Branch: refs/heads/MAINT_4_0_10 Home: https://github.com/phpmyadmin/phpmyadmin Commit: bf7379771f4b32e01f4af3b36f8ec6900288688e https://github.com/phpmyadmin/phpmyadmin/commit/bf7379771f4b32e01f4af3b36f8e... Author: Michal Čihař michal@cihar.com Date: 2016-06-15 (Wed, 15 Jun 2016)
Changed paths: M setup/frames/index.inc.php
Log Message: ----------- Use javascript for redirection to https
The current approach is broken since whitelisting is active in url.php and also allows potential bbcode injection.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 75724a361bc1873525245e8ff0889cc21456fe38 https://github.com/phpmyadmin/phpmyadmin/commit/75724a361bc1873525245e8ff088... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-06-15 (Wed, 15 Jun 2016)
Changed paths: M libraries/Scripts.class.php
Log Message: ----------- Fix #11457 414 Request-URI Too Large
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com Signed-off-by: Michal Čihař michal@cihar.com
Commit: 805225a28c1428d7809e613c731c2126960e98df https://github.com/phpmyadmin/phpmyadmin/commit/805225a28c1428d7809e613c731c... Author: Michal Čihař michal@cihar.com Date: 2016-06-15 (Wed, 15 Jun 2016)
Changed paths: M js/get_scripts.js.php
Log Message: ----------- Limit number of included scripts in get_scripts.js.php
This avoids potential DOS, the limit is same as we use for generating the URLs.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 6b52ae4d190716bedf76c530ca6b561c9f9c4a44 https://github.com/phpmyadmin/phpmyadmin/commit/6b52ae4d190716bedf76c530ca6b... Author: Michal Čihař michal@cihar.com Date: 2016-06-16 (Thu, 16 Jun 2016)
Changed paths: M test/classes/PMA_Scripts_test.php
Log Message: ----------- Adjust test expectations to match new code
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c9faf855a0b9d494015d1e2a2c121b75be90d176 https://github.com/phpmyadmin/phpmyadmin/commit/c9faf855a0b9d494015d1e2a2c12... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M libraries/config/FormDisplay.class.php
Log Message: ----------- Properly convert POST parameters
We can get array instead of single parameter, so handle this gracefully.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 8451a7a5d26f30692c5be7e7cc1175996a31c007 https://github.com/phpmyadmin/phpmyadmin/commit/8451a7a5d26f30692c5be7e7cc11... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M libraries/Util.class.php M libraries/config/FormDisplay.class.php
Log Message: ----------- Move request conversion to generic code
Signed-off-by: Michal Čihař michal@cihar.com
Commit: e1eb5e8e8939c80309382738f6c5c300969cccec https://github.com/phpmyadmin/phpmyadmin/commit/e1eb5e8e8939c80309382738f6c5... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M setup/validate.php
Log Message: ----------- Fix error reporting on invalid request data
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 96c6a7c0a2d7a473f414dde22efed4c024083f64 https://github.com/phpmyadmin/phpmyadmin/commit/96c6a7c0a2d7a473f414dde22efe... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M libraries/config/validate.lib.php
Log Message: ----------- Validate input of validator
We can not trust the input here, so we can expect anything and deal with missing parameters or invalid values.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: fa7a9b787b394c086a5e7c5e7eaa2eacacddbd01 https://github.com/phpmyadmin/phpmyadmin/commit/fa7a9b787b394c086a5e7c5e7eaa... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M setup/config.php M setup/frames/index.inc.php
Log Message: ----------- Improve error handling in setup in case config dir is not present
We do not show these options in UI, but the scripts should handle it gracefully.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c93c82ee9c21f9e4e539749188f99d0b6fc148dc https://github.com/phpmyadmin/phpmyadmin/commit/c93c82ee9c21f9e4e539749188f9... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M libraries/config/validate.lib.php
Log Message: ----------- Fix typo in validator
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c795a395ba74d29a584abfe48d8a5139df92f0fd https://github.com/phpmyadmin/phpmyadmin/commit/c795a395ba74d29a584abfe48d8a... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M examples/openid.php
Log Message: ----------- Improve error handling in OpenID example
- properly check parameter types - catch all exceptions (eg. network error)
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 5fefa5113948044983d8341f272950ace7bbf1e8 https://github.com/phpmyadmin/phpmyadmin/commit/5fefa5113948044983d8341f2729... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M examples/openid.php
Log Message: ----------- Escape error messages from OpenID
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 78f6c54f1b404c639277d98123429b90d43fb088 https://github.com/phpmyadmin/phpmyadmin/commit/78f6c54f1b404c639277d9812342... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M examples/openid.php
Log Message: ----------- Add error handling to constructing openid message
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 975089b8c346a2c2aa75889f42f5a1729ae79497 https://github.com/phpmyadmin/phpmyadmin/commit/975089b8c346a2c2aa75889f42f5... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M libraries/build_html_for_db.lib.php
Log Message: ----------- Properly escape translated string
Signed-off-by: Michal Čihař michal@cihar.com
Commit: f662d591c506346ac7b1804d5b8ec2754885feb9 https://github.com/phpmyadmin/phpmyadmin/commit/f662d591c506346ac7b1804d5b8e... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M server_binlog.php
Log Message: ----------- Escape binary log name
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 288efea5b42b1514ada0f22c84049067281b3eca https://github.com/phpmyadmin/phpmyadmin/commit/288efea5b42b1514ada0f22c8404... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths: M libraries/plugins/transformations/abstract/AppendTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/DateFormatTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/DownloadTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/ImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/LongToIPv4TransformationsPlugin.class.php M libraries/plugins/transformations/abstract/SubstringTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php M libraries/transformations.lib.php
Log Message: ----------- Simplify and cleanup transformation plugins
Remove PMA_transformation_global_html_replace which makes the code only more confusing.
