua) Currently translated at 73.6% (2367 of 3214 strings) [CI skip] Commit: 319c7a824712edf7a0de8c4c3e1683ab38d71773 https://github.com/phpmyadmin/phpmyadmin/commit/319c7a824712edf7a0de8c4c3e1… Author: Domen <mitenem(a)outlook.com> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M po/sl.po Log Message: ----------- Translated using Weblate (Slovenian) Currently translated at 100.0% (3209 of 3209 strings) [CI skip] Commit: cdcf74ab0bde94d9be5aa29169b2c8ed8141103d https://github.com/phpmyadmin/phpmyadmin/commit/cdcf74ab0bde94d9be5aa29169b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M ChangeLog M user_password.php Log Message: ----------- Fixed password change on MariaDB without auth plugin Fixes #12424 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: ef9bd20e7a1b793bf9a64b04b3c5a9e332bb80df https://github.com/phpmyadmin/phpmyadmin/commit/ef9bd20e7a1b793bf9a64b04b3c… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M ChangeLog M doc/config.rst M doc/privileges.rst M po/ia.po M po/sl.po M user_password.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 0de543c3af1214a2745b48acce5afe5bbc9f32e0 https://github.com/phpmyadmin/phpmyadmin/commit/0de543c3af1214a2745b48acce5… Author: Marco Pozzato <ironpotts(a)gmail.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M po/it.po Log Message: ----------- Translated using Weblate (Italian) Currently translated at 99.9% (3208 of 3209 strings) [CI skip] Commit: aaf48b98fb43e457e985a0a7621e2ae539553f73 https://github.com/phpmyadmin/phpmyadmin/commit/aaf48b98fb43e457e985a0a7621… Author: Burak Yavuz <hitowerdigit(a)hotmail.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M po/tr.po Log Message: ----------- Translated using Weblate (Turkish) Currently translated at 100.0% (3209 of 3209 strings) [CI skip] Commit: 38b73180fd33070f4e28a6baeb4d5dcc24870ad8 https://github.com/phpmyadmin/phpmyadmin/commit/38b73180fd33070f4e28a6baeb4… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php Log Message: ----------- Fix password change in cookie auth We can not set same cookie twice, so we have to avoid sending auth cookie when we're about to change the password. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 77d5a1e07cce7b4f5090f2dcdff0c2eb9405db4f https://github.com/phpmyadmin/phpmyadmin/commit/77d5a1e07cce7b4f5090f2dcdff… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M po/it.po M po/tr.po Log Message: ----------- Merge branch 'QA_4_6' of github.com:phpmyadmin/phpmyadmin into QA_4_6 Commit: 493ece49ee378bd01beed56cea1ecd7656bec302 https://github.com/phpmyadmin/phpmyadmin/commit/493ece49ee378bd01beed56cea1… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M po/it.po M po/tr.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: ae79ceb3a426c7da1a39e968d9b86e1d212b9dbc https://github.com/phpmyadmin/phpmyadmin/commit/ae79ceb3a426c7da1a39e968d9b… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M ChangeLog M libraries/DatabaseInterface.php Log Message: ----------- Do not error on unset server port Fixes #12339 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: aa427068ecd324446d4808b56b3c4284ac4b7acb https://github.com/phpmyadmin/phpmyadmin/commit/aa427068ecd324446d4808b56b3… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M index.php M js/ajax.js M libraries/Footer.php M themes/original/css/common.css.php Log Message: ----------- Merge pull request #12422 from rpv-tomsk/fix-notices-original-theme Improved indents, alignment and rtl in Original theme Commit: 1af9db6baf8b25fdbd4fa72bf0989c97a438d8cc https://github.com/phpmyadmin/phpmyadmin/commit/1af9db6baf8b25fdbd4fa72bf09… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M ChangeLog Log Message: ----------- Changelog for issue #12422 - Improvements to the original theme Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f9563d6fcc8615d7b6a61b8bebce47c8ff475908 https://github.com/phpmyadmin/phpmyadmin/commit/f9563d6fcc8615d7b6a61b8bebc… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M libraries/config/messages.inc.php M po/ar.po M po/az.po M po/be.po M po/bg.po M po/bn.po M po/br.po M po/ca.po M po/ckb.po M po/cs.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/es.po M po/et.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/kk.po M po/kn.po M po/ko.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/nl.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tr.