Branch: refs/heads/MAINT_4_0_10 Home: https://github.com/phpmyadmin/phpmyadmin Commit: e46fdb8e5e5fab4df762d0af54e328f290f442a8 https://github.com/phpmyadmin/phpmyadmin/commit/e46fdb8e5e5fab4df762d0af54e3... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M phpinfo.php
Log Message: ----------- Sent CSP headers for phpinfo
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c6cfb58834267c36169d045bc42ebbcacfa7f1c2 https://github.com/phpmyadmin/phpmyadmin/commit/c6cfb58834267c36169d045bc42e... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M libraries/Util.class.php
Log Message: ----------- Avoid possible path traversal using MySQL username
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 34a1cebf762af07ba80e9d3aa05ffcd20b4025c7 https://github.com/phpmyadmin/phpmyadmin/commit/34a1cebf762af07ba80e9d3aa05f... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M libraries/plugins/export/ExportPhparray.class.php
Log Message: ----------- Generate valid PHP code even when table/database name contains PHP markup
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 59e0f3dee4b7cfe05375f8b0e90adb19e1af6377 https://github.com/phpmyadmin/phpmyadmin/commit/59e0f3dee4b7cfe05375f8b0e90a... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M libraries/plugins/export/ExportXml.class.php
Log Message: ----------- Properly escape generated XML export
Many fields could contain XML markup, so we need to ensure the generated XML is valid.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 95b7b7d6dd1402aba6a0d9ccc8683b7ef53602b4 https://github.com/phpmyadmin/phpmyadmin/commit/95b7b7d6dd1402aba6a0d9ccc868... Author: Michal Čihař michal@cihar.com Date: 2016-07-08 (Fri, 08 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message: ----------- Improve cookie encryption
- use MAC to validate content before decryption - create unique IV for every cookie
Signed-off-by: Michal Čihař michal@cihar.com
Commit: cf2e0afdb7b247a54192e85b298ec89adaecebca https://github.com/phpmyadmin/phpmyadmin/commit/cf2e0afdb7b247a54192e85b298e... Author: Michal Čihař michal@cihar.com Date: 2016-07-09 (Sat, 09 Jul 2016)
Changed paths: M composer.json M doc/other.rst M index.php M libraries/config/FormDisplay.class.php M libraries/config/messages.inc.php M libraries/import.lib.php M po/af.po M po/ar.po M po/az.po M po/be.po M po/be@latin.po M po/bg.po M po/bn.po M po/br.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/gl.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/ko.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr@latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz@latin.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php
Log Message: ----------- Use https for wiki links
Signed-off-by: Michal Čihař michal@cihar.com
Commit: a9005b20bcb81b1e2007ab69c6bd67a3679d56b3 https://github.com/phpmyadmin/phpmyadmin/commit/a9005b20bcb81b1e2007ab69c6bd... Author: Michal Čihař michal@cihar.com Date: 2016-07-10 (Sun, 10 Jul 2016)
Changed paths: M libraries/replication_gui.lib.php M server_status_variables.php
Log Message: ----------- Properly escape MySQL status variables
Signed-off-by: Michal Čihař michal@cihar.com
Commit: eb2c702ab22e58cb6e719f6c8a0e0c9816e3e1a1 https://github.com/phpmyadmin/phpmyadmin/commit/eb2c702ab22e58cb6e719f6c8a0e... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-07-10 (Sun, 10 Jul 2016)
Changed paths: M examples/openid.php M examples/signon.php
Log Message: ----------- Add Secure and HttpOnly flags for session cookie setup in examples
Signed-off-by: Isaac Bennetch bennetch@gmail.com
Commit: 4440790902618c98f81f23a28747ccc117bfe53b https://github.com/phpmyadmin/phpmyadmin/commit/4440790902618c98f81f23a28747... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths: M libraries/ip_allow_deny.lib.php
Log Message: ----------- Make proxy IP parsing aware of multiple proxies
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ec2bd5d84c4583a38f0086bac207e88f27d77749 https://github.com/phpmyadmin/phpmyadmin/commit/ec2bd5d84c4583a38f0086bac207... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst R examples/swekey.sample.conf M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/plugins/auth/AuthenticationCookie.class.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php
Log Message: ----------- Remove Swekey support
