Branch: refs/heads/QA_4_6 Home: https://github.com/phpmyadmin/phpmyadmin Commit: 9f3823a6bc986e911b52b41338881ff35dccc37c https://github.com/phpmyadmin/phpmyadmin/commit/9f3823a6bc986e911b52b4133888... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M phpinfo.php
Log Message: ----------- Sent CSP headers for phpinfo
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 4183bab696c68ef8ee5cb2d58cb8fb2795b0e802 https://github.com/phpmyadmin/phpmyadmin/commit/4183bab696c68ef8ee5cb2d58cb8... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M changelog.php
Log Message: ----------- Send CSP headers on changelog
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 5491d67fb545ef9878b59e05a10f814f7a92a7ad https://github.com/phpmyadmin/phpmyadmin/commit/5491d67fb545ef9878b59e05a10f... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M libraries/Util.php
Log Message: ----------- Avoid possible path traversal using MySQL username
Signed-off-by: Michal Čihař michal@cihar.com
Commit: a82835cf09c20b381b9c8a7bfe337a11ab904ab2 https://github.com/phpmyadmin/phpmyadmin/commit/a82835cf09c20b381b9c8a7bfe33... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M libraries/plugins/export/ExportPhparray.php
Log Message: ----------- Generate valid PHP code even when table/database name contains PHP markup
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 2b5915ce7b061df005373b3ebf5affe7345ef141 https://github.com/phpmyadmin/phpmyadmin/commit/2b5915ce7b061df005373b3ebf5a... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M libraries/plugins/export/ExportPhparray.php
Log Message: ----------- Use phpMyAdmin version in PHP export header
Using fixed 0.2b really makes no sense.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 99d7407aa2817cd9852bf7f4ed03a28d8aac293e https://github.com/phpmyadmin/phpmyadmin/commit/99d7407aa2817cd9852bf7f4ed03... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M test/classes/plugin/export/ExportPhparrayTest.php
Log Message: ----------- Fix PHP export tests
Signed-off-by: Michal Čihař michal@cihar.com
Commit: bd2080c40aa05b883109fbf9739ffb4c674af698 https://github.com/phpmyadmin/phpmyadmin/commit/bd2080c40aa05b883109fbf9739f... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M test/classes/plugin/export/ExportXmlTest.php
Log Message: ----------- Adjust test to not use HTML escaping layer
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 7de139b90ca6926d9ec06c2684ef8877a01b5ed7 https://github.com/phpmyadmin/phpmyadmin/commit/7de139b90ca6926d9ec06c2684ef... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths: M libraries/plugins/export/ExportXml.php M test/classes/plugin/export/ExportXmlTest.php
Log Message: ----------- Properly escape generated XML export
Many fields could contain XML markup, so we need to ensure the generated XML is valid.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: a97be3a604cb9a56074b76905792479251e744a7 https://github.com/phpmyadmin/phpmyadmin/commit/a97be3a604cb9a56074b76905792... Author: Michal Čihař michal@cihar.com Date: 2016-07-08 (Fri, 08 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php
Log Message: ----------- Improve cookie encryption
- use MAC to validate content before decryption - create unique IV for every cookie
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c0b2d56ac0a94c371004f25a5ae3d0ec247516f5 https://github.com/phpmyadmin/phpmyadmin/commit/c0b2d56ac0a94c371004f25a5ae3... Author: Michal Čihař michal@cihar.com Date: 2016-07-09 (Sat, 09 Jul 2016)
Changed paths: M doc/other.rst M js/tbl_structure.js M libraries/import.lib.php M libraries/plugins/import/README M po/az.po M po/bg.po M po/bn.po M po/ca.po M po/cs.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/es.po M po/et.po M po/fi.po M po/fr.po M po/gl.po M po/hi.po M po/hu.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ko.po M po/lt.po M po/nb.po M po/nl.po M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sv.po M po/th.po M po/tr.po M po/uk.po M po/ur.po M po/uz.po M po/uz@latin.po M po/vi.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php
Log Message: ----------- Use https for wiki links