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/zh_CN.po M po/zh_TW.po M templates/privileges/edit_routine_privileges.phtml M templates/table/structure/display_table_stats.phtml Log Message: ----------- Merge pull request #12421 from rpv-tomsk/fix-ru-translation Translation improvements Commit: 07a4316bf53f53cb054ca6d4520dffa5ce73ef25 https://github.com/phpmyadmin/phpmyadmin/commit/07a4316bf53f53cb054ca6d4520… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M libraries/advisory_rules.txt M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/brx.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/gu.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po Log Message: ----------- Merge remote-tracking branch 'origin/pull/12420' into QA_4_6 Commit: e7d4ef2fbc8f3e83716af24941edc975d55b6554 https://github.com/phpmyadmin/phpmyadmin/commit/e7d4ef2fbc8f3e83716af24941e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M ChangeLog M index.php M js/ajax.js M libraries/DatabaseInterface.php M libraries/Footer.php M libraries/advisory_rules.txt M libraries/config/messages.inc.php M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/brx.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/gu.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M templates/privileges/edit_routine_privileges.phtml M templates/table/structure/display_table_stats.phtml M themes/original/css/common.css.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: a897d5c7104e09715cab2e687fa760d4331a0d7b https://github.com/phpmyadmin/phpmyadmin/commit/a897d5c7104e09715cab2e687fa… Author: Stefano Martinelli <stefano.ste.martinelli(a)gmail.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M po/it.po Log Message: ----------- Translated using Weblate (Italian) Currently translated at 100.0% (3214 of 3214 strings) [CI skip] Commit: 34d028a3d58c6b767692caf7499dda0989753abf https://github.com/phpmyadmin/phpmyadmin/commit/34d028a3d58c6b767692caf7499… Author: dingo thirteen <dingo13(a)gmail.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M po/nl.po Log Message: ----------- Translated using Weblate (Dutch) Currently translated at 100.0% (3214 of 3214 strings) [CI skip] Commit: 8eb46799ca053437391f3fda1fbdd5a9c6c10aef https://github.com/phpmyadmin/phpmyadmin/commit/8eb46799ca053437391f3fda1fb… Author: Kristjan Räts <kristjanrats(a)gmail.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M po/et.po Log Message: ----------- Translated using Weblate (Estonian) Currently translated at 100.0% (3214 of 3214 strings) [CI skip] Commit: ae2f9d125cb72def743397e59b3bb2c4a7548a6d https://github.com/phpmyadmin/phpmyadmin/commit/ae2f9d125cb72def743397e59b3… Author: dingo thirteen <dingo13(a)gmail.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M po/nl.po Log Message: ----------- Translated using Weblate (Dutch) Currently translated at 100.0% (3214 of 3214 strings) [CI skip] Commit: bb9317d1924aa7df058e35a36f337948ce659670 https://github.com/phpmyadmin/phpmyadmin/commit/bb9317d1924aa7df058e35a36f3… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-02 (Tue, 02 Aug 2016) Changed paths: M ChangeLog M libraries/transformations.lib.php Log Message: ----------- Do not try to load old transformation plugins Fixes #12395 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 369c53aee338073dd37c6210f7f16e0b023b6837 https://github.com/phpmyadmin/phpmyadmin/commit/369c53aee338073dd37c6210f7f… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M libraries/mult_submits.lib.php Log Message: ----------- Fix Label's 'for' attribute for Auto-incr in Copy Mutliple tables Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: 88a1c7e1faccaa9b1b5f9a6d5f16c1f4841e0e9c https://github.com/phpmyadmin/phpmyadmin/commit/88a1c7e1faccaa9b1b5f9a6d5f1… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M ChangeLog M index.php M js/ajax.js M libraries/DatabaseInterface.php M libraries/Footer.php M libraries/advisory_rules.txt M libraries/config/messages.inc.php M libraries/plugins/auth/AuthenticationCookie.php M libraries/transformations.lib.php M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/brx.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/gu.