Git
Threads by month
- ----- 2026 -----
- April
- March
- February
- January
- ----- 2025 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2024 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2023 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2022 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2021 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2020 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2019 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2018 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2017 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2016 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2015 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2014 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2013 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2012 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2011 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- January
- ----- 2010 -----
- December
- November
- October
- September
- August
- July
- June
- May
- April
- March
- February
- 5 participants
- 39015 discussions
Branch: refs/tags/RELEASE_4_6_5
Home: https://github.com/phpmyadmin/phpmyadmin
1
0
Branch: refs/tags/RELEASE_4_0_10_18
Home: https://github.com/phpmyadmin/phpmyadmin
1
0
Branch: refs/tags/RELEASE_4_4_15_9
Home: https://github.com/phpmyadmin/phpmyadmin
1
0
25 Nov '16
Branch: refs/heads/master
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 9dbe520e905344597554b06931bd966ce195b9dc
https://github.com/phpmyadmin/phpmyadmin/commit/9dbe520e905344597554b06931b…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/core.lib.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
Log Message:
-----------
Strip null bytes from MySQL username
In old PHP versions this could lead to allow/deny rules bypass.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: b2ea7205fbc22bdf030ccf0bc1c79fa761d44aa1
https://github.com/phpmyadmin/phpmyadmin/commit/b2ea7205fbc22bdf030ccf0bc1c…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/core.lib.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 2de86f02af17f49e22d6474542770d72dd4723b3
https://github.com/phpmyadmin/phpmyadmin/commit/2de86f02af17f49e22d64745427…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Use hash_equals for comparing username in allow/deny rules
The comparison should happen in constant time to avoid possible leak of
usernames in rules.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: c83b2b0872c035d2625f631a341cb2009ceb9d22
https://github.com/phpmyadmin/phpmyadmin/commit/c83b2b0872c035d2625f631a341…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
Log Message:
-----------
Use hash_equals for checking username
This makes the comparison happen in constant time and makes it
impossible to use it to guess stored usernames.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 61976131350eca8cbba74270a44ea7baa708259f
https://github.com/phpmyadmin/phpmyadmin/commit/61976131350eca8cbba74270a44…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/VersionInformation.php
Log Message:
-----------
Silent errors when getting remote file
- both curl and fopen wrappers can emmit errors in cases where remote
site is not accessible
- do not pass false value to json_decode
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 9816dc66af7326b65371f7d1e383b00b1b838d36
https://github.com/phpmyadmin/phpmyadmin/commit/9816dc66af7326b65371f7d1e38…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/VersionInformation.php
M libraries/ip_allow_deny.lib.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: cf83d6afbe4383e7668c1207be6d5bee0646be04
https://github.com/phpmyadmin/phpmyadmin/commit/cf83d6afbe4383e7668c1207be6…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/export.lib.php
Log Message:
-----------
Remove debugging code
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: a0ca9394a214afd15a4b883f8953b7b32f3caf04
https://github.com/phpmyadmin/phpmyadmin/commit/a0ca9394a214afd15a4b883f895…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/Error.php
M test/classes/ErrorTest.php
Log Message:
-----------
Strip path even if openbasedir restrictions apply
This really should not be the case here as what we get here is code
executed by PHP, so it should have already passed openbasedir
restrictions.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 97cfc1ebc345b1971ede90aabcceb0f7fb12a478
https://github.com/phpmyadmin/phpmyadmin/commit/97cfc1ebc345b1971ede90aabcc…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/Error.php
M libraries/export.lib.php
M test/classes/ErrorTest.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 6e3282e15856192d484f2c56a7ae83796bf2e716
https://github.com/phpmyadmin/phpmyadmin/commit/6e3282e15856192d484f2c56a7a…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M js/microhistory.js
Log Message:
-----------
Store copy of hash instead of working on live object
This avoids possible race conditions when doing the checks.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 5c78f678d00767e5c060bd1b6f1d4c220e8c38ec
https://github.com/phpmyadmin/phpmyadmin/commit/5c78f678d00767e5c060bd1b6f1…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M js/microhistory.js
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: b63bd9977c436f6ad564d429e663bb580bb4e730
https://github.com/phpmyadmin/phpmyadmin/commit/b63bd9977c436f6ad564d429e66…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/navigation/NavigationHeader.php
Log Message:
-----------
Stricter validation of NavigationLogoLink
It now has to be URL including scheme. Otherwise it's not really
possible to validate it for being just http/https.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 584d5c1726ceaedf9c264837cd8d4aa8957d7dea
https://github.com/phpmyadmin/phpmyadmin/commit/584d5c1726ceaedf9c264837cd8…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/navigation/NavigationHeader.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 3ef6201bd6d43eed7f360bb2ead22ef7c484381e
https://github.com/phpmyadmin/phpmyadmin/commit/3ef6201bd6d43eed7f360bb2ead…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M js/config.js
Log Message:
-----------
Fix hash validation
- use copy of hash to avoid race condition
- stricter regex to match whole string
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: a141028add8bb8ac2392edde82e8bc187b3cdd7c
https://github.com/phpmyadmin/phpmyadmin/commit/a141028add8bb8ac2392edde82e…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M js/config.js
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 45e33d63a252011b02b55b74432c4a90484eaa5e
https://github.com/phpmyadmin/phpmyadmin/commit/45e33d63a252011b02b55b74432…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/DbQbe.php
M libraries/SavedSearches.php
Log Message:
-----------
Limit maximal number of rows in QBE
User would be lost in them anyway by that count and it prevents DOS.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: d62494cd8c99185077f516be76093f4cb4a32837
https://github.com/phpmyadmin/phpmyadmin/commit/d62494cd8c99185077f516be760…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M ChangeLog
M libraries/core.lib.php
M po/sl.po
M setup/lib/ConfigGenerator.php
M show_config_errors.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 16da93378b69e0613dff3ba9c11872892e60811b
https://github.com/phpmyadmin/phpmyadmin/commit/16da93378b69e0613dff3ba9c11…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M ChangeLog
M libraries/core.lib.php
M po/pl.po
M po/sl.po
M setup/lib/ConfigGenerator.php
M show_config_errors.php
M test/classes/navigation/NavigationTest.php
M test/classes/navigation/NodeDatabaseChildTest.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: d3e4faded49ad73394f4d02de13b7c8583c6acd1
https://github.com/phpmyadmin/phpmyadmin/commit/d3e4faded49ad73394f4d02de13…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/DbQbe.php
M libraries/SavedSearches.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: ba82f0000c7837bd3b834b24660325652ec27675
https://github.com/phpmyadmin/phpmyadmin/commit/ba82f0000c7837bd3b834b24660…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M index.php
M js/functions.js
M libraries/Advisor.php
M libraries/Footer.php
M libraries/Util.php
M libraries/navigation/NavigationHeader.php
M libraries/plugins/auth/AuthenticationCookie.php
M test/classes/AdvisorTest.php
M test/classes/FooterTest.php
M themes.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 860ff02b07eb1332cad6c920fe5c4394280058f2
https://github.com/phpmyadmin/phpmyadmin/commit/860ff02b07eb1332cad6c920fe5…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M index.php
M js/functions.js
M libraries/Advisor.php
M libraries/Footer.php
M libraries/Util.php
M libraries/navigation/NavigationHeader.php
M libraries/plugins/auth/AuthenticationCookie.php
M test/classes/AdvisorTest.php
M test/classes/FooterTest.php
M themes.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: 895bca9a565cde0326e4caa3ab058973466a2ebb
https://github.com/phpmyadmin/phpmyadmin/commit/895bca9a565cde0326e4caa3ab0…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: d5c6801a8580f221fc64471016b06cc4dae9ffba
https://github.com/phpmyadmin/phpmyadmin/commit/d5c6801a8580f221fc64471016b…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-24 (Wed, 24 Aug 2016)
Changed paths:
M ChangeLog
M libraries/DisplayResults.php
M libraries/navigation/NavigationHeader.php
M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php
M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php
M libraries/sanitizing.lib.php
M libraries/special_schema_links.lib.php
M po/el.po
M po/ia.po
M po/pa.po
M po/pt_BR.po
M po/sl.po
M po/uk.po
M test/classes/DisplayResultsTest.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 17fee760187181980cb7d3796f749db03627c006
https://github.com/phpmyadmin/phpmyadmin/commit/17fee760187181980cb7d3796f7…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-24 (Wed, 24 Aug 2016)
Changed paths:
M ChangeLog
M libraries/DisplayResults.php
M libraries/Sanitize.php
M libraries/navigation/NavigationHeader.php
M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php
M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php
M libraries/special_schema_links.lib.php
M po/el.po
M po/ia.po
M po/pa.po
M po/pt_BR.po
M po/sl.po
M po/uk.po
M scripts/create-release.sh
M test/classes/DisplayResultsTest.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: 1b92280a4442dcc54e337bf82c6cc0f29761532c
https://github.com/phpmyadmin/phpmyadmin/commit/1b92280a4442dcc54e337bf82c6…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-24 (Wed, 24 Aug 2016)
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: c4714b003c21948e13eb0162c5c951d5e84a1c75
https://github.com/phpmyadmin/phpmyadmin/commit/c4714b003c21948e13eb0162c5c…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-24 (Wed, 24 Aug 2016)
Changed paths:
M ChangeLog
M index.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 683f78cb194dd574f1ecdebbac16ee002c5777ef
https://github.com/phpmyadmin/phpmyadmin/commit/683f78cb194dd574f1ecdebbac1…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-24 (Wed, 24 Aug 2016)
Changed paths:
M ChangeLog
M index.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: 26d3202de9cf4844efb399530e9de6387ecd3ae8
https://github.com/phpmyadmin/phpmyadmin/commit/26d3202de9cf4844efb399530e9…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-24 (Wed, 24 Aug 2016)
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 0a20356ec4110e682b5bbb219f5f08db10bc418c
https://github.com/phpmyadmin/phpmyadmin/commit/0a20356ec4110e682b5bbb219f5…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-25 (Thu, 25 Aug 2016)
Changed paths:
M ChangeLog
M js/get_image.js.php
M js/get_scripts.js.php
M js/whitelist.php
M libraries/Config.php
M libraries/Table.php
M po/pt.po
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 34f42cda69f419313024f28ab508f9a2460c25a4
https://github.com/phpmyadmin/phpmyadmin/commit/34f42cda69f419313024f28ab50…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-25 (Thu, 25 Aug 2016)
Changed paths:
M ChangeLog
M js/get_image.js.php
M js/get_scripts.js.php
M js/whitelist.php
M libraries/Config.php
M libraries/Table.php
M po/pt.po
Log Message:
-----------
Merge branch 'master' into master-security
Commit: 3171e75f72810dec5e39c96a21d7e9c8902cb7d0
https://github.com/phpmyadmin/phpmyadmin/commit/3171e75f72810dec5e39c96a21d…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-25 (Thu, 25 Aug 2016)
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 283f5d10ce65e0656f98335bd1f2767fba3be6db
https://github.com/phpmyadmin/phpmyadmin/commit/283f5d10ce65e0656f98335bd1f…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M import.php
Log Message:
-----------
Fix possible DOS on too big skip value
- loop only as long as long we have data to skip
- convert skip parameter to integer
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: dcc9f8585c49ce2258d40aea511b524488bbce05
https://github.com/phpmyadmin/phpmyadmin/commit/dcc9f8585c49ce2258d40aea511…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M .gitignore
M ChangeLog
M js/functions.js
M js/sql.js
M libraries/Advisor.php
M libraries/Linter.php
M libraries/Util.php
M libraries/common.inc.php
M libraries/dbi/DBIMysqli.php
M libraries/navigation/nodes/Node.php
M libraries/sanitizing.lib.php
M po/pt_BR.po
M templates/columns_definitions/transformation_option.phtml
M test/bootstrap-dist.php
M test/libraries/common/PMA_formatNumberByteDown_test.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 34479a9cdb7e80b5bf87bd26fa36df1b896f2db4
https://github.com/phpmyadmin/phpmyadmin/commit/34479a9cdb7e80b5bf87bd26fa3…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M .gitignore
M ChangeLog
M doc/setup.rst
M js/db_central_columns.js
M js/db_operations.js
M js/db_search.js
M js/db_structure.js
M js/db_tracking.js
M js/functions.js
M js/indexes.js
M js/navigation.js
M js/replication.js
M js/rte.js
M js/server_status_monitor.js
M js/server_variables.js
M js/sql.js
M js/tbl_operations.js
M js/tbl_relation.js
M js/tbl_select.js
M js/tbl_structure.js
M js/tbl_tracking.js
M libraries/Advisor.php
M libraries/Config.php
M libraries/LanguageManager.php
M libraries/Linter.php
M libraries/Sanitize.php
M libraries/Util.php
M libraries/VersionInformation.php
M libraries/cleanup.lib.php
M libraries/common.inc.php
M libraries/dbi/DBIMysqli.php
M libraries/error_report.lib.php
M libraries/navigation/nodes/Node.php
M logout.php
A po/ig.po
M po/pt_BR.po
M po/ru.po
M po/sk.po
M templates/columns_definitions/transformation_option.phtml
M test/bootstrap-dist.php
M test/classes/ConfigTest.php
M test/classes/SanitizeTest.php
M test/classes/UtilTest.php
M test/libraries/common/PMA_formatNumberByteDown_test.php
M view_create.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: c3328c743abd7b1ea8cbfc3b7c0ebd502a4e4100
https://github.com/phpmyadmin/phpmyadmin/commit/c3328c743abd7b1ea8cbfc3b7c0…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/Util.php
Log Message:
-----------
Silent errors when getting remote file
- both curl and fopen wrappers can emmit errors in cases where remote
site is not accessible
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: ce278cd3eb1ea042bb90dbd49c0c8d5927f1c193
https://github.com/phpmyadmin/phpmyadmin/commit/ce278cd3eb1ea042bb90dbd49c0…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M import.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 7ddcbc0de6283f42fc0592901d88ee53b457bee9
https://github.com/phpmyadmin/phpmyadmin/commit/7ddcbc0de6283f42fc0592901d8…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/tbl_partition_definition.inc.php
Log Message:
-----------
Validate (sub)partion count from request before use
