Branch: refs/heads/QA_4_6 Home: https://github.com/phpmyadmin/phpmyadmin Commit: 3a6a9a807d99371ee126635e1a505fc1fe0df32c https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a50... Author: Michal Čihař michal@cihar.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M libraries/sql-parser/src/Utils/Error.php
Log Message: ----------- Escape query when displaying
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 7877a9c0084bf8ae15cbd8d2729b126271f682cc https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b... Author: Michal Čihař michal@cihar.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M js/functions.js
Log Message: ----------- Escape SQL query for inline editing
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 16a6a02fca663264de9b034f4acad9c92295586f https://github.com/phpmyadmin/phpmyadmin/commit/16a6a02fca663264de9b034f4aca... Author: Michal Čihař michal@cihar.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M libraries/tcpdf/include/tcpdf_static.php
Log Message: ----------- Avoid skipping the SSL certificate check in TCPDF
This code is never used in phpMyAdmin, but we fix it just to avoid potential security reports.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976 https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20b... Author: Michal Čihař michal@cihar.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M libraries/Config.class.php M test/classes/PMA_Config_test.php
Log Message: ----------- Bring back SSL certificate validation
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 983faa94f161df3623ecd371d3696a1b3f91c15f https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d369... Author: Michal Čihař michal@cihar.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M templates/database/structure/sortable_header.phtml
Log Message: ----------- Fix XSS in database structure page
Forward ported commit 90df124797175688a63be0d0a311210e92f09895
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 38fa1191049ac0c626a6684eea52068dfbbb5078 https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52... Author: Michal Čihař michal@cihar.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M libraries/Config.class.php
Log Message: ----------- Urlencode hostname
This can come from the HTTP header, so we need to be sure to sanitize it.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 746240bd13b62b5956fc34389cfbdc09e1e67775 https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfb... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M normalization.php
Log Message: ----------- Fix XSS in normalization
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: e65f375918a1eef5b1289d890ced645d3925464a https://github.com/phpmyadmin/phpmyadmin/commit/e65f375918a1eef5b1289d890ced... Author: Michal Čihař michal@cihar.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M ChangeLog M libraries/plugins/export/ExportSql.class.php
Log Message: ----------- Merge branch 'MAINT_4_5_5' into MAINT_4_5_5-security
Commit: c842a0de9288033d25404d1d6eb22dd83033675f https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb2... Author: Michal Čihař michal@cihar.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M file_echo.php
Log Message: ----------- Use correct headers for json data
It was previously not marked as such what could potentially lead to browsers doing some autodetection.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: b3d36dc836df31a7d1b1c4f61f578a9b42bd1f98 https://github.com/phpmyadmin/phpmyadmin/commit/b3d36dc836df31a7d1b1c4f61f57... Author: Michal Čihař michal@cihar.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M libraries/Config.class.php M test/classes/PMA_Config_test.php
Log Message: ----------- Merge pull request #23 from phpmyadmin/ssl-cert
Bring back SSL certificate validation
Commit: f33a42f1da9db943a67bda7d29f7dd91957a8e7e https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M js/functions.js M js/normalization.js
Log Message: ----------- Fix XSS in normalization.js
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: 37c34d089aa19f30d11203bb0c7f85b486424372 https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M js/normalization.js
Log Message: ----------- Escape selectors
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: 9bce7dafaf746559c617f674e27b9c0f75ae97a2 https://github.com/phpmyadmin/phpmyadmin/commit/9bce7dafaf746559c617f674e27b... Author: Michal Čihař michal@cihar.com Date: 2016-02-25 (Thu, 25 Feb 2016)
Changed paths: M ChangeLog
Log Message: ----------- Add changes for security issues
Signed-off-by: Michal Čihař michal@cihar.com
Commit: bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-02-27 (Sat, 27 Feb 2016)
Changed paths: M js/normalization.js
Log Message: ----------- Fix XSS in normalization.js
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: ab1283e8366c97a155d4e9ae58628a248458ea32 https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae5862... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths: M libraries/server_privileges.lib.php
Log Message: ----------- Fix XSS in User accounts page
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: cc55f44a4a90147a007dee1aefa1cb529e23798b https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths: M db_central_columns.php
Log Message: ----------- Fix XSS in Central columns page
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: 4650ad7fbde189678d180b8f294af3591f50b829 https://github.com/phpmyadmin/phpmyadmin/commit/4650ad7fbde189678d180b8f294a... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths: M templates/table/search/input_box.phtml M templates/table/search/rows_zoom.phtml
Log Message: ----------- A better way of escaping
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: 41c4e0214c286f28830cca54423b5db57e7c0ce4 https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths: M libraries/controllers/TableSearchController.class.php
Log Message: ----------- Fix XSS in zoom search
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: 2925d6468b60363669a08cfd8e689c1a05191744 https://github.com/phpmyadmin/phpmyadmin/commit/2925d6468b60363669a08cfd8e68... Author: Michal Čihař michal@cihar.com Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths: M templates/table/search/input_box.phtml M templates/table/search/rows_zoom.phtml
Log Message: ----------- Merge pull request #29 from phpmyadmin/escape
A better way of escaping
Commit: a29f154f37400264e8b7fbbbf4cf3bf1d046f127 https://github.com/phpmyadmin/phpmyadmin/commit/a29f154f37400264e8b7fbbbf4cf... Author: Michal Čihař michal@cihar.com Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths: M ChangeLog M db_central_columns.php M file_echo.php M js/functions.js M js/normalization.js M libraries/Config.php M libraries/controllers/table/TableSearchController.php M libraries/server_privileges.lib.php M libraries/sql-parser/src/Utils/Error.php M libraries/tcpdf/include/tcpdf_static.php M normalization.php M templates/database/structure/sortable_header.phtml M templates/table/search/input_box.phtml M templates/table/search/rows_zoom.phtml M test/classes/ConfigTest.php
Log Message: ----------- Merge branch 'MAINT_4_5_5-security' into QA_4_6-security
Commit: ed17d3c450fb9c9d399cadd9415c14baaaf20117 https://github.com/phpmyadmin/phpmyadmin/commit/ed17d3c450fb9c9d399cadd9415c... Author: Michal Čihař michal@cihar.com Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths: M ChangeLog M libraries/sql-parser/autoload.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 73fd0dc2a8f5471c717a887aae22bde97bc5498f https://github.com/phpmyadmin/phpmyadmin/commit/73fd0dc2a8f5471c717a887aae22... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-02-29 (Mon, 29 Feb 2016)
Changed paths: M README M doc/conf.py M libraries/Config.php
Log Message: ----------- 4.6.0-rc1 pre-release
Signed-off-by: Isaac Bennetch bennetch@gmail.com
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/2ebabd11fd37...73fd0dc2a8f5