Also add escaping to browse transformations.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 32875196f971dc41f98a265808f1f8b4bd3ee5da https://github.com/phpmyadmin/phpmyadmin/commit/32875196f971dc41f98a265808f1... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths: M libraries/Header.class.php
Log Message: ----------- Add referrer CSP and <meta> tag
This avoids leaking Referer header in modern browsers.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: e13f9862ef4406d0f10580a0305d4a99a5716dac https://github.com/phpmyadmin/phpmyadmin/commit/e13f9862ef4406d0f10580a0305d... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths: M libraries/Header.class.php
Log Message: ----------- Backport Content-Security-Policy from latest release
This way it will work well on current browsers.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: abfd97983a01556dccf92bbeb932a543ef8c6b80 https://github.com/phpmyadmin/phpmyadmin/commit/abfd97983a01556dccf92bbeb932... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths: M js/get_image.js.php
Log Message: ----------- Escape attributes when showing images in javascript
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 02971f754fc4623ce3a4edaf25b9dcb0ce2af271 https://github.com/phpmyadmin/phpmyadmin/commit/02971f754fc4623ce3a4edaf25b9... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths: M js/ajax.js
Log Message: ----------- Escape HTML when rendering AJAX error
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 8c336ba285f3789c9afc15195f1f3e7b65fe2689 https://github.com/phpmyadmin/phpmyadmin/commit/8c336ba285f3789c9afc15195f1f... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths: M libraries/Header.class.php
Log Message: ----------- Update referrer <meta> to match current standards
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 351019c07429d2d6498e9abaa693ce8d88eadb5f https://github.com/phpmyadmin/phpmyadmin/commit/351019c07429d2d6498e9abaa693... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths: M libraries/tbl_columns_definition_form.inc.php
Log Message: ----------- Quote delimiter before using preg_replace
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 9b6f64b8b972f97711463a3c60c6a0f0c247a1b9 https://github.com/phpmyadmin/phpmyadmin/commit/9b6f64b8b972f97711463a3c60c6... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths: M libraries/TableSearch.class.php
Log Message: ----------- Properly escape zoom search column type
Signed-off-by: Michal Čihař michal@cihar.com
Commit: b974b567811db3461b7a0c8eb1bae1024904277d https://github.com/phpmyadmin/phpmyadmin/commit/b974b567811db3461b7a0c8eb1ba... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths: M js/tbl_chart.js
Log Message: ----------- Fixed rendering of chart of columns with HTML inside
Signed-off-by: Michal Čihař michal@cihar.com
Commit: b04150e30ee5614ded9e072e4823fa6e3d1b15e6 https://github.com/phpmyadmin/phpmyadmin/commit/b04150e30ee5614ded9e072e4823... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
Log Message: ----------- Do not allow javascript: links in transformation
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c3d22bee082e8fb8e86492647255a0406ef68a68 https://github.com/phpmyadmin/phpmyadmin/commit/c3d22bee082e8fb8e86492647255... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths: M ChangeLog
Log Message: ----------- Changelog entries for security release
Signed-off-by: Isaac Bennetch bennetch@gmail.com
Commit: 83416df64f2277d8853fcdd048df7bb154514d03 https://github.com/phpmyadmin/phpmyadmin/commit/83416df64f2277d8853fcdd048df... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-06-23 (Thu, 23 Jun 2016)
Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php
Log Message: ----------- Release 4.0.10.16
Signed-off-by: Isaac Bennetch bennetch@gmail.com
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/ee10ed130626...83416df64f22