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: e43170902bf69e9f73304aef10fdc422ba65161b
https://github.com/phpmyadmin/phpmyadmin/commit/e43170902bf69e9f73304aef10f…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/tbl_partition_definition.inc.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 733a5d582193d32c5435bd6324316c9da1b01678
https://github.com/phpmyadmin/phpmyadmin/commit/733a5d582193d32c5435bd63243…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/ErrorHandler.php
M libraries/Message.php
M libraries/plugins/AuthenticationPlugin.php
Log Message:
-----------
Avoid rendering BB code when showing PHP/MySQL errors
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: d01c078b7d48c8f7d4f0784cb4b04ae933a6d23b
https://github.com/phpmyadmin/phpmyadmin/commit/d01c078b7d48c8f7d4f0784cb4b…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/DatabaseInterface.php
M libraries/Error.php
M libraries/ErrorHandler.php
M libraries/session.inc.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 4c34f140779711e1511c721a262028a929a81f91
https://github.com/phpmyadmin/phpmyadmin/commit/4c34f140779711e1511c721a262…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/DatabaseInterface.php
M libraries/Error.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 50f48aa629a63d4fba81d625b179919d7093422b
https://github.com/phpmyadmin/phpmyadmin/commit/50f48aa629a63d4fba81d625b17…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/DatabaseInterface.php
M libraries/Error.php
M libraries/ErrorHandler.php
M libraries/core.lib.php
M libraries/session.inc.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: 3ba11212a3558f112d82d42d6cf305db6ef6912f
https://github.com/phpmyadmin/phpmyadmin/commit/3ba11212a3558f112d82d42d6cf…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/ErrorHandler.php
M libraries/Message.php
M libraries/plugins/AuthenticationPlugin.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: dac36c3cd889f87165ae776e3929fe9f946f67ad
https://github.com/phpmyadmin/phpmyadmin/commit/dac36c3cd889f87165ae776e392…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M index.php
M libraries/core.lib.php
M test/libraries/core/PMA_isAllowedDomain_test.php
Log Message:
-----------
Stricter URL validation
- do not use empty() as empty('0') is true
- do not lowercase the strings, use them as they are
- lowercase all domains in our codebase
- do not allow to specify port
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 9f0c4c37f3067abcaa7a40b9ef907e343ee62de4
https://github.com/phpmyadmin/phpmyadmin/commit/9f0c4c37f3067abcaa7a40b9ef9…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M test/classes/MessageTest.php
Log Message:
-----------
Fix test failures with recent changes to Message class
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 5ee95b3615e2224eddb3cc24c77b00fddb06a4b8
https://github.com/phpmyadmin/phpmyadmin/commit/5ee95b3615e2224eddb3cc24c77…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M index.php
M libraries/core.lib.php
M test/classes/MessageTest.php
M test/libraries/core/PMA_isAllowedDomain_test.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 2f2e3565ba1e85072d2c1a1f0a06b84bebce8f9f
https://github.com/phpmyadmin/phpmyadmin/commit/2f2e3565ba1e85072d2c1a1f0a0…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Use hash_equals when comparing IPv6 allow rules
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 0318a7e00265ff3b495534d21b3c8948f4407ba9
https://github.com/phpmyadmin/phpmyadmin/commit/0318a7e00265ff3b495534d21b3…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: c4613745f398f0fdd8bb238ce7f02eea58d7125d
https://github.com/phpmyadmin/phpmyadmin/commit/c4613745f398f0fdd8bb238ce7f…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M po/ru.po
M po/sk.po
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 7b0f8df58e3dbce621cf0f5285fd4cba00ad77c8
https://github.com/phpmyadmin/phpmyadmin/commit/7b0f8df58e3dbce621cf0f5285f…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M ChangeLog
M js/functions.js
M libraries/common.inc.php
M libraries/navigation/NavigationHeader.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: 1aa0256c940b6d155cd2a4218b553135094223e2
https://github.com/phpmyadmin/phpmyadmin/commit/1aa0256c940b6d155cd2a4218b5…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 3d99185919cdca3ea31caafc7421c507086bdb9c
https://github.com/phpmyadmin/phpmyadmin/commit/3d99185919cdca3ea31caafc742…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M ChangeLog
M libraries/Util.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 9ffbb90ec060177660e528e4ae7b385ff7d99166
https://github.com/phpmyadmin/phpmyadmin/commit/9ffbb90ec060177660e528e4ae7…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M ChangeLog
M libraries/Util.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: a9f6bd1a8b9661a3a99a05b7db81426a1ae0dd3a
https://github.com/phpmyadmin/phpmyadmin/commit/a9f6bd1a8b9661a3a99a05b7db8…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 2559dc3a62a416eba8284542303173127feeb767
https://github.com/phpmyadmin/phpmyadmin/commit/2559dc3a62a416eba8284542303…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-16 (Fri, 16 Sep 2016)
Changed paths:
M ChangeLog
M import.php
M js/config.js
M js/functions.js
M js/messages.php
M js/tbl_structure.js
M libraries/DatabaseInterface.php
M libraries/VersionInformation.php
M libraries/dbi/DBIDummy.php
M libraries/import.lib.php
M libraries/sanitizing.lib.php
M libraries/server_user_groups.lib.php
M libraries/sql-parser/src/Components/AlterOperation.php
M libraries/sql-parser/src/Components/CreateDefinition.php
M libraries/sql-parser/src/Components/IntoKeyword.php
M libraries/sql-parser/src/Components/OptionsArray.php
M libraries/sql-parser/src/Components/PartitionDefinition.php
M libraries/sql-parser/src/Contexts/ContextMySql50000.php
M libraries/sql-parser/src/Contexts/ContextMySql50100.php
M libraries/sql-parser/src/Contexts/ContextMySql50500.php
M libraries/sql-parser/src/Contexts/ContextMySql50600.php
M libraries/sql-parser/src/Contexts/ContextMySql50700.php
M libraries/sql-parser/src/Statement.php
M libraries/sql-parser/src/Statements/CreateStatement.php
M libraries/sql-parser/src/Statements/InsertStatement.php
M libraries/sql-parser/src/Statements/ReplaceStatement.php
M libraries/sql-parser/src/Statements/SetStatement.php
M libraries/sql-parser/src/Utils/CLI.php
M libraries/sql-parser/src/Utils/Formatter.php
M libraries/sql.lib.php
M po/az.po
M po/hu.po
M po/id.po
M po/ja.po
M po/sk.po
M po/zh_CN.po
M test/libraries/PMA_sql_test.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 809a75eb92adb62a4f90448bb750d703a14c901a
https://github.com/phpmyadmin/phpmyadmin/commit/809a75eb92adb62a4f90448bb75…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-16 (Fri, 16 Sep 2016)
Changed paths:
M .travis.yml
M ChangeLog
M doc/transformations.rst
M import.php
M js/config.js
M js/functions.js
M js/messages.php
M js/tbl_structure.js
M libraries/Sanitize.php
M libraries/SysInfoLinux.php
M libraries/Util.php
M libraries/common.inc.php
M libraries/dbi/DBIDummy.php
M libraries/import.lib.php
M libraries/plugins/schema/svg/Svg.php
M libraries/plugins/schema/svg/SvgRelationSchema.php
M libraries/server_user_groups.lib.php
M libraries/sql.lib.php
M po/az.po
M po/hu.po
M po/id.po
M po/ja.po
M po/sk.po
M po/zh_CN.po
M test/libraries/PMA_server_status_monitor_test.php
M test/libraries/PMA_server_status_queries_test.php
M test/libraries/PMA_server_status_test.php
M test/libraries/PMA_sql_test.php
M test/libraries/common/PMA_formatNumberByteDown_test.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: 19c24a8c6cd2b454e5185dda373c52fab53a5c8f
https://github.com/phpmyadmin/phpmyadmin/commit/19c24a8c6cd2b454e5185dda373…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-16 (Fri, 16 Sep 2016)
Changed paths:
M db_operations.php
M export.php
M import.php
M import_status.php
M libraries/Bookmark.php
M libraries/Config.php
M libraries/DbQbe.php
M libraries/DbSearch.php
M libraries/DisplayResults.php
M libraries/Header.php
M libraries/Index.php
M libraries/ListDatabase.php
M libraries/Menu.php
M libraries/Message.php
M libraries/Response.php
M libraries/Table.php
M libraries/URL.php
M libraries/Util.php
M libraries/controllers/server/ServerDatabasesController.php
M libraries/controllers/table/TableChartController.php
M libraries/controllers/table/TableSearchController.php
M libraries/controllers/table/TableStructureController.php
M libraries/core.lib.php
M libraries/db_common.inc.php
M libraries/db_table_exists.inc.php
M libraries/display_export.lib.php
M libraries/export.lib.php
M libraries/insert_edit.lib.php
M libraries/mult_submits.inc.php
M libraries/operations.lib.php
M libraries/plugins/ImportPlugin.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/export/ExportXml.php
M libraries/plugins/export/TableProperty.php
M libraries/plugins/import/ImportCsv.php
M libraries/plugins/import/ImportShp.php
M libraries/plugins/schema/pdf/Pdf.php
M libraries/relation.lib.php
M libraries/replication_gui.lib.php
M libraries/rte/rte_main.inc.php
M libraries/server_privileges.lib.php
M libraries/server_status_monitor.lib.php
M libraries/server_status_processes.lib.php
M libraries/sql.lib.php
M libraries/sql_query_form.lib.php
M libraries/tbl_info.inc.php
M libraries/transformations.lib.php
M sql.php
M tbl_addfield.php
M tbl_change.php
M tbl_create.php
M templates/database/structure/structure_table_row.phtml
Log Message:
-----------
Merge branch 'master' into master-security
Commit: 161e408ab760e9be8a58bfdf7ce26881a0570798
https://github.com/phpmyadmin/phpmyadmin/commit/161e408ab760e9be8a58bfdf7ce…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)
Changed paths:
M ChangeLog
M doc/setup.rst
M doc/transformations.rst
M js/common.js
M js/export.js
M js/functions.js
M js/messages.php
M js/rte.js
M js/tbl_change.js
M libraries/DatabaseInterface.php
M libraries/Table.php
M libraries/export.lib.php
M libraries/insert_edit.lib.php
M libraries/rte/rte_export.lib.php
M libraries/rte/rte_list.lib.php
M libraries/rte/rte_routines.lib.php
M libraries/rte/rte_words.lib.php
M libraries/server_privileges.lib.php
M libraries/tbl_info.inc.php
M po/de.po
M po/nl.po
M tbl_operations.php
M test/classes/TableTest.php
M test/libraries/PMA_export_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M themes/original/css/common.css.php
M themes/pmahomme/css/common.css.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 07b846f94b67d41b1ced33d8d9db0c927b99cc81
https://github.com/phpmyadmin/phpmyadmin/commit/07b846f94b67d41b1ced33d8d9d…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)
Changed paths:
M ChangeLog
M doc/setup.rst
M js/common.js
M js/export.js
M js/functions.js
M js/messages.php
M js/rte.js
M js/tbl_change.js
M libraries/DatabaseInterface.php
A libraries/OpenDocument.php
M libraries/Table.php
M libraries/export.lib.php
M libraries/insert_edit.lib.php
R libraries/opendocument.lib.php
M libraries/plugins/export/ExportOds.php
M libraries/plugins/export/ExportOdt.php
M libraries/rte/rte_export.lib.php
M libraries/rte/rte_list.lib.php
M libraries/rte/rte_routines.lib.php
M libraries/rte/rte_words.lib.php
M libraries/server_privileges.lib.php
M libraries/tbl_info.inc.php
M po/de.po
M po/nl.po
M scripts/create-release.sh
M tbl_operations.php
M test/bootstrap-dist.php
M test/classes/TableTest.php
M test/classes/plugin/export/ExportOdsTest.php
M test/classes/plugin/export/ExportOdtTest.php
M test/libraries/PMA_export_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M themes/original/css/common.css.php
M themes/pmahomme/css/common.css.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: c9d953a5ef0d1861711a1f1b0b1d60932dcd0701
https://github.com/phpmyadmin/phpmyadmin/commit/c9d953a5ef0d1861711a1f1b0b1…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: fbad6b9b4d175aa82cd35972aa2dcd9ef3ec4346
https://github.com/phpmyadmin/phpmyadmin/commit/fbad6b9b4d175aa82cd35972aa2…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)
Changed paths:
M libraries/plugins/AuthenticationPlugin.php
M libraries/plugins/auth/AuthenticationConfig.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
Log Message:
-----------
Verify value of access_time to avoid unwanted session extension
We need to ansure the access_time parameter is in valid range to avoid
possibility of remotely extending session validity.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 5a1854c2b780785ccbddb22d833888ad1780e439
https://github.com/phpmyadmin/phpmyadmin/commit/5a1854c2b780785ccbddb22d833…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)
Changed paths:
M libraries/plugins/AuthenticationPlugin.php
M libraries/plugins/auth/AuthenticationConfig.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 3df5113a8c472567308c913b8a6e68f24a6b1f57
https://github.com/phpmyadmin/phpmyadmin/commit/3df5113a8c472567308c913b8a6…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-26 (Mon, 26 Sep 2016)
Changed paths:
M ChangeLog
M doc/config.rst
M js/tbl_structure.js
M libraries/Util.php
M libraries/config.default.php
M libraries/controllers/table/TableSearchController.php
M libraries/rte/rte_routines.lib.php
M libraries/sql-parser/src/Components/OptionsArray.php
M libraries/sql-parser/src/Statements/CreateStatement.php
M libraries/sql-parser/src/Statements/InsertStatement.php
M libraries/sql-parser/src/Utils/Formatter.php
M libraries/sql.lib.php
M libraries/tbl_info.inc.php
M po/ca.po
M po/de.po
M po/ja.po
M po/ko.po
M po/pt_BR.po
M po/ru.po
M po/sl.po
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 6f8edef792e17ccb7373b679c6eaf915162925b7
https://github.com/phpmyadmin/phpmyadmin/commit/6f8edef792e17ccb7373b679c6e…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-26 (Mon, 26 Sep 2016)
Changed paths:
M ChangeLog
M doc/config.rst
M doc/setup.rst
M js/tbl_structure.js
M libraries/Util.php
M libraries/config.default.php
M libraries/controllers/table/TableSearchController.php
M libraries/navigation/NavigationTree.php
M libraries/navigation/nodes/NodeColumn.php
M libraries/navigation/nodes/NodeColumnContainer.php
M libraries/navigation/nodes/NodeDatabase.php
M libraries/navigation/nodes/NodeDatabaseContainer.php
M libraries/navigation/nodes/NodeEvent.php
M libraries/navigation/nodes/NodeEventContainer.php
M libraries/navigation/nodes/NodeFunction.php
M libraries/navigation/nodes/NodeFunctionContainer.php
M libraries/navigation/nodes/NodeIndex.php
M libraries/navigation/nodes/NodeIndexContainer.php
M libraries/navigation/nodes/NodeProcedure.php
M libraries/navigation/nodes/NodeProcedureContainer.php
M libraries/navigation/nodes/NodeTable.php
M libraries/navigation/nodes/NodeTableContainer.php
M libraries/navigation/nodes/NodeTrigger.php
M libraries/navigation/nodes/NodeTriggerContainer.php
M libraries/navigation/nodes/NodeView.php
M libraries/navigation/nodes/NodeViewContainer.php
M libraries/plugins/import/ImportShp.php
M libraries/rte/rte_routines.lib.php
M libraries/server_privileges.lib.php
M libraries/sql.lib.php
M libraries/tbl_info.inc.php
M po/ca.po
M po/de.po
M po/ja.po
M po/ko.po
M po/pt_BR.po
M po/ru.po
M po/sl.po
Log Message:
-----------
Merge branch 'master' into master-security
Commit: 26bf244264a3c5af8cdd6c7a53e2fc80c1c9cda1
https://github.com/phpmyadmin/phpmyadmin/commit/26bf244264a3c5af8cdd6c7a53e…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-26 (Mon, 26 Sep 2016)
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: f87358dff730e7a5ada13922108151a9eee107cf
https://github.com/phpmyadmin/phpmyadmin/commit/f87358dff730e7a5ada13922108…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-02 (Sun, 02 Oct 2016)
Changed paths:
M prefs_manage.php
Log Message:
-----------
Don't assume the default arg_separator in URL
Respect the value for arg_separator.input too.