It is buggy and their servers are no longer working.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ee6557a689a73b21449ba3ad29c7317aeb06011e https://github.com/phpmyadmin/phpmyadmin/commit/ee6557a689a73b21449ba3ad29c7... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths: M libraries/core.lib.php
Log Message: ----------- Remove debugging code
Signed-off-by: Michal Čihař michal@cihar.com
Commit: dc2518974124b98a57107e9486084df76a655227 https://github.com/phpmyadmin/phpmyadmin/commit/dc2518974124b98a57107e948608... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths: M libraries/ip_allow_deny.lib.php
Log Message: ----------- Fix syntax error in older PHP versions
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 6cbbcdb719829075aaa2d5a91828831dbf1d74e1 https://github.com/phpmyadmin/phpmyadmin/commit/6cbbcdb719829075aaa2d5a91828... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/replication_gui.lib.php
Log Message: ----------- Fix XSS in server_replication.php
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: a416cbe6c7dd14b843f4ceed6d17be112ad4aad6 https://github.com/phpmyadmin/phpmyadmin/commit/a416cbe6c7dd14b843f4ceed6d17... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
Log Message: ----------- Use whitelist rather than blacklist for URL filtering
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 63a5fdaa21ed2f755b164376aeb661425e8a1ba7 https://github.com/phpmyadmin/phpmyadmin/commit/63a5fdaa21ed2f755b164376aeb6... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M changelog.php M index.php M libraries/display_git_revision.lib.php M libraries/engines/pbxt.lib.php M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/sanitizing.lib.php M themes.php
Log Message: ----------- Add rel="noopener noreferrer" to all target="_blank" links
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 0a4cdc25f1b30db18186726d9122e68b4cba120a https://github.com/phpmyadmin/phpmyadmin/commit/0a4cdc25f1b30db18186726d9122... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
Log Message: ----------- Use _blank target instead of invalid _new
Signed-off-by: Michal Čihař michal@cihar.com
Commit: e9a4de70a769312d3dce61b69f65015cdd2c4681 https://github.com/phpmyadmin/phpmyadmin/commit/e9a4de70a769312d3dce61b69f65... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/plugins/export/ExportMediawiki.class.php
Log Message: ----------- Escape HTML in Mediawiki comments
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 41684ff1a1fe2380c93fc3a0bf2d68ceb81b55e5 https://github.com/phpmyadmin/phpmyadmin/commit/41684ff1a1fe2380c93fc3a0bf2d... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M examples/openid.php M examples/signon.php
Log Message: ----------- Hide session error messages to avoid FPD
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ab05803a4257c12ee75c3cf1cbc941b3ab1dcf7e https://github.com/phpmyadmin/phpmyadmin/commit/ab05803a4257c12ee75c3cf1cbc9... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M import.php M libraries/File.class.php M libraries/file_listing.lib.php
Log Message: ----------- Do not allow symlinks in UploadDir
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c8297b4718d46f1d78ec7405cdbeb3b3f937001f https://github.com/phpmyadmin/phpmyadmin/commit/c8297b4718d46f1d78ec7405cdbe... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php M setup/lib/index.lib.php
Log Message: ----------- Use phpseclib's Crypt module to generate encryption keys
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 14fd2758114040d4aa2d49c50f425f1e5a046a7f https://github.com/phpmyadmin/phpmyadmin/commit/14fd2758114040d4aa2d49c50f42... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php
Log Message: ----------- Use iframe sandbox for rendering HTML in transformation
Signed-off-by: Michal Čihař michal@cihar.com
Commit: bdc7436c7796c7500a53d84bf44c6e24bf96fa74 https://github.com/phpmyadmin/phpmyadmin/commit/bdc7436c7796c7500a53d84bf44c... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M version_check.php
Log Message: ----------- Prefer curl over file_get_contents
Curl is better in SSL certificate verification.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 8e0918cc410fea4bb58a26caa0bb07b65c8da77c https://github.com/phpmyadmin/phpmyadmin/commit/8e0918cc410fea4bb58a26caa0bb... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/config/validate.lib.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/replication.inc.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message: ----------- Sanitize MySQL host name before connecting