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 1ed4007689ebbb6b6a08a242025382d0f8d347b1 https://github.com/phpmyadmin/phpmyadmin/commit/1ed4007689ebbb6b6a08a2420253... Author: Michal Čihař michal@cihar.com Date: 2016-07-10 (Sun, 10 Jul 2016)
Changed paths: M libraries/replication_gui.lib.php M libraries/server_status_variables.lib.php
Log Message: ----------- Properly escape MySQL status variables
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c4a595357f8393915f8a2258f8997b5d1ba6f1f0 https://github.com/phpmyadmin/phpmyadmin/commit/c4a595357f8393915f8a2258f899... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-07-10 (Sun, 10 Jul 2016)
Changed paths: M examples/openid.php M examples/signon.php
Log Message: ----------- Add Secure and HttpOnly flags for session cookie setup in examples
Signed-off-by: Isaac Bennetch bennetch@gmail.com
Commit: 6aacd7dcfef8a04898393009dea11ddd07a3891d https://github.com/phpmyadmin/phpmyadmin/commit/6aacd7dcfef8a04898393009dea1... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths: M libraries/ip_allow_deny.lib.php M test/libraries/PMA_ip_allow_deny_test.php
Log Message: ----------- Make proxy IP parsing aware of multiple proxies
Signed-off-by: Michal Čihař michal@cihar.com
Commit: fc6ef261eb4469f764d1e305a4ac617d26ca1864 https://github.com/phpmyadmin/phpmyadmin/commit/fc6ef261eb4469f764d1e305a4ac... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths: M .scrutinizer.yml M build.xml M config.sample.inc.php M doc/config.rst M doc/setup.rst R examples/swekey.sample.conf M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/plugins/auth/AuthenticationCookie.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php M phpunit.xml.dist M test/classes/plugin/auth/AuthenticationCookieTest.php
Log Message: ----------- Remove Swekey support
It is buggy and their servers are no longer working.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: de3181277e747a94fb0b0213f3d11576458b72cd https://github.com/phpmyadmin/phpmyadmin/commit/de3181277e747a94fb0b0213f3d1... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths: M libraries/Error.php
Log Message: ----------- Include only relative path in backtrace
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 660e3a177f4933018c94ba1270a61b2437aa1163 https://github.com/phpmyadmin/phpmyadmin/commit/660e3a177f4933018c94ba1270a6... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths: M libraries/core.lib.php
Log Message: ----------- Remove debugging code
Signed-off-by: Michal Čihař michal@cihar.com
Commit: cc7d01daa7fe3c525718c7ef19f82d13e51cc080 https://github.com/phpmyadmin/phpmyadmin/commit/cc7d01daa7fe3c525718c7ef19f8... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M templates/table/gis_visualization/gis_visualization.phtml
Log Message: ----------- Fix XSS in tbl_gis_visualization.php
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: cbba4f4fdb18ad071e3d515a0e96067939d3352b https://github.com/phpmyadmin/phpmyadmin/commit/cbba4f4fdb18ad071e3d515a0e96... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/replication_gui.lib.php
Log Message: ----------- Fix XSS in server_replication.php
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: 5873af7d75b123b9aa0d137cba2bb209e2bdd21f https://github.com/phpmyadmin/phpmyadmin/commit/5873af7d75b123b9aa0d137cba2b... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M ChangeLog M libraries/Header.php M po/es.po M po/ko.po M po/pl.po M po/pt.po M po/pt_BR.po M po/sq.po M po/th.po
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 0bf21ebf720a552c8e727a6cca1c653e20c3160a https://github.com/phpmyadmin/phpmyadmin/commit/0bf21ebf720a552c8e727a6cca1c... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php
Log Message: ----------- Use whitelist rather than blacklist for URL filtering
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 8b5cafc9f3d199d419d8f0e0ce9f3b5bb51d5d2b https://github.com/phpmyadmin/phpmyadmin/commit/8b5cafc9f3d199d419d8f0e0ce9f... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M po/sq.po
Log Message: ----------- Fix wrong merge resolution