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: 17b34be04f5cc2a5f83d73eba7cd41cbc3ebb7b2
https://github.com/phpmyadmin/phpmyadmin/commit/17b34be04f5cc2a5f83d73eba7c…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M libraries/core.lib.php
M test/libraries/core/PMA_safeUnserialize_test.php
Log Message:
-----------
Correctly parse string length when checking serialized data
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: ad39140c8691cdaee2607b593d2b8755298dff1e
https://github.com/phpmyadmin/phpmyadmin/commit/ad39140c8691cdaee2607b593d2…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M libraries/core.lib.php
M test/libraries/core/PMA_safeUnserialize_test.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: a7a541347b5f5037207a01a2a20a8c13076efce8
https://github.com/phpmyadmin/phpmyadmin/commit/a7a541347b5f5037207a01a2a20…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M prefs_manage.php
Log Message:
-----------
Merge branch 'QA_4_6-security' of github.com:phpmyadmin/phpmyadmin-security into QA_4_6-security
Commit: 69951525318b246193d82ad7e101748a24a18e93
https://github.com/phpmyadmin/phpmyadmin/commit/69951525318b246193d82ad7e10…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M ChangeLog
M doc/config.rst
M import.php
M js/codemirror/addon/lint/sql-lint.js
M libraries/Config.php
M libraries/Util.php
M libraries/server_privileges.lib.php
M libraries/sql-parser/src/Component.php
M libraries/sql-parser/src/Components/AlterOperation.php
M libraries/sql-parser/src/Components/Array2d.php
M libraries/sql-parser/src/Components/ArrayObj.php
A libraries/sql-parser/src/Components/CaseExpression.php
M libraries/sql-parser/src/Components/Condition.php
M libraries/sql-parser/src/Components/CreateDefinition.php
M libraries/sql-parser/src/Components/DataType.php
M libraries/sql-parser/src/Components/Expression.php
M libraries/sql-parser/src/Components/ExpressionArray.php
M libraries/sql-parser/src/Components/FunctionCall.php
M libraries/sql-parser/src/Components/IntoKeyword.php
M libraries/sql-parser/src/Components/JoinKeyword.php
M libraries/sql-parser/src/Components/Key.php
M libraries/sql-parser/src/Components/Limit.php
M libraries/sql-parser/src/Components/OptionsArray.php
M libraries/sql-parser/src/Components/OrderKeyword.php
M libraries/sql-parser/src/Components/ParameterDefinition.php
M libraries/sql-parser/src/Components/PartitionDefinition.php
M libraries/sql-parser/src/Components/Reference.php
M libraries/sql-parser/src/Components/RenameOperation.php
M libraries/sql-parser/src/Components/SetOperation.php
M libraries/sql-parser/src/Components/UnionKeyword.php
M libraries/sql-parser/src/Context.php
M libraries/sql-parser/src/Contexts/ContextMySql50000.php
M libraries/sql-parser/src/Contexts/ContextMySql50100.php
M libraries/sql-parser/src/Contexts/ContextMySql50500.php
M libraries/sql-parser/src/Contexts/ContextMySql50600.php
M libraries/sql-parser/src/Contexts/ContextMySql50700.php
M libraries/sql-parser/src/Exceptions/LexerException.php
M libraries/sql-parser/src/Exceptions/ParserException.php
M libraries/sql-parser/src/Lexer.php
M libraries/sql-parser/src/Parser.php
M libraries/sql-parser/src/Statement.php
M libraries/sql-parser/src/Statements/AlterStatement.php
M libraries/sql-parser/src/Statements/AnalyzeStatement.php
M libraries/sql-parser/src/Statements/BackupStatement.php
M libraries/sql-parser/src/Statements/CallStatement.php
M libraries/sql-parser/src/Statements/CheckStatement.php
M libraries/sql-parser/src/Statements/ChecksumStatement.php
M libraries/sql-parser/src/Statements/CreateStatement.php
M libraries/sql-parser/src/Statements/DeleteStatement.php
M libraries/sql-parser/src/Statements/DropStatement.php
M libraries/sql-parser/src/Statements/ExplainStatement.php
M libraries/sql-parser/src/Statements/InsertStatement.php
M libraries/sql-parser/src/Statements/MaintenanceStatement.php
M libraries/sql-parser/src/Statements/NotImplementedStatement.php
M libraries/sql-parser/src/Statements/OptimizeStatement.php
M libraries/sql-parser/src/Statements/RenameStatement.php
M libraries/sql-parser/src/Statements/RepairStatement.php
M libraries/sql-parser/src/Statements/ReplaceStatement.php
M libraries/sql-parser/src/Statements/RestoreStatement.php
M libraries/sql-parser/src/Statements/SelectStatement.php
M libraries/sql-parser/src/Statements/SetStatement.php
M libraries/sql-parser/src/Statements/ShowStatement.php
M libraries/sql-parser/src/Statements/TransactionStatement.php
M libraries/sql-parser/src/Statements/TruncateStatement.php
M libraries/sql-parser/src/Statements/UpdateStatement.php
M libraries/sql-parser/src/Token.php
M libraries/sql-parser/src/TokensList.php
M libraries/sql-parser/src/UtfString.php
M libraries/sql-parser/src/Utils/BufferedQuery.php
M libraries/sql-parser/src/Utils/CLI.php
M libraries/sql-parser/src/Utils/Error.php
M libraries/sql-parser/src/Utils/Formatter.php
M libraries/sql-parser/src/Utils/Misc.php
M libraries/sql-parser/src/Utils/Query.php
M libraries/sql-parser/src/Utils/Routine.php
M libraries/sql-parser/src/Utils/Table.php
M libraries/sql-parser/src/Utils/Tokens.php
M libraries/sql.lib.php
M po/id.po
M po/mk.po
M po/sk.po
M po/zh_CN.po
R scripts/remove_control_m.sh
R scripts/revision-info
M server_privileges.php
M tbl_export.php
M themes/original/css/common.css.php
M themes/pmahomme/css/common.css.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: d753aaaa9b9030c7088e53cb1bbd0c5a2697974a
https://github.com/phpmyadmin/phpmyadmin/commit/d753aaaa9b9030c7088e53cb1bb…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M .travis.yml
M ChangeLog
M doc/config.rst
M doc/setup.rst
M import.php
M js/codemirror/addon/lint/sql-lint.js
M libraries/Config.php
M libraries/DatabaseInterface.php
M libraries/Header.php
M libraries/Util.php
M libraries/advisor.lib.php
M libraries/controllers/server/ServerVariablesController.php
M libraries/dbi/DBIDummy.php
M libraries/dbi/DBIExtension.php
M libraries/dbi/DBIMysql.php
M libraries/dbi/DBIMysqli.php
M libraries/error.inc.php
M libraries/gis/GISPolygon.php
M libraries/import.lib.php
M libraries/insert_edit.lib.php
M libraries/ip_allow_deny.lib.php
M libraries/navigation/NavigationTree.php
M libraries/server_privileges.lib.php
M libraries/sql.lib.php
M po/id.po
M po/mk.po
M po/sk.po
M po/zh_CN.po
R scripts/remove_control_m.sh
R scripts/revision-info
M server_privileges.php
M tbl_export.php
M test/classes/ConfigTest.php
R test/libraries/common/PMA_pow_test.php
M themes/original/css/common.css.php
M themes/pmahomme/css/common.css.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: 01f7b3c134ef4728501a363554187c4f83e2e519
https://github.com/phpmyadmin/phpmyadmin/commit/01f7b3c134ef4728501a3635541…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M prefs_manage.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 3b8fc504d2a3c1da692cfe703d43d6d81cdc5778
https://github.com/phpmyadmin/phpmyadmin/commit/3b8fc504d2a3c1da692cfe703d4…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-11 (Tue, 11 Oct 2016)
Changed paths:
M libraries/tracking.lib.php
Log Message:
-----------
Manage new-lines and extra whitespaces properly
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: d74714c45ec246d179aa4b19d81c30903cdff876
https://github.com/phpmyadmin/phpmyadmin/commit/d74714c45ec246d179aa4b19d81…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-11 (Tue, 11 Oct 2016)
Changed paths:
M libraries/Tracker.php
Log Message:
-----------
Manage new-lines and extra whitespaces properly
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: 47078395c2aea3d63f1b72d2d26afbd85e2f12f5
https://github.com/phpmyadmin/phpmyadmin/commit/47078395c2aea3d63f1b72d2d26…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-24 (Mon, 24 Oct 2016)
Changed paths:
M ChangeLog
M README.rst
M doc/setup.rst
M index.php
M js/console.js
M js/pmd/move.js
M js/tbl_change.js
M libraries/Advisor.php
M libraries/Table.php
M libraries/common.inc.php
M libraries/config/ConfigFile.php
M libraries/config/Validator.php
M libraries/plugins/export/ExportSql.php
M libraries/relation.lib.php
M libraries/replication.inc.php
M libraries/server_privileges.lib.php
M libraries/sql.lib.php
M po/af.po
M po/ar.po
M po/az.po
M po/be.po
M po/be(a)latin.po
M po/bg.po
M po/bn.po
M po/br.po
M po/brx.po
M po/bs.po
M po/ca.po
M po/ckb.po
M po/cs.po
M po/cy.po
M po/da.po
M po/de.po
M po/el.po
M po/en_GB.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fa.po
M po/fi.po
M po/fr.po
M po/fy.po
M po/gl.po
M po/gu.po
M po/he.po
M po/hi.po
M po/hr.po
M po/hu.po
M po/hy.po
M po/ia.po
M po/id.po
M po/it.po
M po/ja.po
M po/ka.po
M po/kk.po
M po/km.po
M po/kn.po
M po/ko.po
M po/ksh.po
M po/ky.po
M po/li.po
M po/lt.po
M po/lv.po
M po/mk.po
M po/ml.po
M po/mn.po
M po/ms.po
M po/nb.po
M po/ne.po
M po/nl.po
M po/pa.po
M po/phpmyadmin.pot
M po/pl.po
M po/pt.po
M po/pt_BR.po
M po/ro.po
M po/ru.po
M po/si.po
M po/sk.po
M po/sl.po
M po/sq.po
M po/sr.po
M po/sr(a)latin.po
M po/sv.po
M po/ta.po
M po/te.po
M po/th.po
M po/tk.po
M po/tr.po
M po/tt.po
M po/ug.po
M po/uk.po
M po/ur.po
M po/uz.po
M po/uz(a)latin.po
M po/vi.po
M po/vls.po
M po/zh_CN.po
M po/zh_TW.po
M prefs_manage.php
M server_replication.php
M tbl_export.php
M tbl_operations.php
M test/classes/TableTest.php
M test/classes/config/ConfigFileTest.php
M test/classes/plugin/export/ExportSqlTest.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 2ed64c3c6a02cc2d72d7d4e27be8b8b07cc92c13
https://github.com/phpmyadmin/phpmyadmin/commit/2ed64c3c6a02cc2d72d7d4e27be…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-24 (Mon, 24 Oct 2016)
Changed paths:
M .travis.yml
M ChangeLog
M README.rst
M composer.json
M doc/_ext/configext.py
M doc/charts.rst
M doc/config.rst
M doc/faq.rst
M doc/glossary.rst
M doc/require.rst
M doc/setup.rst
M doc/transformations.rst
M index.php
M js/console.js
M js/pmd/move.js
M js/tbl_change.js
M libraries/Advisor.php
M libraries/DbList.php
M libraries/Table.php
M libraries/Theme.php
M libraries/Util.php
M libraries/common.inc.php
M libraries/config.default.php
M libraries/config/ConfigFile.php
M libraries/config/Validator.php
M libraries/config/messages.inc.php
M libraries/config/setup.forms.php
M libraries/core.lib.php
M libraries/error.inc.php
M libraries/ip_allow_deny.lib.php
M libraries/plugins/export/ExportPhparray.php
M libraries/plugins/export/ExportSql.php
M libraries/plugins/schema/dia/Dia.php
M libraries/plugins/schema/eps/Eps.php
M libraries/plugins/schema/svg/Svg.php
M libraries/plugins/transformations/TEMPLATE_ABSTRACT
M libraries/relation.lib.php
M libraries/select_server.lib.php
M libraries/server_privileges.lib.php
M libraries/session.inc.php
M libraries/sql.lib.php
M po/af.po
M po/ar.po
M po/az.po
M po/be.po
M po/be(a)latin.po
M po/bg.po
M po/bn.po
M po/br.po
M po/brx.po
M po/bs.po
M po/ca.po
M po/ckb.po
M po/cs.po
M po/cy.po
M po/da.po
M po/de.po
M po/el.po
M po/en_GB.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fa.po
M po/fi.po
M po/fil.po
M po/fr.po
M po/fy.po
M po/gl.po
M po/gu.po
M po/he.po
M po/hi.po
M po/hr.po
M po/hu.po
M po/hy.po
M po/ia.po
M po/id.po
M po/ig.po
M po/it.po
M po/ja.po
M po/ka.po
M po/kab.po
M po/kk.po
M po/km.po
M po/kn.po
M po/ko.po
M po/ksh.po
M po/ky.po
M po/li.po
M po/lt.po
M po/lv.po
M po/mk.po
M po/ml.po
M po/mn.po
M po/ms.po
M po/nb.po
M po/ne.po
M po/nl.po
M po/pa.po
M po/phpmyadmin.pot
M po/pl.po
M po/pt.po
M po/pt_BR.po
M po/ro.po
M po/ru.po
M po/si.po
M po/sk.po
M po/sl.po
M po/sq.po
M po/sr.po
M po/sr(a)latin.po
M po/sv.po
M po/ta.po
M po/te.po
M po/th.po
M po/tk.po
M po/tr.po
M po/tt.po
M po/ug.po
M po/uk.po
M po/ur.po
M po/uz.po
M po/uz(a)latin.po
M po/vi.po
M po/vls.po
M po/zh_CN.po
M po/zh_TW.po
M prefs_manage.php
M scripts/create-release.sh
M server_replication.php
M tbl_export.php
M tbl_operations.php
M test/bootstrap-dist.php
A test/ci-docs
A test/ci-install-docs
M test/ci-install-selenium
M test/ci-install-test
M test/classes/TableTest.php
M test/classes/config/ConfigFileTest.php
M test/classes/plugin/export/ExportSqlTest.php
M test/install-runkit
M test/libraries/common/PMA_showPHPDocu_test.php
M test/libraries/core/PMA_getLinks_test.php
R themes/sprites.css.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: fa45c8191e0d5507e32a8a6eab53e77a59759a75
https://github.com/phpmyadmin/phpmyadmin/commit/fa45c8191e0d5507e32a8a6eab5…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-24 (Mon, 24 Oct 2016)
Changed paths:
M libraries/Tracker.php
M libraries/tracking.lib.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: b31c304459c5da18db59f55d1a2c8c77fed74d1f
https://github.com/phpmyadmin/phpmyadmin/commit/b31c304459c5da18db59f55d1a2…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-25 (Tue, 25 Oct 2016)
Changed paths:
M ChangeLog
M js/console.js
M js/functions.js
M js/messages.php
M js/pmd/move.js
M js/tbl_change.js
M libraries/DisplayResults.php
M libraries/Table.php
M libraries/sql-parser/src/Components/CreateDefinition.php
M libraries/sql-parser/src/Components/Expression.php
M libraries/sql-parser/src/Components/JoinKeyword.php
M libraries/sql-parser/src/Context.php
M libraries/sql-parser/src/Contexts/ContextMySql50000.php
M libraries/sql-parser/src/Contexts/ContextMySql50100.php
M libraries/sql-parser/src/Contexts/ContextMySql50500.php
M libraries/sql-parser/src/Contexts/ContextMySql50600.php
M libraries/sql-parser/src/Contexts/ContextMySql50700.php
M libraries/sql-parser/src/Lexer.php
M libraries/sql-parser/src/Parser.php
M libraries/sql-parser/src/Statements/SelectStatement.php
M libraries/sql-parser/src/Token.php
R phpdox.xml
M po/sl.po