It can contain p: prefix which we don't want to honor.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 80c93025a7523da0fd7ba25c11d10adbe425d439 https://github.com/phpmyadmin/phpmyadmin/commit/80c93025a7523da0fd7ba25c11d1... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/core.lib.php M tbl_tracking.php A test/libraries/core/PMA_safeUnserialize_test.php
Log Message: ----------- Validate serialized data before unserializing
We need only strings, integers or arrays, so there is no need to unserialize strings containing any complex types.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: a3953f88ef5ab287718bf73c454733947ce52128 https://github.com/phpmyadmin/phpmyadmin/commit/a3953f88ef5ab287718bf73c4547... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/display_create_database.lib.php
Log Message: ----------- Escape suggested database name
Signed-off-by: Michal Čihař michal@cihar.com
Commit: fec9b98a22afd6e484e584c71990cc1325e96f2c https://github.com/phpmyadmin/phpmyadmin/commit/fec9b98a22afd6e484e584c71990... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/schema/Export_Relation_Schema.class.php M libraries/schema/User_Schema.class.php M pmd_pdf.php
Log Message: ----------- Ensure page number is integer
Even if somebody decides to change configuration storage structure.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 8ac57b1281250cbf3f0eee3db23fed281ad2ba3d https://github.com/phpmyadmin/phpmyadmin/commit/8ac57b1281250cbf3f0eee3db23f... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/RecentTable.class.php M libraries/Table.class.php
Log Message: ----------- Correctly escape MySQL username in queries
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ff88cdbed224273b65e3df3a584c16e8b893cbbf https://github.com/phpmyadmin/phpmyadmin/commit/ff88cdbed224273b65e3df3a584c... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M transformation_wrapper.php
Log Message: ----------- Validate image scaling dimensions
Ensure we pass only integers and they are not too big.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 7f7a8ac4678d8488759ee68ff751f45821546dd3 https://github.com/phpmyadmin/phpmyadmin/commit/7f7a8ac4678d8488759ee68ff751... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugin_interface.lib.php
Log Message: ----------- Do not try to create non existing classes
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 56e13501184d1354b84b63dce7c00deae5066e9b https://github.com/phpmyadmin/phpmyadmin/commit/56e13501184d1354b84b63dce7c0... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugins/export/ExportSql.class.php
Log Message: ----------- Properly handle newlines in SQL comments
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 8f3ee9f9dbcbaddebcdd95f4cbd7c7ea00ab17da https://github.com/phpmyadmin/phpmyadmin/commit/8f3ee9f9dbcbaddebcdd95f4cbd7... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M transformation_wrapper.php
Log Message: ----------- Do not use empty MIME type
This will turn on content sniffing in browser leading to unwanted results.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 09a427b288cbbd1508a055a5594f906c22a60dec https://github.com/phpmyadmin/phpmyadmin/commit/09a427b288cbbd1508a055a5594f... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M transformation_wrapper.php
Log Message: ----------- Escape HTML markup in transformation wrapper
...in case content type is html.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 31546255f3ba8c8f2fc1e001aabff2da4054d293 https://github.com/phpmyadmin/phpmyadmin/commit/31546255f3ba8c8f2fc1e001aabf... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
Log Message: ----------- Ensure widht and height are integers
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 04156efeb02ade052e46e09c93c74b95e2da9175 https://github.com/phpmyadmin/phpmyadmin/commit/04156efeb02ade052e46e09c93c7... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php
Log Message: ----------- Ensure widht and height are integers
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 0f87b73ae203d79f74765c97f637a51b87205515 https://github.com/phpmyadmin/phpmyadmin/commit/0f87b73ae203d79f74765c97f637... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/TableSearch.class.php