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 2090eb57aaada8a2fc1c6e34ceaae657ef2ec404 https://github.com/phpmyadmin/phpmyadmin/commit/2090eb57aaada8a2fc1c6e34ceaa... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M .travis.yml
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 3c06eede3fda803fb2b931598e26d61563a4502b https://github.com/phpmyadmin/phpmyadmin/commit/3c06eede3fda803fb2b931598e26... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M changelog.php M libraries/display_git_revision.lib.php M libraries/engines/Pbxt.php M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/sanitizing.lib.php M templates/list/item.phtml M themes.php
Log Message: ----------- Add rel="noopener noreferrer" to all target="_blank" links
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 3b0115a32159608a930e03a4d3a8830cb3520c54 https://github.com/phpmyadmin/phpmyadmin/commit/3b0115a32159608a930e03a4d3a8... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M test/classes/DisplayResultsTest.php M test/classes/engines/PbxtTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php
Log Message: ----------- Adjust tests to recent changes
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 2ea0b722d7cb7affbfa3f02c9442f0b6f0833306 https://github.com/phpmyadmin/phpmyadmin/commit/2ea0b722d7cb7affbfa3f02c9442... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/plugins/transformations/abs/ImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php M test/classes/plugin/transformations/TransformationPluginsTest.php
Log Message: ----------- Use _blank target instead of invalid _new
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 6da13e2a1cbcd204617ab140ab70e08258473e33 https://github.com/phpmyadmin/phpmyadmin/commit/6da13e2a1cbcd204617ab140ab70... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/plugins/export/ExportMediawiki.php
Log Message: ----------- Escape HTML in Mediawiki comments
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 78bed3c4441bc8ea1b4bf380eb51d100e39841ca https://github.com/phpmyadmin/phpmyadmin/commit/78bed3c4441bc8ea1b4bf380eb51... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/tracking.lib.php
Log Message: ----------- Ensure last version is numeric
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 8095b837faec8508201e500b7c7ff25fe2269fbf https://github.com/phpmyadmin/phpmyadmin/commit/8095b837faec8508201e500b7c7f... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M examples/openid.php M examples/signon.php
Log Message: ----------- Hide session error messages to avoid FPD
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 0d57c09bd582f6f138bb4583374a83b673520fa7 https://github.com/phpmyadmin/phpmyadmin/commit/0d57c09bd582f6f138bb4583374a... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M import.php M libraries/File.php M libraries/file_listing.lib.php
Log Message: ----------- Do not allow symlinks in UploadDir
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 2f79bacefab46fc43cedd70917c50800caaa417a https://github.com/phpmyadmin/phpmyadmin/commit/2f79bacefab46fc43cedd70917c5... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/config/ServerConfigChecks.php
Log Message: ----------- Use phpseclib's Crypt module to generate encryption keys
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 2ef4fe3d842f25e1ad0551e7ca4781b5fc7a4e59 https://github.com/phpmyadmin/phpmyadmin/commit/2ef4fe3d842f25e1ad0551e7ca47... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/plugins/transformations/abs/FormattedTransformationsPlugin.php M test/classes/plugin/transformations/TransformationPluginsTest.php
Log Message: ----------- Use iframe sandbox for rendering HTML in transformation
Signed-off-by: Michal Čihař michal@cihar.com
Commit: e749214b1681ce6af31df169f57b0c23d2a40232 https://github.com/phpmyadmin/phpmyadmin/commit/e749214b1681ce6af31df169f57b... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/VersionInformation.php M libraries/error_report.lib.php
Log Message: ----------- Prefer curl over file_get_contents