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: ed640a4f2cb32e84548d69a82784f09d206b4f08
https://github.com/phpmyadmin/phpmyadmin/commit/ed640a4f2cb32e84548d69a8278…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-25 (Tue, 25 Oct 2016)
Changed paths:
M ChangeLog
M js/console.js
M js/functions.js
M js/messages.php
M js/pmd/move.js
M js/tbl_change.js
M libraries/DisplayResults.php
M libraries/Table.php
R phpdox.xml
M themes/original/css/common.css.php
M themes/pmahomme/css/common.css.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: a8119c4db14a8190aa2d879b31f3a9558516bcb4
https://github.com/phpmyadmin/phpmyadmin/commit/a8119c4db14a8190aa2d879b31f…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-25 (Tue, 25 Oct 2016)
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 8119464150081bcc18641281d62991bdff5feff7
https://github.com/phpmyadmin/phpmyadmin/commit/8119464150081bcc18641281d62…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-11-08 (Tue, 08 Nov 2016)
Changed paths:
M libraries/core.lib.php
M test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message:
-----------
Handle multiple `:p` while sanitizing MySQL hosts
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: cad75c95c43f9f4b7fd607abc65a68d2134d756d
https://github.com/phpmyadmin/phpmyadmin/commit/cad75c95c43f9f4b7fd607abc65…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-11-08 (Tue, 08 Nov 2016)
Changed paths:
M libraries/core.lib.php
M test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 636a38cf8a3572219c84e893ca5061eafffad7c5
https://github.com/phpmyadmin/phpmyadmin/commit/636a38cf8a3572219c84e893ca5…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-11-08 (Tue, 08 Nov 2016)
Changed paths:
M ChangeLog
M doc/faq.rst
M js/functions.js
M js/makegrid.js
M js/messages.php
M js/tbl_change.js
M libraries/Footer.php
M libraries/Table.php
M libraries/pmd_common.php
M po/af.po
M po/ar.po
M po/az.po
M po/be.po
M po/be(a)latin.po
M po/bg.po
M po/bn.po
M po/br.po
M po/brx.po
M po/bs.po
M po/ca.po
M po/ckb.po
M po/cs.po
M po/cy.po
M po/da.po
M po/de.po
M po/el.po
M po/en_GB.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fa.po
M po/fi.po
M po/fr.po
M po/fy.po
M po/gl.po
M po/gu.po
M po/he.po
M po/hi.po
M po/hr.po
M po/hu.po
M po/hy.po
M po/ia.po
M po/id.po
M po/it.po
M po/ja.po
M po/ka.po
M po/kk.po
M po/km.po
M po/kn.po
M po/ko.po
M po/ksh.po
M po/ky.po
M po/li.po
M po/lt.po
M po/lv.po
M po/mk.po
M po/ml.po
M po/mn.po
M po/ms.po
M po/nb.po
M po/ne.po
M po/nl.po
M po/pa.po
M po/phpmyadmin.pot
M po/pl.po
M po/pt.po
M po/pt_BR.po
M po/ro.po
M po/ru.po
M po/si.po
M po/sk.po
M po/sl.po
M po/sq.po
M po/sr.po
M po/sr(a)latin.po
M po/sv.po
M po/ta.po
M po/te.po
M po/th.po
M po/tk.po
M po/tr.po
M po/tt.po
M po/ug.po
M po/uk.po
M po/ur.po
M po/uz.po
M po/uz(a)latin.po
M po/vi.po
M po/vls.po
M po/zh_CN.po
M po/zh_TW.po
M templates/table/relation/common_form.phtml
M templates/table/relation/foreign_key_row.phtml
M test/classes/TableTest.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: daae30499fbd0d9581304e4b4cdf2fd2c36ce84b
https://github.com/phpmyadmin/phpmyadmin/commit/daae30499fbd0d9581304e4b4cd…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-11-08 (Tue, 08 Nov 2016)
Changed paths:
M ChangeLog
M doc/faq.rst
M import.php
M index.php
M js/functions.js
M js/makegrid.js
M js/messages.php
M js/tbl_change.js
M libraries/Footer.php
M libraries/LanguageManager.php
M libraries/Table.php
R libraries/cleanup.lib.php
R libraries/display_select_lang.lib.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/pmd_common.php
M po/af.po
M po/ar.po
M po/az.po
M po/be.po
M po/be(a)latin.po
M po/bg.po
M po/bn.po
M po/br.po
M po/brx.po
M po/bs.po
M po/ca.po
M po/ckb.po
M po/cs.po
M po/cy.po
M po/da.po
M po/de.po
M po/el.po
M po/en_GB.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fa.po
M po/fi.po
M po/fil.po
M po/fr.po
M po/fy.po
M po/gl.po
M po/gu.po
M po/he.po
M po/hi.po
M po/hr.po
M po/hu.po
M po/hy.po
M po/ia.po
M po/id.po
M po/ig.po
M po/it.po
M po/ja.po
M po/ka.po
M po/kab.po
M po/kk.po
M po/km.po
M po/kn.po
M po/ko.po
M po/ksh.po
M po/ky.po
M po/li.po
M po/lt.po
M po/lv.po
M po/mk.po
M po/ml.po
M po/mn.po
M po/ms.po
M po/nb.po
M po/ne.po
M po/nl.po
M po/pa.po
M po/phpmyadmin.pot
M po/pl.po
M po/pt.po
M po/pt_BR.po
M po/ro.po
M po/ru.po
M po/si.po
M po/sk.po
M po/sl.po
M po/sq.po
M po/sr.po
M po/sr(a)latin.po
M po/sv.po
M po/ta.po
M po/te.po
M po/th.po
M po/tk.po
M po/tr.po
M po/tt.po
M po/ug.po
M po/uk.po
M po/ur.po
M po/uz.po
M po/uz(a)latin.po
M po/vi.po
M po/vls.po
M po/zh_CN.po
M po/zh_TW.po
A templates/select_lang.phtml
M templates/table/relation/common_form.phtml
M templates/table/relation/foreign_key_row.phtml
M test/classes/TableTest.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: e169fb86e0d69d4f86e0461d4280ecd0343cbb1c
https://github.com/phpmyadmin/phpmyadmin/commit/e169fb86e0d69d4f86e0461d428…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-11-08 (Tue, 08 Nov 2016)
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 970de0ac7abe8a4d81333dac3329720f4263654a
https://github.com/phpmyadmin/phpmyadmin/commit/970de0ac7abe8a4d81333dac332…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-11-10 (Thu, 10 Nov 2016)
Changed paths:
M ChangeLog
M browse_foreigners.php
M db_operations.php
M db_tracking.php
M import.php
M js/pmd/history.js
M libraries/DatabaseInterface.php
M libraries/DbSearch.php
M libraries/DisplayResults.php
M libraries/Menu.php
M libraries/Partition.php
M libraries/RecentFavoriteTable.php
M libraries/SavedSearches.php
M libraries/SystemDatabase.php
M libraries/Table.php
M libraries/Tracker.php
M libraries/Util.php
M libraries/bookmark.lib.php
M libraries/central_columns.lib.php
M libraries/common.inc.php
M libraries/controllers/server/ServerVariablesController.php
M libraries/controllers/table/TableSearchController.php
M libraries/controllers/table/TableStructureController.php
M libraries/create_addfield.lib.php
M libraries/db_designer.lib.php
M libraries/db_table_exists.lib.php
M libraries/dbi/DBIDummy.php
M libraries/dbi/DBIExtension.php
M libraries/dbi/DBIMysql.php
M libraries/dbi/DBIMysqli.php
M libraries/display_export.lib.php
M libraries/export.lib.php
M libraries/import.lib.php
M libraries/insert_edit.lib.php
M libraries/mysql_charsets.lib.php
M libraries/navigation/Navigation.php
M libraries/navigation/NavigationTree.php
M libraries/navigation/nodes/Node.php
M libraries/navigation/nodes/NodeDatabase.php
M libraries/navigation/nodes/NodeTable.php
M libraries/operations.lib.php
M libraries/plugins/export/ExportSql.php
M libraries/plugins/export/ExportXml.php
M libraries/plugins/import/ImportCsv.php
M libraries/plugins/import/ImportLdi.php
M libraries/plugins/schema/pdf/Pdf.php
M libraries/pmd_common.php
M libraries/relation.lib.php
M libraries/relation_cleanup.lib.php
M libraries/replication.inc.php
M libraries/replication_gui.lib.php
M libraries/rte/rte_events.lib.php
M libraries/rte/rte_list.lib.php
M libraries/rte/rte_routines.lib.php
M libraries/rte/rte_triggers.lib.php
M libraries/rte/rte_words.lib.php
M libraries/server_privileges.lib.php
M libraries/server_status_monitor.lib.php
M libraries/server_user_groups.lib.php
M libraries/sql-parser/src/Components/CreateDefinition.php
M libraries/sql-parser/src/Parser.php
M libraries/sql-parser/src/Statement.php
M libraries/sql-parser/src/Utils/Query.php
M libraries/sql.lib.php
M libraries/tracking.lib.php
M libraries/transformations.lib.php
M libraries/user_preferences.lib.php
M phpunit.xml.dist
M po/af.po
M po/ar.po
M po/az.po
M po/be.po
M po/be(a)latin.po
M po/bg.po
M po/bn.po
M po/br.po
M po/brx.po
M po/bs.po
M po/ca.po
M po/ckb.po
M po/cs.po
M po/cy.po
M po/da.po
M po/de.po
M po/el.po
M po/en_GB.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fa.po
M po/fi.po
M po/fr.po
M po/fy.po
M po/gl.po
M po/gu.po
M po/he.po
M po/hi.po
M po/hr.po
M po/hu.po
M po/hy.po
M po/ia.po
M po/id.po
M po/it.po
M po/ja.po
M po/ka.po
M po/kk.po
M po/km.po
M po/kn.po
M po/ko.po
M po/ksh.po
M po/ky.po
M po/li.po
M po/lt.po
M po/lv.po
M po/mk.po
M po/ml.po
M po/mn.po
M po/ms.po
M po/nb.po
M po/ne.po
M po/nl.po
M po/pa.po
M po/phpmyadmin.pot
M po/pl.po
M po/pt.po
M po/pt_BR.po
M po/ro.po
M po/ru.po
M po/si.po
M po/sk.po
M po/sl.po
M po/sq.po
M po/sr.po
M po/sr(a)latin.po
M po/sv.po
M po/ta.po
M po/te.po
M po/th.po
M po/tk.po
M po/tr.po
M po/tt.po
M po/ug.po
M po/uk.po
M po/ur.po
M po/uz.po
M po/uz(a)latin.po
M po/vi.po
M po/vls.po
M po/zh_CN.po
M po/zh_TW.po
M test/classes/DbSearchTest.php
M test/classes/TableTest.php
M test/classes/ThemeManagerTest.php
M test/classes/TrackerTest.php
M test/classes/controllers/TableSearchControllerTest.php
M test/classes/navigation/NavigationTest.php
M test/classes/navigation/NodeTest.php
M test/classes/plugin/export/ExportHtmlwordTest.php
M test/classes/plugin/export/ExportLatexTest.php
M test/classes/plugin/export/ExportOdsTest.php
M test/classes/plugin/export/ExportOdtTest.php
M test/classes/plugin/export/ExportSqlTest.php
M test/classes/plugin/export/ExportTexytextTest.php
M test/classes/plugin/export/ExportXmlTest.php
M test/classes/plugin/import/ImportLdiTest.php
M test/classes/plugin/import/ImportOdsTest.php
M test/libraries/PMA_PMD_common_test.php
M test/libraries/PMA_central_columns_test.php
M test/libraries/PMA_designer_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_server_user_groups_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_quoting_slashing_test.php
M test/libraries/rte/PMA_EVN_getQueryFromRequest_test.php
M test/libraries/rte/PMA_RTN_getQueryFromRequest_test.php
M user_password.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: df0d8a06d3b74056f0c25d776aef3e8040c730d4
https://github.com/phpmyadmin/phpmyadmin/commit/df0d8a06d3b74056f0c25d776ae…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-11-10 (Thu, 10 Nov 2016)
Changed paths:
M ChangeLog
M browse_foreigners.php
M db_operations.php
M db_tracking.php
M doc/setup.rst
M import.php
M js/functions.js
M js/messages.php
M js/pmd/history.js
M js/server_privileges.js
A js/zxcvbn.js
M libraries/Bookmark.php
M libraries/DatabaseInterface.php
M libraries/DbSearch.php
M libraries/DisplayResults.php
M libraries/Header.php
M libraries/Menu.php
M libraries/Partition.php
M libraries/RecentFavoriteTable.php
M libraries/SavedSearches.php
M libraries/SystemDatabase.php
M libraries/Table.php
M libraries/Tracker.php
M libraries/Util.php
M libraries/central_columns.lib.php
M libraries/common.inc.php
M libraries/controllers/server/ServerVariablesController.php
M libraries/controllers/table/TableSearchController.php
M libraries/controllers/table/TableStructureController.php
M libraries/create_addfield.lib.php
M libraries/db_designer.lib.php
M libraries/db_table_exists.inc.php
M libraries/dbi/DBIDummy.php
M libraries/dbi/DBIExtension.php
M libraries/dbi/DBIMysql.php
M libraries/dbi/DBIMysqli.php
M libraries/display_change_password.lib.php
M libraries/display_export.lib.php
M libraries/export.lib.php
M libraries/import.lib.php
M libraries/insert_edit.lib.php
M libraries/navigation/Navigation.php
M libraries/navigation/NavigationTree.php
M libraries/navigation/nodes/Node.php
M libraries/navigation/nodes/NodeDatabase.php
M libraries/navigation/nodes/NodeTable.php
M libraries/operations.lib.php
M libraries/plugins/export/ExportSql.php
M libraries/plugins/export/ExportXml.php
M libraries/plugins/import/ImportCsv.php
M libraries/plugins/import/ImportLdi.php
M libraries/plugins/schema/pdf/Pdf.php
M libraries/pmd_common.php
M libraries/relation.lib.php
M libraries/relation_cleanup.lib.php
M libraries/replication.inc.php
M libraries/replication_gui.lib.php
M libraries/rte/rte_events.lib.php
M libraries/rte/rte_list.lib.php
M libraries/rte/rte_routines.lib.php
M libraries/rte/rte_triggers.lib.php
M libraries/rte/rte_words.lib.php
M libraries/server_privileges.lib.php
M libraries/server_status_monitor.lib.php
M libraries/server_user_groups.lib.php
M libraries/tracking.lib.php
M libraries/transformations.lib.php
M libraries/user_preferences.lib.php
M phpunit.xml.dist
M po/af.po
M po/ar.po
M po/az.po
M po/be.po
M po/be(a)latin.po
M po/bg.po
M po/bn.po
M po/br.po
M po/brx.po
M po/bs.po
M po/ca.po
M po/ckb.po
M po/cs.po
M po/cy.po
M po/da.po
M po/de.po
M po/el.po
M po/en_GB.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fa.po
M po/fi.po
M po/fil.po
M po/fr.po
M po/fy.po
M po/gl.po
M po/gu.po
M po/he.po
M po/hi.po
M po/hr.po
M po/hu.po
M po/hy.po
M po/ia.po
M po/id.po
M po/ig.po
M po/it.po
M po/ja.po
M po/ka.po
M po/kab.po
M po/kk.po
M po/km.po
M po/kn.po
M po/ko.po
M po/ksh.po
M po/ky.po
M po/li.po
M po/lt.po
M po/lv.po
M po/mk.po
M po/ml.po
M po/mn.po
M po/ms.po
M po/nb.po
M po/ne.po
M po/nl.po
M po/pa.po
M po/phpmyadmin.pot
M po/pl.po
M po/pt.po
M po/pt_BR.po
M po/ro.po
M po/ru.po
M po/si.po
M po/sk.po
M po/sl.po
M po/sq.po
M po/sr.po
M po/sr(a)latin.po
M po/sv.po
M po/ta.po
M po/te.po
M po/th.po
M po/tk.po
M po/tr.po
M po/tt.po
M po/ug.po
M po/uk.po
M po/ur.po
M po/uz.po
M po/uz(a)latin.po
M po/vi.po
M po/vls.po
M po/zh_CN.po
M po/zh_TW.po
M server_privileges.php
M sql/create_tables.sql
A sql/upgrade_tables_4_7_0+.sql
M templates/table/search/rows_normal.phtml
M templates/table/search/rows_zoom.phtml
M test/classes/DbSearchTest.php
M test/classes/TableTest.php
M test/classes/ThemeManagerTest.php
M test/classes/TrackerTest.php
M test/classes/controllers/TableSearchControllerTest.php
M test/classes/navigation/NavigationTest.php
M test/classes/navigation/NodeTest.php
M test/classes/plugin/export/ExportHtmlwordTest.php
M test/classes/plugin/export/ExportLatexTest.php
M test/classes/plugin/export/ExportOdsTest.php