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M templates/privileges/edit_routine_privileges.phtml M templates/table/structure/display_table_stats.phtml M themes/original/css/common.css.php M user_password.php Log Message: ----------- Merge branch 'QA_4_6' of http://github.com/phpmyadmin/phpmyadmin into QA_4_6 Commit: 7b17fe8cefb0e90c0188cd6a44c53d532333df37 https://github.com/phpmyadmin/phpmyadmin/commit/7b17fe8cefb0e90c0188cd6a44c… Author: Masahiro Nishi <grooversmail(a)gmail.com> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M po/ja.po Log Message: ----------- Translated using Weblate (Japanese) Currently translated at 70.3% (2259 of 3213 strings) [CI skip] Commit: 1816bb0d2ce571a8c353c8ba5d88958917a97bf6 https://github.com/phpmyadmin/phpmyadmin/commit/1816bb0d2ce571a8c353c8ba5d8… Author: Weblate <noreply(a)weblate.org> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M libraries/mult_submits.lib.php Log Message: ----------- Merge remote-tracking branch 'origin/QA_4_6' into QA_4_6 Commit: f6d1c901882b6d7292d3eeac8b45388b343cbabf https://github.com/phpmyadmin/phpmyadmin/commit/f6d1c901882b6d7292d3eeac8b4… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M libraries/controllers/database/DatabaseStructureController.php Log Message: ----------- Merge pull request #12423 from rpv-tomsk/fix-replication-status Fix replication status output in database tables list. Commit: 5385099b4013512c39baf7031c38ea9f3ae137ff https://github.com/phpmyadmin/phpmyadmin/commit/5385099b4013512c39baf7031c3… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M ChangeLog Log Message: ----------- Changelog for issue #12423 Fixed replication status in database listing Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 2ec1f50d4580b4d2c22e39f908efa1cd5688b890 https://github.com/phpmyadmin/phpmyadmin/commit/2ec1f50d4580b4d2c22e39f908e… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M ChangeLog M libraries/controllers/database/DatabaseStructureController.php M libraries/mult_submits.lib.php M libraries/transformations.lib.php M po/et.po M po/it.po M po/ja.po M po/nl.po Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 91ff2a97e25c07aa8e6d1b35443f4d76cd9d1bf6 https://github.com/phpmyadmin/phpmyadmin/commit/91ff2a97e25c07aa8e6d1b35443… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M index.php Log Message: ----------- Open demo information in new tab Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: a294026e3799eefa195b89f5833e44ddeb7eb503 https://github.com/phpmyadmin/phpmyadmin/commit/a294026e3799eefa195b89f5833… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M libraries/config/Validator.php Log Message: ----------- Simplified getting error from preg_match It's enough to use error_get_last to obtain the message without need to play with PHP configuration and error handling. The only tricky thing is to know that there is new error. With PHP 7, there is error_clear_last() which ensures this, on older PHP we need to trigger *another* error to be able to detect that new error comes. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: d09e5438c14631a9fedfd9ad74531f9c181b1c30 https://github.com/phpmyadmin/phpmyadmin/commit/d09e5438c14631a9fedfd9ad745… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M libraries/Scripts.php M test/classes/ScriptsTest.php Log Message: ----------- Remove unsued code for generating events This is no longer used, so there is no need to support it. Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: f6f3002d334b0ed457b2bcf12e3943d97eec0a06 https://github.com/phpmyadmin/phpmyadmin/commit/f6f3002d334b0ed457b2bcf12e3… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-03 (Wed, 03 Aug 2016) Changed paths: M libraries/mult_submits.lib.php Log Message: ----------- Fix #12433 : Copy table with prefix does not copy the indexes Change the query "CREATE TABLE $newtablename SELECT * FROM $old" to using Table::moveCopy Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: 208480237d00ee2e8e2ac3a28e34487432c0a622 https://github.com/phpmyadmin/phpmyadmin/commit/208480237d00ee2e8e2ac3a28e3… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-04 (Thu, 04 Aug 2016) Changed paths: M libraries/error_report.lib.php Log Message: ----------- Remove unused function Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 4c2c5622045dfb781bada8674e25a2e892880c21 https://github.com/phpmyadmin/phpmyadmin/commit/4c2c5622045dfb781bada8674e2… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-04 (Thu, 04 Aug 2016) Changed paths: M doc/faq.rst Log Message: ----------- Suggest more secure Apache configuration Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e3f73805f0585d17d1847f533e1f707f0f1b5627 https://github.com/phpmyadmin/phpmyadmin/commit/e3f73805f0585d17d1847f533e1… Author: Deven Bansod <devenbansod(a)users.noreply.github.com> Date: 2016-08-04 (Thu, 04 Aug 2016) Changed paths: M libraries/mult_submits.lib.php Log Message: ----------- Merge