Log Message: ----------- HML encode embedded JSON data
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ab26a8fe97be18f854c12ffda704f253c7706dfd https://github.com/phpmyadmin/phpmyadmin/commit/ab26a8fe97be18f854c12ffda704... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugins/export/ExportSql.class.php
Log Message: ----------- Fix exporting multiline comments
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 714818f3ad21aa44ed2017ede8009cbc30d4816d https://github.com/phpmyadmin/phpmyadmin/commit/714818f3ad21aa44ed2017ede800... Author: Michal Čihař michal@cihar.com Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths: M ChangeLog M README M README.rst M changelog.php M composer.json M config.sample.inc.php M doc/developers.rst M doc/faq.rst M doc/intro.rst M doc/other.rst M doc/transformations.rst M index.php M libraries/Util.class.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/plugins/export/ExportLatex.class.php M libraries/plugins/export/ExportSql.class.php M libraries/plugins/export/ExportXml.class.php M po/es.po M test/classes/PMA_Message_test.php M test/libraries/PMA_sanitize_test.php M test/libraries/common/PMA_showDocu_test.php M test/test_data/exploit_test.sql M themes.php M version_check.php
Log Message: ----------- Use https to access phpmyadmin.net
Signed-off-by: Michal Čihař michal@cihar.com
Commit: e8c5cab3c117e68a0d837319e0e83bdfc50be1fb https://github.com/phpmyadmin/phpmyadmin/commit/e8c5cab3c117e68a0d837319e0e8... Author: Michal Čihař michal@cihar.com Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths: M libraries/core.lib.php
Log Message: ----------- Improve URL filtering in url.php
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 6f8eb0993d1a37f14608b90e433791b723c51085 https://github.com/phpmyadmin/phpmyadmin/commit/6f8eb0993d1a37f14608b90e4337... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/import/ImportShp.class.php
Log Message: ----------- Delete temporary file before reporting error
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 378c3820bf1a3c184640cd8bbe95a3b1f30ff747 https://github.com/phpmyadmin/phpmyadmin/commit/378c3820bf1a3c184640cd8bbe95... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/import/ImportShp.class.php M libraries/zip_extension.lib.php M test/libraries/PMA_zip_extension_test.php
Log Message: ----------- Sanitize filename on SHP import
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 85e1d6ec808634834927ef33e1bc77f617a67ca1 https://github.com/phpmyadmin/phpmyadmin/commit/85e1d6ec808634834927ef33e1bc... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/OutputBuffering.class.php M url.php
Log Message: ----------- Send standard set of HTTP headers on redirect
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ae8693db68581d4d0d3a25e317f4ca7cf55b128f https://github.com/phpmyadmin/phpmyadmin/commit/ae8693db68581d4d0d3a25e317f4... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst M index.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M setup/lib/index.lib.php
Log Message: ----------- Backport cookie encryption from 4.6 branch
- Use hash_hmac for MAC rather than plain SHA1 - Use different secret for MAC than encryption - Merge pmaServer and pmaPass cookies - Document 32 chars length for blowfish_secret
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 5a28b63f9c3f96e0510740625cade52ea32dc392 https://github.com/phpmyadmin/phpmyadmin/commit/5a28b63f9c3f96e0510740625cad... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M tbl_addfield.php M tbl_create.php
Log Message: ----------- Limit maximal numver of fields to 4096
Signed-off-by: Michal Čihař michal@cihar.com
Commit: f261abbdf9fa7f96e30e8e040866a326f5e9b95d https://github.com/phpmyadmin/phpmyadmin/commit/f261abbdf9fa7f96e30e8e040866... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M file_echo.php
Log Message: ----------- Remove no longer used code
It was used by old charts code to download charts.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: d03954bf9ca3b1cc4037214e7983617732282872 https://github.com/phpmyadmin/phpmyadmin/commit/d03954bf9ca3b1cc4037214e7983... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths: M import.php M libraries/dbi/mysql.dbi.lib.php M libraries/dbi/mysqli.dbi.lib.php