M test/classes/plugin/export/ExportOdtTest.php
M test/classes/plugin/export/ExportSqlTest.php
M test/classes/plugin/export/ExportTexytextTest.php
M test/classes/plugin/export/ExportXmlTest.php
M test/classes/plugin/import/ImportLdiTest.php
M test/classes/plugin/import/ImportOdsTest.php
M test/libraries/PMA_PMD_common_test.php
M test/libraries/PMA_central_columns_test.php
M test/libraries/PMA_designer_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_server_user_groups_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_quoting_slashing_test.php
M test/libraries/rte/PMA_EVN_getQueryFromRequest_test.php
M test/libraries/rte/PMA_RTN_getQueryFromRequest_test.php
M themes/pmahomme/css/common.css.php
M user_password.php
Log Message:
-----------
Merge branch 'master' into master-security
Commit: cf782b9ef321cc6e69f2fa109c1e8551a1a07c1f
https://github.com/phpmyadmin/phpmyadmin/commit/cf782b9ef321cc6e69f2fa109c1…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-11-10 (Thu, 10 Nov 2016)
Log Message:
-----------
Merge branch 'QA_4_6-security' into master-security
Commit: 1f24e5c7556ca3308114d7233d48e5a5851d93cd
https://github.com/phpmyadmin/phpmyadmin/commit/1f24e5c7556ca3308114d7233d4…
Author: Isaac Bennetch <bennetch(a)gmail.com>
Date: 2016-11-25 (Fri, 25 Nov 2016)
Changed paths:
M import.php
M index.php
M js/config.js
M js/microhistory.js
M libraries/DbQbe.php
M libraries/Error.php
M libraries/ErrorHandler.php
M libraries/Message.php
M libraries/SavedSearches.php
M libraries/Tracker.php
M libraries/Util.php
M libraries/core.lib.php
M libraries/export.lib.php
M libraries/ip_allow_deny.lib.php
M libraries/plugins/AuthenticationPlugin.php
M libraries/plugins/auth/AuthenticationConfig.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
M libraries/tbl_partition_definition.inc.php
M libraries/tracking.lib.php
M prefs_manage.php
M test/classes/ErrorTest.php
M test/classes/MessageTest.php
M test/libraries/core/PMA_isAllowedDomain_test.php
M test/libraries/core/PMA_safeUnserialize_test.php
M test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message:
-----------
Merge branch 'master-security'
Commit: fb161a7bebe60d902f743227158eca6a9889c472
https://github.com/phpmyadmin/phpmyadmin/commit/fb161a7bebe60d902f743227158…
Author: Isaac Bennetch <bennetch(a)gmail.com>
Date: 2016-11-25 (Fri, 25 Nov 2016)
Changed paths:
M libraries/server_privileges.lib.php
M po/cs.po
M po/fr.po
A templates/privileges/add_user_fieldset.phtml
A templates/privileges/delete_user_fieldset.phtml
Log Message:
-----------
Merge remote-tracking branch 'upstream/master'
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/80c0b4fd66f8...fb161a7bebe6
1
0
Branch: refs/heads/QA_4_6
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 2c4ffca9e2c2ed1abe4ed41d6af2f3c33b808dff
https://github.com/phpmyadmin/phpmyadmin/commit/2c4ffca9e2c2ed1abe4ed41d6af…
Author: ratajs <simonrataj(a)seznam.cz>
Date: 2016-11-25 (Fri, 25 Nov 2016)
Changed paths:
M po/cs.po
Log Message:
-----------
Translated using Weblate (Czech)
Currently translated at 93.2% (3006 of 3222 strings)
[CI skip]
Commit: 6497f5ab77e09505942317f1c152ab1a9976f669
https://github.com/phpmyadmin/phpmyadmin/commit/6497f5ab77e09505942317f1c15…
Author: Weblate <noreply(a)weblate.org>
Date: 2016-11-25 (Fri, 25 Nov 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M import.php
M index.php
M js/config.js
M js/microhistory.js
M libraries/Config.php
M libraries/DbQbe.php
M libraries/Error.php
M libraries/ErrorHandler.php
M libraries/Message.php
M libraries/SavedSearches.php
M libraries/Tracker.php
M libraries/VersionInformation.php
M libraries/core.lib.php
M libraries/export.lib.php
M libraries/ip_allow_deny.lib.php
M libraries/plugins/AuthenticationPlugin.php
M libraries/plugins/auth/AuthenticationConfig.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
M libraries/tbl_partition_definition.inc.php
M libraries/tracking.lib.php
M prefs_manage.php
M test/classes/ErrorTest.php
M test/classes/MessageTest.php
M test/libraries/core/PMA_isAllowedDomain_test.php
M test/libraries/core/PMA_safeUnserialize_test.php
M test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message:
-----------
Merge remote-tracking branch 'origin/QA_4_6' into QA_4_6
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/b1136b88b16e...6497f5ab77e0
1
0
25 Nov '16
Branch: refs/heads/QA_4_6
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 9dbe520e905344597554b06931bd966ce195b9dc
https://github.com/phpmyadmin/phpmyadmin/commit/9dbe520e905344597554b06931b…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/core.lib.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
Log Message:
-----------
Strip null bytes from MySQL username
In old PHP versions this could lead to allow/deny rules bypass.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 2de86f02af17f49e22d6474542770d72dd4723b3
https://github.com/phpmyadmin/phpmyadmin/commit/2de86f02af17f49e22d64745427…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Use hash_equals for comparing username in allow/deny rules
The comparison should happen in constant time to avoid possible leak of
usernames in rules.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: c83b2b0872c035d2625f631a341cb2009ceb9d22
https://github.com/phpmyadmin/phpmyadmin/commit/c83b2b0872c035d2625f631a341…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
Log Message:
-----------
Use hash_equals for checking username
This makes the comparison happen in constant time and makes it
impossible to use it to guess stored usernames.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 61976131350eca8cbba74270a44ea7baa708259f
https://github.com/phpmyadmin/phpmyadmin/commit/61976131350eca8cbba74270a44…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/VersionInformation.php
Log Message:
-----------
Silent errors when getting remote file
- both curl and fopen wrappers can emmit errors in cases where remote
site is not accessible
- do not pass false value to json_decode
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: cf83d6afbe4383e7668c1207be6d5bee0646be04
https://github.com/phpmyadmin/phpmyadmin/commit/cf83d6afbe4383e7668c1207be6…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/export.lib.php
Log Message:
-----------
Remove debugging code
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: a0ca9394a214afd15a4b883f8953b7b32f3caf04
https://github.com/phpmyadmin/phpmyadmin/commit/a0ca9394a214afd15a4b883f895…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/Error.php
M test/classes/ErrorTest.php
Log Message:
-----------
Strip path even if openbasedir restrictions apply
This really should not be the case here as what we get here is code
executed by PHP, so it should have already passed openbasedir
restrictions.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 6e3282e15856192d484f2c56a7ae83796bf2e716
https://github.com/phpmyadmin/phpmyadmin/commit/6e3282e15856192d484f2c56a7a…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M js/microhistory.js
Log Message:
-----------
Store copy of hash instead of working on live object
This avoids possible race conditions when doing the checks.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: b63bd9977c436f6ad564d429e663bb580bb4e730
https://github.com/phpmyadmin/phpmyadmin/commit/b63bd9977c436f6ad564d429e66…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/navigation/NavigationHeader.php
Log Message:
-----------
Stricter validation of NavigationLogoLink
It now has to be URL including scheme. Otherwise it's not really
possible to validate it for being just http/https.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 3ef6201bd6d43eed7f360bb2ead22ef7c484381e
https://github.com/phpmyadmin/phpmyadmin/commit/3ef6201bd6d43eed7f360bb2ead…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M js/config.js
Log Message:
-----------
Fix hash validation
- use copy of hash to avoid race condition
- stricter regex to match whole string
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 45e33d63a252011b02b55b74432c4a90484eaa5e
https://github.com/phpmyadmin/phpmyadmin/commit/45e33d63a252011b02b55b74432…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/DbQbe.php
M libraries/SavedSearches.php
Log Message:
-----------
Limit maximal number of rows in QBE
User would be lost in them anyway by that count and it prevents DOS.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: d62494cd8c99185077f516be76093f4cb4a32837
https://github.com/phpmyadmin/phpmyadmin/commit/d62494cd8c99185077f516be760…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M ChangeLog
M libraries/core.lib.php
M po/sl.po
M setup/lib/ConfigGenerator.php
M show_config_errors.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: ba82f0000c7837bd3b834b24660325652ec27675
https://github.com/phpmyadmin/phpmyadmin/commit/ba82f0000c7837bd3b834b24660…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M index.php
M js/functions.js
M libraries/Advisor.php
M libraries/Footer.php
M libraries/Util.php
M libraries/navigation/NavigationHeader.php
M libraries/plugins/auth/AuthenticationCookie.php
M test/classes/AdvisorTest.php
M test/classes/FooterTest.php
M themes.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: d5c6801a8580f221fc64471016b06cc4dae9ffba
https://github.com/phpmyadmin/phpmyadmin/commit/d5c6801a8580f221fc64471016b…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-24 (Wed, 24 Aug 2016)
Changed paths:
M ChangeLog
M libraries/DisplayResults.php
M libraries/navigation/NavigationHeader.php
M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php
M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php
M libraries/sanitizing.lib.php
M libraries/special_schema_links.lib.php
M po/el.po
M po/ia.po
M po/pa.po
M po/pt_BR.po
M po/sl.po
M po/uk.po
M test/classes/DisplayResultsTest.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: c4714b003c21948e13eb0162c5c951d5e84a1c75
https://github.com/phpmyadmin/phpmyadmin/commit/c4714b003c21948e13eb0162c5c…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-24 (Wed, 24 Aug 2016)
Changed paths:
M ChangeLog
M index.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 0a20356ec4110e682b5bbb219f5f08db10bc418c
https://github.com/phpmyadmin/phpmyadmin/commit/0a20356ec4110e682b5bbb219f5…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-25 (Thu, 25 Aug 2016)
Changed paths:
M ChangeLog
M js/get_image.js.php
M js/get_scripts.js.php
M js/whitelist.php
M libraries/Config.php
M libraries/Table.php
M po/pt.po
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 283f5d10ce65e0656f98335bd1f2767fba3be6db
https://github.com/phpmyadmin/phpmyadmin/commit/283f5d10ce65e0656f98335bd1f…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M import.php
Log Message:
-----------
Fix possible DOS on too big skip value
- loop only as long as long we have data to skip
- convert skip parameter to integer
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: dcc9f8585c49ce2258d40aea511b524488bbce05
https://github.com/phpmyadmin/phpmyadmin/commit/dcc9f8585c49ce2258d40aea511…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M .gitignore
M ChangeLog
M js/functions.js
M js/sql.js
M libraries/Advisor.php
M libraries/Linter.php
M libraries/Util.php
M libraries/common.inc.php
M libraries/dbi/DBIMysqli.php
M libraries/navigation/nodes/Node.php
M libraries/sanitizing.lib.php
M po/pt_BR.po
M templates/columns_definitions/transformation_option.phtml
M test/bootstrap-dist.php
M test/libraries/common/PMA_formatNumberByteDown_test.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 7ddcbc0de6283f42fc0592901d88ee53b457bee9
https://github.com/phpmyadmin/phpmyadmin/commit/7ddcbc0de6283f42fc0592901d8…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/tbl_partition_definition.inc.php
Log Message:
-----------
Validate (sub)partion count from request before use
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 733a5d582193d32c5435bd6324316c9da1b01678
https://github.com/phpmyadmin/phpmyadmin/commit/733a5d582193d32c5435bd63243…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/ErrorHandler.php
M libraries/Message.php
M libraries/plugins/AuthenticationPlugin.php
Log Message:
-----------
Avoid rendering BB code when showing PHP/MySQL errors
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: d01c078b7d48c8f7d4f0784cb4b04ae933a6d23b
https://github.com/phpmyadmin/phpmyadmin/commit/d01c078b7d48c8f7d4f0784cb4b…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/DatabaseInterface.php
M libraries/Error.php
M libraries/ErrorHandler.php
M libraries/session.inc.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 4c34f140779711e1511c721a262028a929a81f91
https://github.com/phpmyadmin/phpmyadmin/commit/4c34f140779711e1511c721a262…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/DatabaseInterface.php
M libraries/Error.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: dac36c3cd889f87165ae776e3929fe9f946f67ad
https://github.com/phpmyadmin/phpmyadmin/commit/dac36c3cd889f87165ae776e392…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M index.php
M libraries/core.lib.php
M test/libraries/core/PMA_isAllowedDomain_test.php
Log Message:
-----------
Stricter URL validation
- do not use empty() as empty('0') is true
- do not lowercase the strings, use them as they are
- lowercase all domains in our codebase
- do not allow to specify port
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 9f0c4c37f3067abcaa7a40b9ef907e343ee62de4
https://github.com/phpmyadmin/phpmyadmin/commit/9f0c4c37f3067abcaa7a40b9ef9…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M test/classes/MessageTest.php
Log Message:
-----------