pull request #12441 from devenbansod/fix_12433 Fix #12433 : Copy table with prefix does not copy the indexes Commit: 39425f2a4c5db95c577371a6a06c9987abc01d8a https://github.com/phpmyadmin/phpmyadmin/commit/39425f2a4c5db95c577371a6a06… Author: Deven Bansod <deven(a)localhost.localdomain> Date: 2016-08-04 (Thu, 04 Aug 2016) Changed paths: M ChangeLog Log Message: ----------- ChangeLog entry for #12433 Signed-off-by: Deven Bansod <deven(a)localhost.localdomain> Commit: 011cfb6e0e783ac1c0dec544d1fdb56cd96b1769 https://github.com/phpmyadmin/phpmyadmin/commit/011cfb6e0e783ac1c0dec544d1f… Author: Massimiliano Caniparoli <massic80(a)gmail.com> Date: 2016-08-06 (Sat, 06 Aug 2016) Changed paths: M po/it.po Log Message: ----------- Translated using Weblate (Italian) Currently translated at 100.0% (3214 of 3214 strings) [CI skip] Commit: c3158f466e76d82bc9787ffb223d357d6020d018 https://github.com/phpmyadmin/phpmyadmin/commit/c3158f466e76d82bc9787ffb223… Author: Juha Remes <jremes(a)outlook.com> Date: 2016-08-06 (Sat, 06 Aug 2016) Changed paths: M po/fi.po Log Message: ----------- Translated using Weblate (Finnish) Currently translated at 69.1% (2222 of 3213 strings) [CI skip] Commit: 9824a3d62cd88c82314f62e66880aa5ababb60b2 https://github.com/phpmyadmin/phpmyadmin/commit/9824a3d62cd88c82314f62e6688… Author: Cédric Corazza <cedric.corazza(a)wanadoo.fr> Date: 2016-08-08 (Mon, 08 Aug 2016) Changed paths: M po/fr.po Log Message: ----------- Translated using Weblate (French) Currently translated at 99.8% (3209 of 3214 strings) [CI skip] Commit: cb4a8eef4fac780af1c55668b9f706bc547c22be https://github.com/phpmyadmin/phpmyadmin/commit/cb4a8eef4fac780af1c55668b9f… Author: Παναγιώτης Παπάζογλου <papaz_p(a)yahoo.com> Date: 2016-08-08 (Mon, 08 Aug 2016) Changed paths: M po/el.po Log Message: ----------- Translated using Weblate (Greek) Currently translated at 100.0% (3214 of 3214 strings) [CI skip] Commit: 6deff4131c07be220bdee59af392d80c5b996743 https://github.com/phpmyadmin/phpmyadmin/commit/6deff4131c07be220bdee59af39… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-08 (Mon, 08 Aug 2016) Changed paths: M doc/setup.rst Log Message: ----------- Document docker configuration customization See https://github.com/phpmyadmin/docker/pull/42 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 12a66952a9498fc5eca58115d9adfe85c44e01c2 https://github.com/phpmyadmin/phpmyadmin/commit/12a66952a9498fc5eca58115d9a… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-08 (Mon, 08 Aug 2016) Changed paths: M doc/setup.rst Log Message: ----------- Use long key IDs or fingerprints to point to keys This is safer than short IDs, where colliscion could exist. Fixes #12448 Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: aadee00209630cadf8c0edca4feebfa0522a23f9 https://github.com/phpmyadmin/phpmyadmin/commit/aadee00209630cadf8c0edca4fe… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-08 (Mon, 08 Aug 2016) Changed paths: M doc/setup.rst Log Message: ----------- Document signing key for themes Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: 3dcb219834b5bdebdc0de6f1764f3c3a468b8ece https://github.com/phpmyadmin/phpmyadmin/commit/3dcb219834b5bdebdc0de6f1764… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-08 (Mon, 08 Aug 2016) Changed paths: M doc/setup.rst Log Message: ----------- Simplify markup Signed-off-by: Michal Čihař <michal(a)cihar.com> Commit: e80b477525bb13d8bca3c98962f16a374fbe2e83 https://github.com/phpmyadmin/phpmyadmin/commit/e80b477525bb13d8bca3c98962f… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-08 (Mon, 08 Aug 2016) Changed paths: M js/db_search.js Log Message: ----------- Scroll (using Animate) only when result div is visible We load the result div using data from AJAX request and make the div visible. So, we should scroll down when the div is visible and loaded with the appropriate data. Fix #12375 Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: 6c8513bd79a8465846059e3dd674427df23a5fc5 https://github.com/phpmyadmin/phpmyadmin/commit/6c8513bd79a8465846059e3dd67… Author: Deven Bansod <devenbansod(a)users.noreply.github.com> Date: 2016-08-10 (Wed, 10 Aug 2016) Changed paths: M js/db_search.js Log Message: ----------- Merge pull request #12450 from devenbansod/fix_12375 Scroll (using Animate) only when result div is loaded with data from ajax response and is visible Commit: 90df9c9883bd8101dcf78adfef975be76d1b698e https://github.com/phpmyadmin/phpmyadmin/commit/90df9c9883bd8101dcf78adfef9… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-10 (Wed, 10 Aug 2016) Changed paths: M ChangeLog Log Message: ----------- ChangeLog entry for #12375 Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: 16c9eee9175f9879edb52d2e5249c6b66a4bc567 https://github.com/phpmyadmin/phpmyadmin/commit/16c9eee9175f9879edb52d2e524… Author: Alex Vega <semtiko(a)gmail.com> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M po/ru.po Log Message: ----------- Translated using Weblate (Russian) Currently translated at 97.5% (3135 of 3213 strings) [CI skip] Commit: 9fe4cbe9946c4b0b2d972c82430bf01b5650a5b0 https://github.com/phpmyadmin/phpmyadmin/commit/9fe4cbe9946c4b0b2d972c82430… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M ChangeLog M js/functions.js Log Message: ----------- Allow resizing only from bottom of the SQL Editors Also affects SQL Editors in Inline editing, Add/Edit Routines, Exporting User privileges etc. ChangeLog Entry for #12346 Fix #12346 Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: 91a548811d214cacade645c960b8e9a5df060460 https://github.com/phpmyadmin/phpmyadmin/commit/91a548811d214cacade645c960b… Author: Dadan Setia <da2n_s(a)yahoo.co.id> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M po/id.po Log Message: ----------- Translated using Weblate (Indonesian) Currently translated at 68.9% (2216 of 3213 strings) [CI skip] Commit: ec6b67e9039fe1644132c792d3b10dbc18d19d45 https://github.com/phpmyadmin/phpmyadmin/commit/ec6b67e9039fe1644132c792d3b… Author: Burak Yavuz <hitowerdigit(a)hotmail.com> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M po/tr.po Log Message: ----------- Translated using Weblate (Turkish) Currently translated at 100.0% (3209 of 3209 strings) [CI skip] Commit: 13d341530becc6dd35fd67aaf4eb1ecdc94fa367 https://github.com/phpmyadmin/phpmyadmin/commit/13d341530becc6dd35fd67aaf4e… Author: Weblate <noreply(a)weblate.org> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M ChangeLog M js/functions.js Log Message: ----------- Merge remote-tracking branch 'origin/QA_4_6' into QA_4_6 Commit: 0f6b76b57844af5b43675c9ff5489d1a3a6baa63 https://github.com/phpmyadmin/phpmyadmin/commit/0f6b76b57844af5b43675c9ff54… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M .scrutinizer.yml M build.xml M changelog.php M config.sample.inc.php M doc/config.rst M doc/setup.rst M examples/openid.php M examples/signon.php R examples/swekey.sample.conf M file_echo.php M import.php M index.php M js/functions.js M js/tbl_relation.js M libraries/DbSearch.php M libraries/Error.php M libraries/File.php M libraries/RecentFavoriteTable.php M libraries/Response.php M libraries/Table.php M libraries/Util.php M libraries/VersionInformation.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/ServerConfigChecks.php M libraries/config/Validator.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/core.lib.php M libraries/create_addfield.lib.php M libraries/db_designer.lib.php M libraries/dbi/DBIMysql.php M libraries/dbi/DBIMysqli.php M libraries/display_export.lib.php M libraries/display_git_revision.lib.php M libraries/engines/Pbxt.php M libraries/error_report.lib.php M libraries/file_listing.lib.php M libraries/gis/GISGeometry.php M libraries/ip_allow_deny.lib.php M libraries/navigation/NavigationTree.php M libraries/navigation/nodes/Node.php M libraries/navigation/nodes/NodeDatabase.php M libraries/plugin_interface.lib.php M libraries/plugins/auth/AuthenticationCookie.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php M libraries/plugins/export/ExportMediawiki.php M libraries/plugins/export/ExportPhparray.php M libraries/plugins/export/ExportSql.php M libraries/plugins/export/ExportXml.php M libraries/plugins/import/ImportShp.php M libraries/plugins/schema/ExportRelationSchema.php M libraries/plugins/transformations/abs/FormattedTransformationsPlugin.php M libraries/plugins/transformations/abs/ImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/ImageUploadTransformationsPlugin.php M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php M libraries/plugins/transformations/abs/RegexValidationTransformationsPlugin.php M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh M libraries/pmd_common.php M libraries/relation.lib.php M libraries/replication.inc.php M libraries/replication_gui.lib.php M libraries/sanitizing.lib.php M libraries/server_privileges.lib.php M libraries/server_status_variables.lib.php M libraries/server_user_groups.lib.php M libraries/session.inc.php M libraries/tracking.lib.php M