Curl is better in SSL certificate verification.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 767195e197e1b75609875330602aa203782e8671 https://github.com/phpmyadmin/phpmyadmin/commit/767195e197e1b75609875330602a... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/config/Validator.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.php M libraries/replication.inc.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message: ----------- Sanitize MySQL host name before connecting
It can contain p: prefix which we don't want to honor.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ba072e42dc15123bdd61185ccce85e384ca452b6 https://github.com/phpmyadmin/phpmyadmin/commit/ba072e42dc15123bdd61185ccce8... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/core.lib.php M libraries/tracking.lib.php A test/libraries/core/PMA_safeUnserialize_test.php
Log Message: ----------- Validate serialized data before unserializing
We need only strings, integers or arrays, so there is no need to unserialize strings containing any complex types.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: bde4ef735b0620f8b11deb21f29a79d9942a98ce https://github.com/phpmyadmin/phpmyadmin/commit/bde4ef735b0620f8b11deb21f29a... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M templates/server/databases/create.phtml
Log Message: ----------- Escape suggested database name
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 80b03a4f1629957c4b3f22288147e5ed8495856b https://github.com/phpmyadmin/phpmyadmin/commit/80b03a4f1629957c4b3f22288147... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/db_designer.lib.php M libraries/plugins/export/ExportSql.php M libraries/plugins/schema/ExportRelationSchema.php M libraries/pmd_common.php M libraries/relation.lib.php
Log Message: ----------- Ensure page number is integer
Even if somebody decides to change configuration storage structure.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 7ef96c5cdc2adc16f4d8530ad90c76715825d471 https://github.com/phpmyadmin/phpmyadmin/commit/7ef96c5cdc2adc16f4d8530ad90c... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M libraries/RecentFavoriteTable.php M libraries/Table.php
Log Message: ----------- Correctly escape MySQL username in queries
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 1290f9895bbcda839d0ae0b150114b9d43ab33f7 https://github.com/phpmyadmin/phpmyadmin/commit/1290f9895bbcda839d0ae0b15011... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths: M po/ko.po
Log Message: ----------- Fix merge error in po file
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 551031da09f461a8cef3f6e5883bd0baf1a872dc https://github.com/phpmyadmin/phpmyadmin/commit/551031da09f461a8cef3f6e5883b... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M transformation_wrapper.php
Log Message: ----------- Validate image scaling dimensions
Ensure we pass only integers and they are not too big.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ceeef537488b348a9ec4c485159e7f097f71bea5 https://github.com/phpmyadmin/phpmyadmin/commit/ceeef537488b348a9ec4c485159e... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/display_export.lib.php
Log Message: ----------- Add missing escaping to the export type
Signed-off-by: Michal Čihař michal@cihar.com
Commit: dd732134f27abc6fc41d4ec52a9e02914ca8fdf6 https://github.com/phpmyadmin/phpmyadmin/commit/dd732134f27abc6fc41d4ec52a9e... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugin_interface.lib.php
Log Message: ----------- Do not try to create non existing classes
Signed-off-by: Michal Čihař michal@cihar.com
Commit: dc52930bbab226ce7b7555c3f8714b3fd31d0499 https://github.com/phpmyadmin/phpmyadmin/commit/dc52930bbab226ce7b7555c3f871... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugins/export/ExportSql.php
Log Message: ----------- Properly handle newlines in SQL comments
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 7e510e8e92b33493aded0086c0b87d8ed7bdec78 https://github.com/phpmyadmin/phpmyadmin/commit/7e510e8e92b33493aded0086c0b8... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M templates/table/structure/display_structure.phtml
Log Message: ----------- Properly escape partition removal query
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 9e3492730ebf6d60dafd0283f605c6ad09f8271a https://github.com/phpmyadmin/phpmyadmin/commit/9e3492730ebf6d60dafd0283f605... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M transformation_wrapper.php