Fix test failures with recent changes to Message class
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 2f2e3565ba1e85072d2c1a1f0a06b84bebce8f9f
https://github.com/phpmyadmin/phpmyadmin/commit/2f2e3565ba1e85072d2c1a1f0a0…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Use hash_equals when comparing IPv6 allow rules
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: c4613745f398f0fdd8bb238ce7f02eea58d7125d
https://github.com/phpmyadmin/phpmyadmin/commit/c4613745f398f0fdd8bb238ce7f…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M po/ru.po
M po/sk.po
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 3d99185919cdca3ea31caafc7421c507086bdb9c
https://github.com/phpmyadmin/phpmyadmin/commit/3d99185919cdca3ea31caafc742…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M ChangeLog
M libraries/Util.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 2559dc3a62a416eba8284542303173127feeb767
https://github.com/phpmyadmin/phpmyadmin/commit/2559dc3a62a416eba8284542303…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-16 (Fri, 16 Sep 2016)
Changed paths:
M ChangeLog
M import.php
M js/config.js
M js/functions.js
M js/messages.php
M js/tbl_structure.js
M libraries/DatabaseInterface.php
M libraries/VersionInformation.php
M libraries/dbi/DBIDummy.php
M libraries/import.lib.php
M libraries/sanitizing.lib.php
M libraries/server_user_groups.lib.php
M libraries/sql-parser/src/Components/AlterOperation.php
M libraries/sql-parser/src/Components/CreateDefinition.php
M libraries/sql-parser/src/Components/IntoKeyword.php
M libraries/sql-parser/src/Components/OptionsArray.php
M libraries/sql-parser/src/Components/PartitionDefinition.php
M libraries/sql-parser/src/Contexts/ContextMySql50000.php
M libraries/sql-parser/src/Contexts/ContextMySql50100.php
M libraries/sql-parser/src/Contexts/ContextMySql50500.php
M libraries/sql-parser/src/Contexts/ContextMySql50600.php
M libraries/sql-parser/src/Contexts/ContextMySql50700.php
M libraries/sql-parser/src/Statement.php
M libraries/sql-parser/src/Statements/CreateStatement.php
M libraries/sql-parser/src/Statements/InsertStatement.php
M libraries/sql-parser/src/Statements/ReplaceStatement.php
M libraries/sql-parser/src/Statements/SetStatement.php
M libraries/sql-parser/src/Utils/CLI.php
M libraries/sql-parser/src/Utils/Formatter.php
M libraries/sql.lib.php
M po/az.po
M po/hu.po
M po/id.po
M po/ja.po
M po/sk.po
M po/zh_CN.po
M test/libraries/PMA_sql_test.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 161e408ab760e9be8a58bfdf7ce26881a0570798
https://github.com/phpmyadmin/phpmyadmin/commit/161e408ab760e9be8a58bfdf7ce…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)
Changed paths:
M ChangeLog
M doc/setup.rst
M doc/transformations.rst
M js/common.js
M js/export.js
M js/functions.js
M js/messages.php
M js/rte.js
M js/tbl_change.js
M libraries/DatabaseInterface.php
M libraries/Table.php
M libraries/export.lib.php
M libraries/insert_edit.lib.php
M libraries/rte/rte_export.lib.php
M libraries/rte/rte_list.lib.php
M libraries/rte/rte_routines.lib.php
M libraries/rte/rte_words.lib.php
M libraries/server_privileges.lib.php
M libraries/tbl_info.inc.php
M po/de.po
M po/nl.po
M tbl_operations.php
M test/classes/TableTest.php
M test/libraries/PMA_export_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M themes/original/css/common.css.php
M themes/pmahomme/css/common.css.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: fbad6b9b4d175aa82cd35972aa2dcd9ef3ec4346
https://github.com/phpmyadmin/phpmyadmin/commit/fbad6b9b4d175aa82cd35972aa2…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)
Changed paths:
M libraries/plugins/AuthenticationPlugin.php
M libraries/plugins/auth/AuthenticationConfig.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
Log Message:
-----------
Verify value of access_time to avoid unwanted session extension
We need to ansure the access_time parameter is in valid range to avoid
possibility of remotely extending session validity.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 3df5113a8c472567308c913b8a6e68f24a6b1f57
https://github.com/phpmyadmin/phpmyadmin/commit/3df5113a8c472567308c913b8a6…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-26 (Mon, 26 Sep 2016)
Changed paths:
M ChangeLog
M doc/config.rst
M js/tbl_structure.js
M libraries/Util.php
M libraries/config.default.php
M libraries/controllers/table/TableSearchController.php
M libraries/rte/rte_routines.lib.php
M libraries/sql-parser/src/Components/OptionsArray.php
M libraries/sql-parser/src/Statements/CreateStatement.php
M libraries/sql-parser/src/Statements/InsertStatement.php
M libraries/sql-parser/src/Utils/Formatter.php
M libraries/sql.lib.php
M libraries/tbl_info.inc.php
M po/ca.po
M po/de.po
M po/ja.po
M po/ko.po
M po/pt_BR.po
M po/ru.po
M po/sl.po
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: f87358dff730e7a5ada13922108151a9eee107cf
https://github.com/phpmyadmin/phpmyadmin/commit/f87358dff730e7a5ada13922108…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-02 (Sun, 02 Oct 2016)
Changed paths:
M prefs_manage.php
Log Message:
-----------
Don't assume the default arg_separator in URL
Respect the value for arg_separator.input too.
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: 17b34be04f5cc2a5f83d73eba7cd41cbc3ebb7b2
https://github.com/phpmyadmin/phpmyadmin/commit/17b34be04f5cc2a5f83d73eba7c…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M libraries/core.lib.php
M test/libraries/core/PMA_safeUnserialize_test.php
Log Message:
-----------
Correctly parse string length when checking serialized data
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: a7a541347b5f5037207a01a2a20a8c13076efce8
https://github.com/phpmyadmin/phpmyadmin/commit/a7a541347b5f5037207a01a2a20…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M prefs_manage.php
Log Message:
-----------
Merge branch 'QA_4_6-security' of github.com:phpmyadmin/phpmyadmin-security into QA_4_6-security
Commit: 69951525318b246193d82ad7e101748a24a18e93
https://github.com/phpmyadmin/phpmyadmin/commit/69951525318b246193d82ad7e10…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M ChangeLog
M doc/config.rst
M import.php
M js/codemirror/addon/lint/sql-lint.js
M libraries/Config.php
M libraries/Util.php
M libraries/server_privileges.lib.php
M libraries/sql-parser/src/Component.php
M libraries/sql-parser/src/Components/AlterOperation.php
M libraries/sql-parser/src/Components/Array2d.php
M libraries/sql-parser/src/Components/ArrayObj.php
A libraries/sql-parser/src/Components/CaseExpression.php
M libraries/sql-parser/src/Components/Condition.php
M libraries/sql-parser/src/Components/CreateDefinition.php
M libraries/sql-parser/src/Components/DataType.php
M libraries/sql-parser/src/Components/Expression.php
M libraries/sql-parser/src/Components/ExpressionArray.php
M libraries/sql-parser/src/Components/FunctionCall.php
M libraries/sql-parser/src/Components/IntoKeyword.php
M libraries/sql-parser/src/Components/JoinKeyword.php
M libraries/sql-parser/src/Components/Key.php
M libraries/sql-parser/src/Components/Limit.php
M libraries/sql-parser/src/Components/OptionsArray.php
M libraries/sql-parser/src/Components/OrderKeyword.php
M libraries/sql-parser/src/Components/ParameterDefinition.php
M libraries/sql-parser/src/Components/PartitionDefinition.php
M libraries/sql-parser/src/Components/Reference.php
M libraries/sql-parser/src/Components/RenameOperation.php
M libraries/sql-parser/src/Components/SetOperation.php
M libraries/sql-parser/src/Components/UnionKeyword.php
M libraries/sql-parser/src/Context.php
M libraries/sql-parser/src/Contexts/ContextMySql50000.php
M libraries/sql-parser/src/Contexts/ContextMySql50100.php
M libraries/sql-parser/src/Contexts/ContextMySql50500.php
M libraries/sql-parser/src/Contexts/ContextMySql50600.php
M libraries/sql-parser/src/Contexts/ContextMySql50700.php
M libraries/sql-parser/src/Exceptions/LexerException.php
M libraries/sql-parser/src/Exceptions/ParserException.php
M libraries/sql-parser/src/Lexer.php
M libraries/sql-parser/src/Parser.php
M libraries/sql-parser/src/Statement.php
M libraries/sql-parser/src/Statements/AlterStatement.php
M libraries/sql-parser/src/Statements/AnalyzeStatement.php
M libraries/sql-parser/src/Statements/BackupStatement.php
M libraries/sql-parser/src/Statements/CallStatement.php
M libraries/sql-parser/src/Statements/CheckStatement.php
M libraries/sql-parser/src/Statements/ChecksumStatement.php
M libraries/sql-parser/src/Statements/CreateStatement.php
M libraries/sql-parser/src/Statements/DeleteStatement.php
M libraries/sql-parser/src/Statements/DropStatement.php
M libraries/sql-parser/src/Statements/ExplainStatement.php
M libraries/sql-parser/src/Statements/InsertStatement.php
M libraries/sql-parser/src/Statements/MaintenanceStatement.php
M libraries/sql-parser/src/Statements/NotImplementedStatement.php
M libraries/sql-parser/src/Statements/OptimizeStatement.php
M libraries/sql-parser/src/Statements/RenameStatement.php
M libraries/sql-parser/src/Statements/RepairStatement.php
M libraries/sql-parser/src/Statements/ReplaceStatement.php
M libraries/sql-parser/src/Statements/RestoreStatement.php
M libraries/sql-parser/src/Statements/SelectStatement.php
M libraries/sql-parser/src/Statements/SetStatement.php
M libraries/sql-parser/src/Statements/ShowStatement.php
M libraries/sql-parser/src/Statements/TransactionStatement.php
M libraries/sql-parser/src/Statements/TruncateStatement.php
M libraries/sql-parser/src/Statements/UpdateStatement.php
M libraries/sql-parser/src/Token.php
M libraries/sql-parser/src/TokensList.php
M libraries/sql-parser/src/UtfString.php
M libraries/sql-parser/src/Utils/BufferedQuery.php
M libraries/sql-parser/src/Utils/CLI.php
M libraries/sql-parser/src/Utils/Error.php
M libraries/sql-parser/src/Utils/Formatter.php
M libraries/sql-parser/src/Utils/Misc.php
M libraries/sql-parser/src/Utils/Query.php
M libraries/sql-parser/src/Utils/Routine.php
M libraries/sql-parser/src/Utils/Table.php
M libraries/sql-parser/src/Utils/Tokens.php
M libraries/sql.lib.php
M po/id.po
M po/mk.po
M po/sk.po
M po/zh_CN.po
R scripts/remove_control_m.sh
R scripts/revision-info
M server_privileges.php
M tbl_export.php
M themes/original/css/common.css.php
M themes/pmahomme/css/common.css.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 3b8fc504d2a3c1da692cfe703d43d6d81cdc5778
https://github.com/phpmyadmin/phpmyadmin/commit/3b8fc504d2a3c1da692cfe703d4…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-11 (Tue, 11 Oct 2016)
Changed paths:
M libraries/tracking.lib.php
Log Message:
-----------
Manage new-lines and extra whitespaces properly
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: d74714c45ec246d179aa4b19d81c30903cdff876
https://github.com/phpmyadmin/phpmyadmin/commit/d74714c45ec246d179aa4b19d81…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-11 (Tue, 11 Oct 2016)
Changed paths:
M libraries/Tracker.php
Log Message:
-----------
Manage new-lines and extra whitespaces properly
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: 47078395c2aea3d63f1b72d2d26afbd85e2f12f5
https://github.com/phpmyadmin/phpmyadmin/commit/47078395c2aea3d63f1b72d2d26…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-24 (Mon, 24 Oct 2016)
Changed paths:
M ChangeLog
M README.rst
M doc/setup.rst
M index.php
M js/console.js
M js/pmd/move.js
M js/tbl_change.js
M libraries/Advisor.php
M libraries/Table.php
M libraries/common.inc.php
M libraries/config/ConfigFile.php
M libraries/config/Validator.php
M libraries/plugins/export/ExportSql.php
M libraries/relation.lib.php
M libraries/replication.inc.php
M libraries/server_privileges.lib.php
M libraries/sql.lib.php
M po/af.po
M po/ar.po
M po/az.po
M po/be.po
M po/be(a)latin.po
M po/bg.po
M po/bn.po
M po/br.po
M po/brx.po
M po/bs.po
M po/ca.po
M po/ckb.po
M po/cs.po
M po/cy.po
M po/da.po
M po/de.po
M po/el.po
M po/en_GB.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fa.po
M po/fi.po
M po/fr.po
M po/fy.po
M po/gl.po
M po/gu.po
M po/he.po
M po/hi.po
M po/hr.po
M po/hu.po
M po/hy.po
M po/ia.po
M po/id.po
M po/it.po
M po/ja.po
M po/ka.po
M po/kk.po
M po/km.po
M po/kn.po
M po/ko.po
M po/ksh.po
M po/ky.po
M po/li.po
M po/lt.po
M po/lv.po
M po/mk.po
M po/ml.po
M po/mn.po
M po/ms.po
M po/nb.po
M po/ne.po
M po/nl.po
M po/pa.po
M po/phpmyadmin.pot
M po/pl.po
M po/pt.po
M po/pt_BR.po
M po/ro.po
M po/ru.po
M po/si.po
M po/sk.po
M po/sl.po
M po/sq.po
M po/sr.po
M po/sr(a)latin.po
M po/sv.po
M po/ta.po
M po/te.po
M po/th.po
M po/tk.po
M po/tr.po
M po/tt.po
M po/ug.po
M po/uk.po
M po/ur.po
M po/uz.po
M po/uz(a)latin.po
M po/vi.po
M po/vls.po
M po/zh_CN.po
M po/zh_TW.po
M prefs_manage.php
M server_replication.php
M tbl_export.php
M tbl_operations.php
M test/classes/TableTest.php
M test/classes/config/ConfigFileTest.php
M test/classes/plugin/export/ExportSqlTest.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: b31c304459c5da18db59f55d1a2c8c77fed74d1f
https://github.com/phpmyadmin/phpmyadmin/commit/b31c304459c5da18db59f55d1a2…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-25 (Tue, 25 Oct 2016)
Changed paths:
M ChangeLog
M js/console.js
M js/functions.js
M js/messages.php
M js/pmd/move.js
M js/tbl_change.js
M libraries/DisplayResults.php
M libraries/Table.php
M libraries/sql-parser/src/Components/CreateDefinition.php
M libraries/sql-parser/src/Components/Expression.php
M libraries/sql-parser/src/Components/JoinKeyword.php
M libraries/sql-parser/src/Context.php
M libraries/sql-parser/src/Contexts/ContextMySql50000.php
M libraries/sql-parser/src/Contexts/ContextMySql50100.php
M libraries/sql-parser/src/Contexts/ContextMySql50500.php
M libraries/sql-parser/src/Contexts/ContextMySql50600.php
