Branch: refs/heads/QA_4_6 Home: https://github.com/phpmyadmin/phpmyadmin Commit: 3a6a9a807d99371ee126635e1a505fc1fe0df32c https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a50... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M libraries/sql-parser/src/Utils/Error.php Log Message: ----------- Escape query when displaying Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 7877a9c0084bf8ae15cbd8d2729b126271f682cc https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M js/functions.js Log Message: ----------- Escape SQL query for inline editing Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 16a6a02fca663264de9b034f4acad9c92295586f https://github.com/phpmyadmin/phpmyadmin/commit/16a6a02fca663264de9b034f4aca... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M libraries/tcpdf/include/tcpdf_static.php Log Message: ----------- Avoid skipping the SSL certificate check in TCPDF This code is never used in phpMyAdmin, but we fix it just to avoid potential security reports. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976 https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20b... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M libraries/Config.class.php M test/classes/PMA_Config_test.php Log Message: ----------- Bring back SSL certificate validation Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 983faa94f161df3623ecd371d3696a1b3f91c15f https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d369... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M templates/database/structure/sortable_header.phtml Log Message: ----------- Fix XSS in database structure page Forward ported commit 90df124797175688a63be0d0a311210e92f09895 Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 38fa1191049ac0c626a6684eea52068dfbbb5078 https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M libraries/Config.class.php Log Message: ----------- Urlencode hostname This can come from the HTTP header, so we need to be sure to sanitize it. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 746240bd13b62b5956fc34389cfbdc09e1e67775 https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfb... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M normalization.php Log Message: ----------- Fix XSS in normalization Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: e65f375918a1eef5b1289d890ced645d3925464a https://github.com/phpmyadmin/phpmyadmin/commit/e65f375918a1eef5b1289d890ced... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M ChangeLog M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Merge branch 'MAINT_4_5_5' into MAINT_4_5_5-security Commit: c842a0de9288033d25404d1d6eb22dd83033675f https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb2... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M file_echo.php Log Message: ----------- Use correct headers for json data It was previously not marked as such what could potentially lead to browsers doing some autodetection. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: b3d36dc836df31a7d1b1c4f61f578a9b42bd1f98 https://github.com/phpmyadmin/phpmyadmin/commit/b3d36dc836df31a7d1b1c4f61f57... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M libraries/Config.class.php M test/classes/PMA_Config_test.php Log Message: ----------- Merge pull request #23 from phpmyadmin/ssl-cert Bring back SSL certificate validation Commit: f33a42f1da9db943a67bda7d29f7dd91957a8e7e https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M js/functions.js M js/normalization.js Log Message: ----------- Fix XSS in normalization.js Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: 37c34d089aa19f30d11203bb0c7f85b486424372 https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M js/normalization.js Log Message: ----------- Escape selectors Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: 9bce7dafaf746559c617f674e27b9c0f75ae97a2 https://github.com/phpmyadmin/phpmyadmin/commit/9bce7dafaf746559c617f674e27b... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-25 (Thu, 25 Feb 2016) Changed paths: M ChangeLog Log Message: ----------- Add changes for security issues Signed-off-by: Michal Čihař <michal@cihar.com> Commit: bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-02-27 (Sat, 27 Feb 2016) Changed paths: M js/normalization.js Log Message: ----------- Fix XSS in normalization.js Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: ab1283e8366c97a155d4e9ae58628a248458ea32 https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae5862... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M libraries/server_privileges.lib.php Log Message: ----------- Fix XSS in User accounts page Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: cc55f44a4a90147a007dee1aefa1cb529e23798b https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M db_central_columns.php Log Message: ----------- Fix XSS in Central columns page Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: 4650ad7fbde189678d180b8f294af3591f50b829 https://github.com/phpmyadmin/phpmyadmin/commit/4650ad7fbde189678d180b8f294a... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M templates/table/search/input_box.phtml M templates/table/search/rows_zoom.phtml Log Message: ----------- A better way of escaping Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: 41c4e0214c286f28830cca54423b5db57e7c0ce4 https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M libraries/controllers/TableSearchController.class.php Log Message: ----------- Fix XSS in zoom search Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: 2925d6468b60363669a08cfd8e689c1a05191744 https://github.com/phpmyadmin/phpmyadmin/commit/2925d6468b60363669a08cfd8e68... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M templates/table/search/input_box.phtml M templates/table/search/rows_zoom.phtml Log Message: ----------- Merge pull request #29 from phpmyadmin/escape A better way of escaping Commit: a29f154f37400264e8b7fbbbf4cf3bf1d046f127 https://github.com/phpmyadmin/phpmyadmin/commit/a29f154f37400264e8b7fbbbf4cf... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M ChangeLog M db_central_columns.php M file_echo.php M js/functions.js M js/normalization.js M libraries/Config.php M libraries/controllers/table/TableSearchController.php M libraries/server_privileges.lib.php M libraries/sql-parser/src/Utils/Error.php M libraries/tcpdf/include/tcpdf_static.php M normalization.php M templates/database/structure/sortable_header.phtml M templates/table/search/input_box.phtml M templates/table/search/rows_zoom.phtml M test/classes/ConfigTest.php Log Message: ----------- Merge branch 'MAINT_4_5_5-security' into QA_4_6-security Commit: ed17d3c450fb9c9d399cadd9415c14baaaf20117 https://github.com/phpmyadmin/phpmyadmin/commit/ed17d3c450fb9c9d399cadd9415c... Author: Michal Čihař <michal@cihar.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M ChangeLog M libraries/sql-parser/autoload.php Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security Commit: 73fd0dc2a8f5471c717a887aae22bde97bc5498f https://github.com/phpmyadmin/phpmyadmin/commit/73fd0dc2a8f5471c717a887aae22... Author: Isaac Bennetch <bennetch@gmail.com> Date: 2016-02-29 (Mon, 29 Feb 2016) Changed paths: M README M doc/conf.py M libraries/Config.php Log Message: ----------- 4.6.0-rc1 pre-release Signed-off-by: Isaac Bennetch <bennetch@gmail.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/2ebabd11fd37...73fd0dc2a8f5