Log Message: ----------- Do not use empty MIME type
This will turn on content sniffing in browser leading to unwanted results.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c3a3531b61bb0c886d4d6838356c32f655a1123c https://github.com/phpmyadmin/phpmyadmin/commit/c3a3531b61bb0c886d4d6838356c... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M transformation_wrapper.php
Log Message: ----------- Escape HTML markup in transformation wrapper
...in case content type is html.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 9f11a0e81198ef39664453de8531f9d627819c9e https://github.com/phpmyadmin/phpmyadmin/commit/9f11a0e81198ef39664453de8531... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/server_user_groups.lib.php
Log Message: ----------- Add missing escaping in user group queries
Signed-off-by: Michal Čihař michal@cihar.com
Commit: cc6853538cec697b67e03fbfef2e5f2c7ebc481f https://github.com/phpmyadmin/phpmyadmin/commit/cc6853538cec697b67e03fbfef2e... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugins/transformations/abs/RegexValidationTransformationsPlugin.php
Log Message: ----------- Properly escape error input in the message
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c3310536b2896a12dab3e0f7715c7e693221de25 https://github.com/phpmyadmin/phpmyadmin/commit/c3310536b2896a12dab3e0f7715c... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugins/transformations/abs/ImageUploadTransformationsPlugin.php
Log Message: ----------- Ensure widht and height are integers
Signed-off-by: Michal Čihař michal@cihar.com
Commit: dc899d8e7584b6bfb104d66668527e9609a80b36 https://github.com/phpmyadmin/phpmyadmin/commit/dc899d8e7584b6bfb104d6666852... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php
Log Message: ----------- Ensure widht and height are integers
Signed-off-by: Michal Čihař michal@cihar.com
Commit: e4be768781a6c17ece9d2d3f34f9aa0f3e2e1056 https://github.com/phpmyadmin/phpmyadmin/commit/e4be768781a6c17ece9d2d3f34f9... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php
Log Message: ----------- Ensure widht and height are integers
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 987cce0bcf2f0ba9b705638343872f56283a0508 https://github.com/phpmyadmin/phpmyadmin/commit/987cce0bcf2f0ba9b70563834387... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M js/tbl_relation.js
Log Message: ----------- Properly escape foreign key selection
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 42c868b69171f7c6095a55ab3998481cb1674d2c https://github.com/phpmyadmin/phpmyadmin/commit/42c868b69171f7c6095a55ab3998... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M templates/table/search/zoom_result_form.phtml
Log Message: ----------- HML encode embedded JSON data
Signed-off-by: Michal Čihař michal@cihar.com
Commit: af8385dc878523a5aa648423b6f33c4f936de95b https://github.com/phpmyadmin/phpmyadmin/commit/af8385dc878523a5aa648423b6f3... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M test/classes/plugin/transformations/TransformationPluginsTest.php
Log Message: ----------- Fix tests for transformations
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 205694982bf5f9a9d2bda80255fef22166dbd4a9 https://github.com/phpmyadmin/phpmyadmin/commit/205694982bf5f9a9d2bda80255fe... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/plugins/export/ExportSql.php
Log Message: ----------- Fix exporting multiline comments
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 306c148098c105aa403a01620c79c56cd1f347c6 https://github.com/phpmyadmin/phpmyadmin/commit/306c148098c105aa403a01620c79... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths: M libraries/navigation/nodes/NodeDatabase.php
Log Message: ----------- Add missing escaping in navigation pane
Signed-off-by: Isaac Bennetch bennetch@gmail.com