M libraries/sql-parser/src/Contexts/ContextMySql50700.php
M libraries/sql-parser/src/Lexer.php
M libraries/sql-parser/src/Parser.php
M libraries/sql-parser/src/Statements/SelectStatement.php
M libraries/sql-parser/src/Token.php
R phpdox.xml
M po/sl.po
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 8119464150081bcc18641281d62991bdff5feff7
https://github.com/phpmyadmin/phpmyadmin/commit/8119464150081bcc18641281d62…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-11-08 (Tue, 08 Nov 2016)
Changed paths:
M libraries/core.lib.php
M test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message:
-----------
Handle multiple `:p` while sanitizing MySQL hosts
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: 636a38cf8a3572219c84e893ca5061eafffad7c5
https://github.com/phpmyadmin/phpmyadmin/commit/636a38cf8a3572219c84e893ca5…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-11-08 (Tue, 08 Nov 2016)
Changed paths:
M ChangeLog
M doc/faq.rst
M js/functions.js
M js/makegrid.js
M js/messages.php
M js/tbl_change.js
M libraries/Footer.php
M libraries/Table.php
M libraries/pmd_common.php
M po/af.po
M po/ar.po
M po/az.po
M po/be.po
M po/be(a)latin.po
M po/bg.po
M po/bn.po
M po/br.po
M po/brx.po
M po/bs.po
M po/ca.po
M po/ckb.po
M po/cs.po
M po/cy.po
M po/da.po
M po/de.po
M po/el.po
M po/en_GB.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fa.po
M po/fi.po
M po/fr.po
M po/fy.po
M po/gl.po
M po/gu.po
M po/he.po
M po/hi.po
M po/hr.po
M po/hu.po
M po/hy.po
M po/ia.po
M po/id.po
M po/it.po
M po/ja.po
M po/ka.po
M po/kk.po
M po/km.po
M po/kn.po
M po/ko.po
M po/ksh.po
M po/ky.po
M po/li.po
M po/lt.po
M po/lv.po
M po/mk.po
M po/ml.po
M po/mn.po
M po/ms.po
M po/nb.po
M po/ne.po
M po/nl.po
M po/pa.po
M po/phpmyadmin.pot
M po/pl.po
M po/pt.po
M po/pt_BR.po
M po/ro.po
M po/ru.po
M po/si.po
M po/sk.po
M po/sl.po
M po/sq.po
M po/sr.po
M po/sr(a)latin.po
M po/sv.po
M po/ta.po
M po/te.po
M po/th.po
M po/tk.po
M po/tr.po
M po/tt.po
M po/ug.po
M po/uk.po
M po/ur.po
M po/uz.po
M po/uz(a)latin.po
M po/vi.po
M po/vls.po
M po/zh_CN.po
M po/zh_TW.po
M templates/table/relation/common_form.phtml
M templates/table/relation/foreign_key_row.phtml
M test/classes/TableTest.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 970de0ac7abe8a4d81333dac3329720f4263654a
https://github.com/phpmyadmin/phpmyadmin/commit/970de0ac7abe8a4d81333dac332…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-11-10 (Thu, 10 Nov 2016)
Changed paths:
M ChangeLog
M browse_foreigners.php
M db_operations.php
M db_tracking.php
M import.php
M js/pmd/history.js
M libraries/DatabaseInterface.php
M libraries/DbSearch.php
M libraries/DisplayResults.php
M libraries/Menu.php
M libraries/Partition.php
M libraries/RecentFavoriteTable.php
M libraries/SavedSearches.php
M libraries/SystemDatabase.php
M libraries/Table.php
M libraries/Tracker.php
M libraries/Util.php
M libraries/bookmark.lib.php
M libraries/central_columns.lib.php
M libraries/common.inc.php
M libraries/controllers/server/ServerVariablesController.php
M libraries/controllers/table/TableSearchController.php
M libraries/controllers/table/TableStructureController.php
M libraries/create_addfield.lib.php
M libraries/db_designer.lib.php
M libraries/db_table_exists.lib.php
M libraries/dbi/DBIDummy.php
M libraries/dbi/DBIExtension.php
M libraries/dbi/DBIMysql.php
M libraries/dbi/DBIMysqli.php
M libraries/display_export.lib.php
M libraries/export.lib.php
M libraries/import.lib.php
M libraries/insert_edit.lib.php
M libraries/mysql_charsets.lib.php
M libraries/navigation/Navigation.php
M libraries/navigation/NavigationTree.php
M libraries/navigation/nodes/Node.php
M libraries/navigation/nodes/NodeDatabase.php
M libraries/navigation/nodes/NodeTable.php
M libraries/operations.lib.php
M libraries/plugins/export/ExportSql.php
M libraries/plugins/export/ExportXml.php
M libraries/plugins/import/ImportCsv.php
M libraries/plugins/import/ImportLdi.php
M libraries/plugins/schema/pdf/Pdf.php
M libraries/pmd_common.php
M libraries/relation.lib.php
M libraries/relation_cleanup.lib.php
M libraries/replication.inc.php
M libraries/replication_gui.lib.php
M libraries/rte/rte_events.lib.php
M libraries/rte/rte_list.lib.php
M libraries/rte/rte_routines.lib.php
M libraries/rte/rte_triggers.lib.php
M libraries/rte/rte_words.lib.php
M libraries/server_privileges.lib.php
M libraries/server_status_monitor.lib.php
M libraries/server_user_groups.lib.php
M libraries/sql-parser/src/Components/CreateDefinition.php
M libraries/sql-parser/src/Parser.php
M libraries/sql-parser/src/Statement.php
M libraries/sql-parser/src/Utils/Query.php
M libraries/sql.lib.php
M libraries/tracking.lib.php
M libraries/transformations.lib.php
M libraries/user_preferences.lib.php
M phpunit.xml.dist
M po/af.po
M po/ar.po
M po/az.po
M po/be.po
M po/be(a)latin.po
M po/bg.po
M po/bn.po
M po/br.po
M po/brx.po
M po/bs.po
M po/ca.po
M po/ckb.po
M po/cs.po
M po/cy.po
M po/da.po
M po/de.po
M po/el.po
M po/en_GB.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fa.po
M po/fi.po
M po/fr.po
M po/fy.po
M po/gl.po
M po/gu.po
M po/he.po
M po/hi.po
M po/hr.po
M po/hu.po
M po/hy.po
M po/ia.po
M po/id.po
M po/it.po
M po/ja.po
M po/ka.po
M po/kk.po
M po/km.po
M po/kn.po
M po/ko.po
M po/ksh.po
M po/ky.po
M po/li.po
M po/lt.po
M po/lv.po
M po/mk.po
M po/ml.po
M po/mn.po
M po/ms.po
M po/nb.po
M po/ne.po
M po/nl.po
M po/pa.po
M po/phpmyadmin.pot
M po/pl.po
M po/pt.po
M po/pt_BR.po
M po/ro.po
M po/ru.po
M po/si.po
M po/sk.po
M po/sl.po
M po/sq.po
M po/sr.po
M po/sr(a)latin.po
M po/sv.po
M po/ta.po
M po/te.po
M po/th.po
M po/tk.po
M po/tr.po
M po/tt.po
M po/ug.po
M po/uk.po
M po/ur.po
M po/uz.po
M po/uz(a)latin.po
M po/vi.po
M po/vls.po
M po/zh_CN.po
M po/zh_TW.po
M test/classes/DbSearchTest.php
M test/classes/TableTest.php
M test/classes/ThemeManagerTest.php
M test/classes/TrackerTest.php
M test/classes/controllers/TableSearchControllerTest.php
M test/classes/navigation/NavigationTest.php
M test/classes/navigation/NodeTest.php
M test/classes/plugin/export/ExportHtmlwordTest.php
M test/classes/plugin/export/ExportLatexTest.php
M test/classes/plugin/export/ExportOdsTest.php
M test/classes/plugin/export/ExportOdtTest.php
M test/classes/plugin/export/ExportSqlTest.php
M test/classes/plugin/export/ExportTexytextTest.php
M test/classes/plugin/export/ExportXmlTest.php
M test/classes/plugin/import/ImportLdiTest.php
M test/classes/plugin/import/ImportOdsTest.php
M test/libraries/PMA_PMD_common_test.php
M test/libraries/PMA_central_columns_test.php
M test/libraries/PMA_designer_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_server_user_groups_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_quoting_slashing_test.php
M test/libraries/rte/PMA_EVN_getQueryFromRequest_test.php
M test/libraries/rte/PMA_RTN_getQueryFromRequest_test.php
M user_password.php
Log Message:
-----------
Merge branch 'QA_4_6' into QA_4_6-security
Commit: 5daee71272efd87a24fe58f90303e82a5b6caf6d
https://github.com/phpmyadmin/phpmyadmin/commit/5daee71272efd87a24fe58f9030…
Author: Isaac Bennetch <bennetch(a)gmail.com>
Date: 2016-11-24 (Thu, 24 Nov 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.php
Log Message:
-----------
4.6.5 release and ChangeLog
Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com>
Commit: 253894e2995ae4175f4429bf5cdaedfb6a722988
https://github.com/phpmyadmin/phpmyadmin/commit/253894e2995ae4175f4429bf5cd…
Author: Isaac Bennetch <bennetch(a)gmail.com>
Date: 2016-11-24 (Thu, 24 Nov 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M import.php
M index.php
M js/config.js
M js/microhistory.js
M libraries/Config.php
M libraries/DbQbe.php
M libraries/Error.php
M libraries/ErrorHandler.php
M libraries/Message.php
M libraries/SavedSearches.php
M libraries/Tracker.php
M libraries/VersionInformation.php
M libraries/core.lib.php
M libraries/export.lib.php
M libraries/ip_allow_deny.lib.php
M libraries/plugins/AuthenticationPlugin.php
M libraries/plugins/auth/AuthenticationConfig.php
M libraries/plugins/auth/AuthenticationCookie.php
M libraries/plugins/auth/AuthenticationHttp.php
M libraries/tbl_partition_definition.inc.php
M libraries/tracking.lib.php
M prefs_manage.php
M test/classes/ErrorTest.php
M test/classes/MessageTest.php
M test/libraries/core/PMA_isAllowedDomain_test.php
M test/libraries/core/PMA_safeUnserialize_test.php
M test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message:
-----------
Resolve merge conflicts with ChangeLog
Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com>
Commit: b1136b88b16ec398ab4422bb3c3d55c17f6afc45
https://github.com/phpmyadmin/phpmyadmin/commit/b1136b88b16ec398ab4422bb3c3…
Author: Isaac Bennetch <bennetch(a)gmail.com>
Date: 2016-11-25 (Fri, 25 Nov 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.php
Log Message:
-----------
Prepare for 4.6.6-dev
Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com>
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/637d55bb4459...b1136b88b16e
1
0
25 Nov '16
Branch: refs/heads/MAINT_4_4_15
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 4141d694eb212b676ccc768e61b4d4085566f0ed
https://github.com/phpmyadmin/phpmyadmin/commit/4141d694eb212b676ccc768e61b…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/core.lib.php
M libraries/plugins/auth/AuthenticationCookie.class.php
M libraries/plugins/auth/AuthenticationHttp.class.php
Log Message:
-----------
Strip null bytes from MySQL username
In old PHP versions this could lead to allow/deny rules bypass.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 259694af9a3ce80bd17db04f46fb631693d929b8
https://github.com/phpmyadmin/phpmyadmin/commit/259694af9a3ce80bd17db04f46f…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Use hash_equals for comparing username in allow/deny rules
The comparison should happen in constant time to avoid possible leak of
usernames in rules.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: f02555fe948c655877d318f82073cc83e333d99c
https://github.com/phpmyadmin/phpmyadmin/commit/f02555fe948c655877d318f8207…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/plugins/auth/AuthenticationCookie.class.php
M libraries/plugins/auth/AuthenticationHttp.class.php
Log Message:
-----------
Use hash_equals for checking username
This makes the comparison happen in constant time and makes it
impossible to use it to guess stored usernames.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 6735d83e10ae33a20153eb5516fb2f1963a594a7
https://github.com/phpmyadmin/phpmyadmin/commit/6735d83e10ae33a20153eb5516f…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/VersionInformation.php
Log Message:
-----------
Silent errors when getting remote file
- both curl and fopen wrappers can emmit errors in cases where remote
site is not accessible
- do not pass false value to json_decode
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: ebcd746a2fc8b356e36c92fa6960d5f7256ebff0
https://github.com/phpmyadmin/phpmyadmin/commit/ebcd746a2fc8b356e36c92fa696…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/export.lib.php
Log Message:
-----------
Remove debugging code
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 5f40a46d24068484a5afe0bbb4ce4e5c8a6c6094
https://github.com/phpmyadmin/phpmyadmin/commit/5f40a46d24068484a5afe0bbb4c…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/Error.class.php
M test/classes/PMA_Error_test.php
Log Message:
-----------
Strip path even if openbasedir restrictions apply
This really should not be the case here as what we get here is code
executed by PHP, so it should have already passed openbasedir
restrictions.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 55c26d0065e83b9899ba90afb49dd72415c8d7f5
https://github.com/phpmyadmin/phpmyadmin/commit/55c26d0065e83b9899ba90afb49…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M js/ajax.js
Log Message:
-----------
Store copy of hash instead of working on live object
This avoids possible race conditions when doing the checks.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 9b8094bb0d61da59f80a2f927011068c8e0f3069
https://github.com/phpmyadmin/phpmyadmin/commit/9b8094bb0d61da59f80a2f92701…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/navigation/NavigationHeader.class.php
Log Message:
-----------
Stricter validation of NavigationLogoLink
It now has to be URL including scheme. Otherwise it's not really
possible to validate it for being just http/https.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 94736885a66a5b28665d252d3062824fca99dd01
https://github.com/phpmyadmin/phpmyadmin/commit/94736885a66a5b28665d252d306…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M js/config.js
Log Message:
-----------
Fix hash validation
- use copy of hash to avoid race condition
- stricter regex to match whole string
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: fa3bcffd4e2e6d0d7f41f2ec0db2fe8d50a0635d
https://github.com/phpmyadmin/phpmyadmin/commit/fa3bcffd4e2e6d0d7f41f2ec0db…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/DBQbe.class.php
M libraries/SavedSearches.class.php
Log Message:
-----------
Limit maximal number of rows in QBE
User would be lost in them anyway by that count and it prevents DOS.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 18fdcd066467259a4fb866961dde73f7902c5e8c
https://github.com/phpmyadmin/phpmyadmin/commit/18fdcd066467259a4fb866961dd…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-24 (Wed, 24 Aug 2016)
Changed paths:
M ChangeLog
M index.php
Log Message:
-----------
Do not show warning about short blowfish_secret if none is set
With empty blowfish_secret user would always get both warnings...