libraries/zip_extension.lib.php M lint.php M normalization.php R phpinfo.php M phpunit.xml.dist A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh M tbl_addfield.php M templates/list/item.phtml M templates/server/databases/create.phtml M templates/table/gis_visualization/gis_visualization.phtml M templates/table/search/zoom_result_form.phtml M templates/table/structure/display_structure.phtml M test/classes/DisplayResultsTest.php M test/classes/engines/PbxtTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/export/ExportPhparrayTest.php M test/classes/plugin/export/ExportXmlTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_ip_allow_deny_test.php M test/libraries/PMA_zip_extension_test.php A test/libraries/core/PMA_isAllowedDomain_test.php A test/libraries/core/PMA_safeUnserialize_test.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php M themes.php M transformation_wrapper.php M url.php M user_password.php M version_check.php Log Message: ----------- Merge remote-tracking branch 'security/QA_4_6-security' into QA_4_6 Commit: b9a6a9993e175ff13375462333ce1139095d01e1 https://github.com/phpmyadmin/phpmyadmin/commit/b9a6a9993e175ff13375462333c… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.php Log Message: ----------- Release 4.6.4 Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com> Commit: 4880b801989fecf23ca8575ee3536f9368bbecb5 https://github.com/phpmyadmin/phpmyadmin/commit/4880b801989fecf23ca8575ee35… Author: Isaac Bennetch <bennetch(a)gmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M .scrutinizer.yml M .travis.yml M ChangeLog M DCO M README M build.xml M changelog.php M config.sample.inc.php M db_central_columns.php M doc/conf.py M doc/config.rst M doc/copyright.rst M doc/credits.rst M doc/faq.rst M doc/glossary.rst A doc/images/usergroups.png M doc/other.rst M doc/privileges.rst M doc/require.rst M doc/setup.rst M doc/transformations.rst M examples/openid.php M examples/signon.php R examples/swekey.sample.conf M file_echo.php M import.php M index.php M js/ajax.js M js/db_search.js M js/functions.js M js/tbl_relation.js M js/tbl_structure.js M libraries/Config.php M libraries/DatabaseInterface.php M libraries/DbSearch.php M libraries/DisplayResults.php M libraries/Error.php M libraries/File.php M libraries/Footer.php M libraries/Header.php M libraries/Linter.php M libraries/PDF.php M libraries/RecentFavoriteTable.php M libraries/Response.php M libraries/Scripts.php M libraries/Table.php M libraries/Util.php M libraries/VersionInformation.php M libraries/ZipFile.php M libraries/advisory_rules.txt M libraries/browse_foreigners.lib.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/FormDisplay.php M libraries/config/ServerConfigChecks.php M libraries/config/Validator.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/controllers/database/DatabaseStructureController.php M libraries/controllers/server/ServerBinlogController.php M libraries/controllers/server/ServerDatabasesController.php M libraries/controllers/table/TableSearchController.php M libraries/core.lib.php M libraries/create_addfield.lib.php M libraries/db_designer.lib.php M libraries/dbi/DBIMysql.php M libraries/dbi/DBIMysqli.php M libraries/display_export.lib.php M libraries/display_git_revision.lib.php M libraries/engines/Innodb.php M libraries/engines/Pbxt.php M libraries/error_report.lib.php M libraries/file_listing.lib.php M libraries/gis/GISGeometry.php M libraries/iconv_wrapper.lib.php M libraries/import.lib.php M libraries/ip_allow_deny.lib.php M libraries/mult_submits.lib.php M libraries/navigation/NavigationTree.php M libraries/navigation/nodes/Node.php M libraries/navigation/nodes/NodeDatabase.php M libraries/plugin_interface.lib.php M libraries/plugins/AuthenticationPlugin.php M libraries/plugins/auth/AuthenticationCookie.php M libraries/plugins/auth/recaptcha/ReCaptcha/ReCaptcha.php A libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Curl.php A libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/CurlPost.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Socket.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/SocketPost.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestParameters.php M libraries/plugins/auth/recaptcha/autoload.