Commit: 3a4172525f07753a4ac120cef15df457f0560b6c https://github.com/phpmyadmin/phpmyadmin/commit/3a4172525f07753a4ac120cef15d... Author: Michal Čihař michal@cihar.com Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths: M libraries/plugins/auth/recaptcha/ReCaptcha/ReCaptcha.php A libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Curl.php A libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/CurlPost.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/Socket.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestMethod/SocketPost.php M libraries/plugins/auth/recaptcha/ReCaptcha/RequestParameters.php M libraries/plugins/auth/recaptcha/autoload.php M libraries/tcpdf/README.TXT M libraries/tcpdf/include/sRGB.icc M libraries/tcpdf/include/tcpdf_fonts.php M libraries/tcpdf/include/tcpdf_images.php M libraries/tcpdf/include/tcpdf_static.php M libraries/tcpdf/tcpdf.php M po/ar.po
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: c0a05eced47cb83ff9953829853262a30addb142 https://github.com/phpmyadmin/phpmyadmin/commit/c0a05eced47cb83ff99538298532... Author: Michal Čihař michal@cihar.com Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths: M libraries/navigation/nodes/NodeDatabase.php
Log Message: ----------- Merge branch 'QA_4_6-security' of github.com:phpmyadmin/phpmyadmin-security into QA_4_6-security
Commit: 1543be7138be5de37f6152a2b6d09cc74e1cb42f https://github.com/phpmyadmin/phpmyadmin/commit/1543be7138be5de37f6152a2b6d0... Author: Michal Čihař michal@cihar.com Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths: M doc/config.rst M libraries/plugins/export/ExportXml.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/export/ExportXmlTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/PMA_sanitize_test.php M test/test_data/exploit_test.sql M test/test_data/phpmyadmin_importXML_For_Testing.xml M test/test_data/pma_bookmark.sql
Log Message: ----------- Use https to access phpmyadmin.net
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 7e6edaf756201034b5e08b40f3ffb9f8af9a7d49 https://github.com/phpmyadmin/phpmyadmin/commit/7e6edaf756201034b5e08b40f3ff... Author: Michal Čihař michal@cihar.com Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths: A test/libraries/core/PMA_isAllowedDomain_test.php
Log Message: ----------- Add tests for PMA_isAllowedDomain
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 67d6eeac42c599e53e81781961dadfcb3d8aac23 https://github.com/phpmyadmin/phpmyadmin/commit/67d6eeac42c599e53e81781961da... Author: Michal Čihař michal@cihar.com Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths: M libraries/core.lib.php M test/libraries/core/PMA_isAllowedDomain_test.php
Log Message: ----------- Improve URL filtering in url.php
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 3ba8a026fc403e68ae4854fa0addd00135eb7848 https://github.com/phpmyadmin/phpmyadmin/commit/3ba8a026fc403e68ae4854fa0add... Author: Michal Čihař michal@cihar.com Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths: M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php
Log Message: ----------- Use hash_hmac for MAC rather than plain SHA1
Signed-off-by: Michal Čihař michal@cihar.com
Commit: f45b8cd49cbad2c8b92d02fa2435921d15490b29 https://github.com/phpmyadmin/phpmyadmin/commit/f45b8cd49cbad2c8b92d02fa2435... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.php
Log Message: ----------- Use different secret for MAC than encryption
Generated using string splitting.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 2a2d865d50508458e683b96fa7d33ca5976b1d11 https://github.com/phpmyadmin/phpmyadmin/commit/2a2d865d50508458e683b96fa7d3... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php
Log Message: ----------- Validate input data from cookies
We expect strings only, so not accept anything else.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: e2a25d773d28c9440087f3f54be45680d903d2d2 https://github.com/phpmyadmin/phpmyadmin/commit/e2a25d773d28c9440087f3f54be4... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php
Log Message: ----------- Merge pmaServer and pmaPass cookies
This addresses several issues:
- makes server name encrypted and authenticated, so that it can not be tampered - reduces cookie usage - reduces overhead of encryption/authentication
The pmaUser cookie is still separate to avoid different lifetime (pmaUser has month lifetime, while pmaAuth is session only by default).