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 38e4f77a8b0010a774d18cac4d41b104bff4bc53
https://github.com/phpmyadmin/phpmyadmin/commit/38e4f77a8b0010a774d18cac4d4…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M import.php
Log Message:
-----------
Fix possible DOS on too big skip value
- loop only as long as long we have data to skip
- convert skip parameter to integer
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 499a61c7d831f424c1e68f734b587e6baa395634
https://github.com/phpmyadmin/phpmyadmin/commit/499a61c7d831f424c1e68f734b5…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M index.php
M libraries/core.lib.php
Log Message:
-----------
Stricter URL validation
- do not use empty() as empty('0') is true
- do not lowercase the strings, use them as they are
- lowercase all domains in our codebase
- do not allow to specify port
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 2cb51d22dba43f4a5d57d76ad8c734422db7c916
https://github.com/phpmyadmin/phpmyadmin/commit/2cb51d22dba43f4a5d57d76ad8c…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Use hash_equals when comparing IPv6 allow rules
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 8ee12d39e568d46b358601be1217e5087f4acf75
https://github.com/phpmyadmin/phpmyadmin/commit/8ee12d39e568d46b358601be121…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-19 (Mon, 19 Sep 2016)
Changed paths:
M libraries/plugins/AuthenticationPlugin.class.php
M libraries/plugins/auth/AuthenticationConfig.class.php
M libraries/plugins/auth/AuthenticationCookie.class.php
M libraries/plugins/auth/AuthenticationHttp.class.php
Log Message:
-----------
Verify value of access_time to avoid unwanted session extension
We need to ansure the access_time parameter is in valid range to avoid
possibility of remotely extending session validity.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: e3f2c744916ebdd355f365eb350eed078e2542d7
https://github.com/phpmyadmin/phpmyadmin/commit/e3f2c744916ebdd355f365eb350…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-02 (Sun, 02 Oct 2016)
Changed paths:
M prefs_manage.php
Log Message:
-----------
Don't assume the default arg_separator in URL
Respect the value for arg_separator.input too.
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: 1fc004d1730b3ca1b857d005de8a3d00d50cfdb4
https://github.com/phpmyadmin/phpmyadmin/commit/1fc004d1730b3ca1b857d005de8…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M libraries/core.lib.php
M test/libraries/core/PMA_safeUnserialize_test.php
Log Message:
-----------
Correctly parse string length when checking serialized data
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 6d7113776ce6384838b00112f821366a1b92de48
https://github.com/phpmyadmin/phpmyadmin/commit/6d7113776ce6384838b00112f82…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M prefs_manage.php
Log Message:
-----------
Merge branch 'MAINT_4_4_15-security' of github.com:phpmyadmin/phpmyadmin-security into MAINT_4_4_15-security
Commit: 9d0b1915d61e7289d234d26e6bdba021027fda87
https://github.com/phpmyadmin/phpmyadmin/commit/9d0b1915d61e7289d234d26e6bd…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-11 (Tue, 11 Oct 2016)
Changed paths:
M libraries/tracking.lib.php
Log Message:
-----------
Manage new-lines and extra whitespaces properly
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: d69375ff75bf58cbc35130081973a9ecfaec7d52
https://github.com/phpmyadmin/phpmyadmin/commit/d69375ff75bf58cbc3513008197…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-11 (Tue, 11 Oct 2016)
Changed paths:
M libraries/Tracker.class.php
Log Message:
-----------
Manage new-lines and extra whitespaces properly
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: a9e3827b190c386fc6cc0389668545ff0e2b4fdb
https://github.com/phpmyadmin/phpmyadmin/commit/a9e3827b190c386fc6cc0389668…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-11-08 (Tue, 08 Nov 2016)
Changed paths:
M libraries/core.lib.php
M test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message:
-----------
Handle multiple `p:` while sanitizing MySQL hosts
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: 0748384685693e3ecf97b021ccab075e295d4d65
https://github.com/phpmyadmin/phpmyadmin/commit/0748384685693e3ecf97b021cca…
Author: Isaac Bennetch <bennetch(a)gmail.com>
Date: 2016-11-24 (Thu, 24 Nov 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.class.php
Log Message:
-----------
4.4.15.9 release and ChangeLog
Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com>
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/39864227e7c3...074838468569
1
0
25 Nov '16
Branch: refs/heads/MAINT_4_0_10
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 285e5623b638cb414b3c3e5ab7c0f3126d616b54
https://github.com/phpmyadmin/phpmyadmin/commit/285e5623b638cb414b3c3e5ab7c…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/core.lib.php
M libraries/plugins/auth/AuthenticationCookie.class.php
M libraries/plugins/auth/AuthenticationHttp.class.php
Log Message:
-----------
Strip null bytes from MySQL username
In old PHP versions this could lead to allow/deny rules bypass.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 58245cb1cc25a1b167941cf30a4cc742a27c0b5b
https://github.com/phpmyadmin/phpmyadmin/commit/58245cb1cc25a1b167941cf30a4…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Use hash_equals for comparing username in allow/deny rules
The comparison should happen in constant time to avoid possible leak of
usernames in rules.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 6117ad5cef7bbe3ff080efb557bbafaff757e0ea
https://github.com/phpmyadmin/phpmyadmin/commit/6117ad5cef7bbe3ff080efb557b…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/plugins/auth/AuthenticationCookie.class.php
M libraries/plugins/auth/AuthenticationHttp.class.php
Log Message:
-----------
Use hash_equals for checking username
This makes the comparison happen in constant time and makes it
impossible to use it to guess stored usernames.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: f2add98bd93fa96da130214e78eacb01893aa89a
https://github.com/phpmyadmin/phpmyadmin/commit/f2add98bd93fa96da130214e78e…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/Error.class.php
M test/classes/PMA_Error_test.php
Log Message:
-----------
Strip path even if openbasedir restrictions apply
This really should not be the case here as what we get here is code
executed by PHP, so it should have already passed openbasedir
restrictions.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: c2f7a898ddf69422af218718d20c7eb6af62cb88
https://github.com/phpmyadmin/phpmyadmin/commit/c2f7a898ddf69422af218718d20…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M js/ajax.js
Log Message:
-----------
Store copy of hash instead of working on live object
This avoids possible race conditions when doing the checks.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 096856c70c1b8b1b9a94a54ee780f7be623fd1c5
https://github.com/phpmyadmin/phpmyadmin/commit/096856c70c1b8b1b9a94a54ee78…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/navigation/NavigationHeader.class.php
Log Message:
-----------
Stricter validation of NavigationLogoLink
It now has to be URL including scheme. Otherwise it's not really
possible to validate it for being just http/https.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: b2605ebba6ca729fd0157a0774d173e3ec04eabb
https://github.com/phpmyadmin/phpmyadmin/commit/b2605ebba6ca729fd0157a0774d…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M js/config.js
Log Message:
-----------
Fix hash validation
- use copy of hash to avoid race condition
- stricter regex to match whole string
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 67700620db6b494c9ecab9f4268d30cf4afb01b3
https://github.com/phpmyadmin/phpmyadmin/commit/67700620db6b494c9ecab9f4268…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-18 (Thu, 18 Aug 2016)
Changed paths:
M libraries/DBQbe.class.php
Log Message:
-----------
Limit maximal number of rows in QBE
User would be lost in them anyway by that count and it prevents DOS.
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: d37abc38daca9c1ebc074e3b4e9b2bdfc1cf523d
https://github.com/phpmyadmin/phpmyadmin/commit/d37abc38daca9c1ebc074e3b4e9…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-08-24 (Wed, 24 Aug 2016)
Changed paths:
M ChangeLog
M index.php
Log Message:
-----------
Do not show warning about short blowfish_secret if none is set
With empty blowfish_secret user would always get both warnings...
Fixes #12485
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 0c3dfd186c281710516805f97a9875149abeb3ce
https://github.com/phpmyadmin/phpmyadmin/commit/0c3dfd186c281710516805f97a9…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M import.php
Log Message:
-----------
Fix possible DOS on too big skip value
- loop only as long as long we have data to skip
- convert skip parameter to integer
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: af7c58939155d407233c8c3bf6f2ad3e540f489a
https://github.com/phpmyadmin/phpmyadmin/commit/af7c58939155d407233c8c3bf6f…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M index.php
M libraries/core.lib.php
Log Message:
-----------
Stricter URL validation
- do not use empty() as empty('0') is true
- do not lowercase the strings, use them as they are
- lowercase all domains in our codebase
- do not allow to specify port
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 63b7f6c0a94af5d7402c4f198846dc0c066f5413
https://github.com/phpmyadmin/phpmyadmin/commit/63b7f6c0a94af5d7402c4f19884…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-09-02 (Fri, 02 Sep 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Use hash_equals when comparing IPv6 allow rules
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: 773f126c89aca6588258753218e600c5764857c2
https://github.com/phpmyadmin/phpmyadmin/commit/773f126c89aca6588258753218e…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-02 (Sun, 02 Oct 2016)
Changed paths:
M prefs_manage.php
Log Message:
-----------
Don't assume the default arg_separator in URL
Respect the value for arg_separator.input too.
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: 5e108a340f3eac6b6c488439343b6c1a7454787c
https://github.com/phpmyadmin/phpmyadmin/commit/5e108a340f3eac6b6c488439343…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M libraries/core.lib.php
M test/libraries/core/PMA_safeUnserialize_test.php
Log Message:
-----------
Correctly parse string length when checking serialized data
Signed-off-by: Michal Čihař <michal(a)cihar.com>
Commit: be5196ba44e6f029de11abe32cea72161c698533
https://github.com/phpmyadmin/phpmyadmin/commit/be5196ba44e6f029de11abe32ce…
Author: Michal Čihař <michal(a)cihar.com>
Date: 2016-10-04 (Tue, 04 Oct 2016)
Changed paths:
M prefs_manage.php
Log Message:
-----------
Merge branch 'MAINT_4_0_10-security' of github.com:phpmyadmin/phpmyadmin-security into MAINT_4_0_10-security
Commit: 54875fffc12da0f1c0c2b6042e638b08fc337e2a
https://github.com/phpmyadmin/phpmyadmin/commit/54875fffc12da0f1c0c2b6042e6…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-11 (Tue, 11 Oct 2016)
Changed paths:
M tbl_tracking.php
Log Message:
-----------
Manage new-lines and extra whitespaces properly
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: 337b38044ddfe74d334831390c6cb40cd2f001f1
https://github.com/phpmyadmin/phpmyadmin/commit/337b38044ddfe74d334831390c6…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-10-11 (Tue, 11 Oct 2016)
Changed paths:
M libraries/Tracker.class.php
Log Message:
-----------
Manage new-lines and extra whitespaces properly
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: 670359777263517b92908677fafc7e8dcd377ec5
https://github.com/phpmyadmin/phpmyadmin/commit/670359777263517b92908677faf…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-11-08 (Tue, 08 Nov 2016)
Changed paths:
M libraries/core.lib.php
M test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message:
-----------
Handle multiple `:p` while sanitizing MySQL hosts
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
Commit: 8783113cec408ad9a81f17e3a97db6c4732e6164
https://github.com/phpmyadmin/phpmyadmin/commit/8783113cec408ad9a81f17e3a97…
Author: Isaac Bennetch <bennetch(a)gmail.com>
Date: 2016-11-24 (Thu, 24 Nov 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.class.php
Log Message:
-----------
4.0.10.18 release and ChangeLog
Signed-off-by: Isaac Bennetch <bennetch(a)gmail.com>
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/5ba96c8804d9...8783113cec40
1
0
Branch: refs/heads/master
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 96f61e40485f37cb339e0a352faada6483cc041b
https://github.com/phpmyadmin/phpmyadmin/commit/96f61e40485f37cb339e0a352fa…
Author: ratajs <simonrataj(a)seznam.cz>
Date: 2016-11-25 (Fri, 25 Nov 2016)
Changed paths:
M po/cs.po
Log Message:
-----------
Translated using Weblate (Czech)
Currently translated at 92.6% (2996 of 3232 strings)
[CI skip]
Commit: 6b55f1b19c3e5d8bcbdb24c9f82a8b06cc45866b
https://github.com/phpmyadmin/phpmyadmin/commit/6b55f1b19c3e5d8bcbdb24c9f82…
Author: Carlos Ferreira <c.ferreira(a)acsiiweb.com>
Date: 2016-11-25 (Fri, 25 Nov 2016)
Changed paths:
M po/fr.po
Log Message:
-----------
Translated using Weblate (French)
Currently translated at 99.7% (3225 of 3232 strings)
[CI skip]
Commit: 80c0b4fd66f8320730bcb0fb6a00ee5a83382fe0
https://github.com/phpmyadmin/phpmyadmin/commit/80c0b4fd66f8320730bcb0fb6a0…
Author: Weblate <noreply(a)weblate.org>
Date: 2016-11-25 (Fri, 25 Nov 2016)
Changed paths:
M libraries/server_privileges.lib.php
A templates/privileges/add_user_fieldset.phtml
A templates/privileges/delete_user_fieldset.phtml
Log Message:
-----------
Merge remote-tracking branch 'origin/master'
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/2cd98b59187b...80c0b4fd66f8
1
0
[phpmyadmin/phpmyadmin] 2cd98b: Refactor get html for add user and delete user to ...
by Deven Bansod 25 Nov '16
by Deven Bansod 25 Nov '16
25 Nov '16
Branch: refs/heads/master
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 2cd98b59187b24b65a53b057f7a68f43436f849f
https://github.com/phpmyadmin/phpmyadmin/commit/2cd98b59187b24b65a53b057f7a…
Author: Deven Bansod <devenbansod.bits(a)gmail.com>
Date: 2016-11-25 (Fri, 25 Nov 2016)
Changed paths:
M libraries/server_privileges.lib.php
A templates/privileges/add_user_fieldset.phtml
A templates/privileges/delete_user_fieldset.phtml
Log Message:
-----------
Refactor get html for add user and delete user to use template
Signed-off-by: Deven Bansod <devenbansod.bits(a)gmail.com>
1
0