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php M libraries/plugins/export/ExportMediawiki.php M libraries/plugins/export/ExportPhparray.php M libraries/plugins/export/ExportSql.php M libraries/plugins/export/ExportXml.php M libraries/plugins/import/ImportShp.php M libraries/plugins/import/README M libraries/plugins/schema/ExportRelationSchema.php M libraries/plugins/schema/dia/Dia.php M libraries/plugins/schema/eps/Eps.php M libraries/plugins/schema/svg/Svg.php M libraries/plugins/transformations/TEMPLATE_ABSTRACT M libraries/plugins/transformations/abs/FormattedTransformationsPlugin.php M libraries/plugins/transformations/abs/ImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/ImageUploadTransformationsPlugin.php M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php M libraries/plugins/transformations/abs/RegexValidationTransformationsPlugin.php M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh M libraries/pmd_common.php M libraries/relation.lib.php M libraries/replication.inc.php M libraries/replication_gui.lib.php M libraries/sanitizing.lib.php M libraries/server_privileges.lib.php M libraries/server_status_variables.lib.php M libraries/server_user_groups.lib.php M libraries/session.inc.php M libraries/sql.lib.php M libraries/sysinfo.lib.php M libraries/tcpdf/README.TXT M libraries/tcpdf/include/sRGB.icc M libraries/tcpdf/include/tcpdf_fonts.php M libraries/tcpdf/include/tcpdf_images.php M libraries/tcpdf/include/tcpdf_static.php M libraries/tcpdf/tcpdf.php M libraries/tracking.lib.php M libraries/transformations.lib.php M libraries/url_generating.lib.php M libraries/zip_extension.lib.php M lint.php M normalization.php R phpinfo.php M phpunit.xml.dist M po/af.po M po/ar.po M po/az.po M po/be.po M po/be(a)latin.po M po/bg.po M po/bn.po M po/br.po M po/brx.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/gu.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr(a)latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz(a)latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M scripts/line-counts.sh M scripts/revision-info A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh M server_privileges.php M setup/index.php M sql.php M tbl_addfield.php M tbl_get_field.php M templates/columns_definitions/column_name.phtml M templates/database/designer/database_tables.phtml M templates/list/item.phtml M templates/privileges/edit_routine_privileges.phtml M templates/server/databases/create.phtml M templates/table/gis_visualization/gis_visualization.phtml M templates/table/search/options.phtml M templates/table/search/options_zoom.phtml M templates/table/search/zoom_result_form.phtml M templates/table/structure/display_structure.phtml M templates/table/structure/display_table_stats.phtml M test/README.rst M test/classes/AdvisorTest.php M test/classes/ConfigTest.php M test/classes/DisplayResultsTest.php M test/classes/MessageTest.php M test/classes/ScriptsTest.php M test/classes/controllers/ServerDatabasesControllerTest.php M test/classes/engines/PbxtTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/auth/AuthenticationHttpTest.php M test/classes/plugin/auth/AuthenticationSignonTest.php M test/classes/plugin/export/ExportPhparrayTest.php M test/classes/plugin/export/ExportXmlTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/PMA_ip_allow_deny_test.php M test/libraries/PMA_sanitize_test.php M test/libraries/PMA_zip_extension_test.php M test/libraries/core/PMA_getLinks_test.php M test/libraries/core/PMA_headerLocation_test.php A test/libraries/core/PMA_isAllowedDomain_test.php A test/libraries/core/PMA_safeUnserialize_test.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php M test/selenium/TestBase.php M test/test_data/exploit_test.sql M test/test_data/phpmyadmin_importXML_For_Testing.xml M test/test_data/pma_bookmark.sql M themes.php M themes/original/css/common.css.php M transformation_wrapper.php M url.php M user_password.php M version_check.php M view_create.php Log Message: ----------- Merge branch 'QA_4_6' into STABLE Compare: https://github.com/phpmyadmin/phpmyadmin/compare/d9841284d25e...4880b801989f

1 0

[phpmyadmin/localized_docs] e43d1a: Translated using Weblate (Turkish)
by Burak Yavuz 16 Aug '16

16 Aug '16

Branch: refs/heads/master Home: https://github.com/phpmyadmin/localized_docs Commit: e43d1a97cdaa28336bf87deb72f3e5314c4a4b0c https://github.com/phpmyadmin/localized_docs/commit/e43d1a97cdaa28336bf87de… Author: Burak Yavuz <hitowerdigit(a)hotmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M po/tr.mo M po/tr.po Log Message: ----------- Translated using Weblate (Turkish) Currently translated at 100.0% (2272 of 2272 strings) [CI skip]

1 0

[phpmyadmin/phpmyadmin] c274f1: Revert "fixed checking of user rights to make it l...