Log Message: ----------- Enable LOAD DATA LOCAL INFILE only when needed
There is no need to have this feature allowed for normal SQL queries, it can lead to leaking sensitive files from the web server. It's enough to enable it only in LDI import plugin, where we control what queries are executed.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 4d15f6b131a7ffc107714d9503f8a93e4c7461af https://github.com/phpmyadmin/phpmyadmin/commit/4d15f6b131a7ffc107714d9503f8... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message: ----------- Fix random invocation
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ac703223e97398d1d3ad902afd036e303dc3de9b https://github.com/phpmyadmin/phpmyadmin/commit/ac703223e97398d1d3ad902afd03... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths: M libraries/gis/pma_gis_geometry.php
Log Message: ----------- Ensure GIS point coordinates are numeric
Signed-off-by: Michal Čihař michal@cihar.com
Commit: eec14404a738b1259ee7dfc4fbdf17b47e497f1d https://github.com/phpmyadmin/phpmyadmin/commit/eec14404a738b1259ee7dfc4fbdf... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php
Log Message: ----------- Remove option to show phpinfo() ($cfg['ShowPhpInfo'])
This is really more a PHP debugging feature than anything related to phpMyAdmin. If user wants to debug, it's as simple a creating file with one line of php code.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 47d00af08a90c5aa47c23f5eaa7b31818bffe9d6 https://github.com/phpmyadmin/phpmyadmin/commit/47d00af08a90c5aa47c23f5eaa7b... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths: R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh
Log Message: ----------- Move generator scripts out of the code
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 262aa8ec73641a9cba264711575c04424757d655 https://github.com/phpmyadmin/phpmyadmin/commit/262aa8ec73641a9cba264711575c... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths: M user_password.php
Log Message: ----------- Fix password change with cookie auth
Signed-off-by: Michal Čihař michal@cihar.com
Commit: b0e66715ba77d2171458c2a0ef5e2673e9f7ff76 https://github.com/phpmyadmin/phpmyadmin/commit/b0e66715ba77d2171458c2a0ef5e... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths: M user_password.php
Log Message: ----------- Do not allow to set too long password
We do not accept password longer than 256 chars, so do not accept it on password change as well.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 126321da378cf14165f845309446be410470229b https://github.com/phpmyadmin/phpmyadmin/commit/126321da378cf14165f845309446... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths: M libraries/DbSearch.class.php
Log Message: ----------- Escape string when showing confirmation message
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 533ffa49427c2c5e9a1a7a332df54a8b7f7e57f5 https://github.com/phpmyadmin/phpmyadmin/commit/533ffa49427c2c5e9a1a7a332df5... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths: M js/functions.js M version_check.php
Log Message: ----------- Add login and token validation to version_check
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 2922cb7c70300e76cbaa7509c007f48615ac879d https://github.com/phpmyadmin/phpmyadmin/commit/2922cb7c70300e76cbaa7509c007... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths: M libraries/Response.class.php
Log Message: ----------- Do not try to wrap output in case response handling is disabled
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 12db0baeaee530007fe7b1915faf3e9867356f7b https://github.com/phpmyadmin/phpmyadmin/commit/12db0baeaee530007fe7b1915faf... Author: Michal Čihař michal@cihar.com Date: 2016-07-29 (Fri, 29 Jul 2016)
Changed paths: M libraries/replication.inc.php
Log Message: ----------- Move hostname sanitization to correct place
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 5ba96c8804d9dd18ad380e9c5cb713201ab3cb89 https://github.com/phpmyadmin/phpmyadmin/commit/5ba96c8804d9dd18ad380e9c5cb7... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-08-16 (Tue, 16 Aug 2016)
Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php
Log Message: ----------- Release 4.0.10.17
Signed-off-by: Isaac Bennetch bennetch@gmail.com
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/01673e94ddc4...5ba96c8804d9