by Michal Čihař 16 Aug '16

16 Aug '16

Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: c274f193a1e9d27899e938995fe5f169f024aece https://github.com/phpmyadmin/phpmyadmin/commit/c274f193a1e9d27899e938995fe… Author: Pavel Rochnyack <pavel2000(a)ngs.ru> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M libraries/insert_edit.lib.php Log Message: ----------- Revert "fixed checking of user rights to make it look for database privileges" This reverts commit df137f2410c004a7dcb6ca15306018060cba76e0. Signed-off-by: Pavel Rochnyack <pavel2000(a)ngs.ru> Commit: 26c0961df664a88310ec6d706a68537bdb77b7d4 https://github.com/phpmyadmin/phpmyadmin/commit/26c0961df664a88310ec6d706a6… Author: Michal Čihař <michal(a)cihar.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M libraries/insert_edit.lib.php Log Message: ----------- Merge pull request #12460 from rpv-tomsk/revert-12274 Revert #12274 Compare: https://github.com/phpmyadmin/phpmyadmin/compare/9ee52d84f298...26c0961df664

1 0

[phpmyadmin/phpmyadmin] 16c9ee: Translated using Weblate (Russian)
by Deven Bansod 14 Aug '16

14 Aug '16

Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: 16c9eee9175f9879edb52d2e5249c6b66a4bc567 https://github.com/phpmyadmin/phpmyadmin/commit/16c9eee9175f9879edb52d2e524… Author: Alex Vega <semtiko(a)gmail.com> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M po/ru.po Log Message: ----------- Translated using Weblate (Russian) Currently translated at 97.5% (3135 of 3213 strings) [CI skip] Commit: 9fe4cbe9946c4b0b2d972c82430bf01b5650a5b0 https://github.com/phpmyadmin/phpmyadmin/commit/9fe4cbe9946c4b0b2d972c82430… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M ChangeLog M js/functions.js Log Message: ----------- Allow resizing only from bottom of the SQL Editors Also affects SQL Editors in Inline editing, Add/Edit Routines, Exporting User privileges etc. ChangeLog Entry for #12346 Fix #12346 Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com> Commit: 91a548811d214cacade645c960b8e9a5df060460 https://github.com/phpmyadmin/phpmyadmin/commit/91a548811d214cacade645c960b… Author: Dadan Setia <da2n_s(a)yahoo.co.id> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M po/id.po Log Message: ----------- Translated using Weblate (Indonesian) Currently translated at 68.9% (2216 of 3213 strings) [CI skip] Commit: ec6b67e9039fe1644132c792d3b10dbc18d19d45 https://github.com/phpmyadmin/phpmyadmin/commit/ec6b67e9039fe1644132c792d3b… Author: Burak Yavuz <hitowerdigit(a)hotmail.com> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M po/tr.po Log Message: ----------- Translated using Weblate (Turkish) Currently translated at 100.0% (3209 of 3209 strings) [CI skip] Commit: 13d341530becc6dd35fd67aaf4eb1ecdc94fa367 https://github.com/phpmyadmin/phpmyadmin/commit/13d341530becc6dd35fd67aaf4e… Author: Weblate <noreply(a)weblate.org> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M ChangeLog M js/functions.js Log Message: ----------- Merge remote-tracking branch 'origin/QA_4_6' into QA_4_6 Commit: 9ee52d84f298f7e96811184c284405a9ecdc4813 https://github.com/phpmyadmin/phpmyadmin/commit/9ee52d84f298f7e96811184c284… Author: Deven Bansod <devenbansod.bits(a)gmail.com> Date: 2016-08-14 (Sun, 14 Aug 2016) Changed paths: M ChangeLog M js/functions.js Log Message: ----------- Merge branch 'QA_4_6' Conflicts: po/id.po po/ru.po Compare: https://github.com/phpmyadmin/phpmyadmin/compare/8d57d860e17a...9ee52d84f298

1 0