Signed-off-by: Michal Čihař michal@cihar.com
Commit: d29df46b3aec576da5d8949b0792f25b63d0ac54 https://github.com/phpmyadmin/phpmyadmin/commit/d29df46b3aec576da5d8949b0792... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php
Log Message: ----------- Do not generate too long session secret
We need 16+16 bytes, generating 256 is not really needed.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ef03daf658db501ddce304a1d2d0cd59dc4a6c71 https://github.com/phpmyadmin/phpmyadmin/commit/ef03daf658db501ddce304a1d2d0... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php
Log Message: ----------- Remove hashing of blowfish secret
New code doesn't have problems with longer secrets.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: f07fd90ee910e4c6f31c310521faff460f046c28 https://github.com/phpmyadmin/phpmyadmin/commit/f07fd90ee910e4c6f31c310521fa... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M doc/config.rst M index.php M libraries/config/ServerConfigChecks.php
Log Message: ----------- Document recommended length of 32 for blowfish_secret
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 2b7be93829c38ccee7e05e769e4878280dc30ed6 https://github.com/phpmyadmin/phpmyadmin/commit/2b7be93829c38ccee7e05e769e48... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/config/ServerConfigChecks.php
Log Message: ----------- Improve Blowfish secret generation in setup script
Now generates secret containing all printable ASCII chars, making it way more random than with hex encoded random string.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: f693c103be7103591902484a232728dcc79a8b02 https://github.com/phpmyadmin/phpmyadmin/commit/f693c103be7103591902484a2327... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M config.sample.inc.php M doc/setup.rst
Log Message: ----------- Document 32 chars length for blowfish_secret
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 3ee65fc8bf3f3d105ed0c532c9344f5feab553ae https://github.com/phpmyadmin/phpmyadmin/commit/3ee65fc8bf3f3d105ed0c532c934... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php
Log Message: ----------- Use MAC to verify IV as well
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 48764f226073be9fb52c7b68101fb8f7b12e3d5f https://github.com/phpmyadmin/phpmyadmin/commit/48764f226073be9fb52c7b68101f... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/import/ImportShp.php
Log Message: ----------- Delete temporary file before reporting error
Signed-off-by: Michal Čihař michal@cihar.com
Commit: d9f918c36550e0e0706b00e5e9811068c6cb4bc8 https://github.com/phpmyadmin/phpmyadmin/commit/d9f918c36550e0e0706b00e5e981... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M doc/conf.py M libraries/server_privileges.lib.php M po/ckb.po
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: ddeab2a11ffd9ffdbb0db84e9c763ce202a4a4aa https://github.com/phpmyadmin/phpmyadmin/commit/ddeab2a11ffd9ffdbb0db84e9c76... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/import/ImportShp.php M libraries/zip_extension.lib.php M test/libraries/PMA_zip_extension_test.php
Log Message: ----------- Sanitize filename on SHP import
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 41e3db158f15abfcc44840071a9e20beb00753ae https://github.com/phpmyadmin/phpmyadmin/commit/41e3db158f15abfcc44840071a9e... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/navigation/NavigationTree.php M libraries/navigation/nodes/Node.php
Log Message: ----------- Properly escape NavigationTreeDbSeparator in queries
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 5d1a6af96f91a14c91e6a5d3ba3b1e0af5f43769 https://github.com/phpmyadmin/phpmyadmin/commit/5d1a6af96f91a14c91e6a5d3ba3b... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/advisory_rules.txt M libraries/sanitizing.lib.php M test/classes/MessageTest.php M url.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 67b538efc3e480168c8377e4bf2390120a914c07 https://github.com/phpmyadmin/phpmyadmin/commit/67b538efc3e480168c8377e4bf23... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M url.php
Log Message: ----------- Send standard set of HTTP headers on redirect
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 643681ee68b0e553a8acd0a33f01ca199d797a17 https://github.com/phpmyadmin/phpmyadmin/commit/643681ee68b0e553a8acd0a33f01... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php
Log Message: ----------- Use consistent iv and encrypted text concatenation as other libs
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 9106b339334f9f40d814ea1bcd690a568726a8f5 https://github.com/phpmyadmin/phpmyadmin/commit/9106b339334f9f40d814ea1bcd69... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M test/classes/plugin/auth/AuthenticationCookieTest.php
Log Message: ----------- Improve secrets splitting
- ensure it has 16 bytes - extends it by copying content if original is too short - correctly handle corner cases (eg. 1 byte secret)
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 024a924b38aaf87c60e9eedc86b86c5b8d9f9aba https://github.com/phpmyadmin/phpmyadmin/commit/024a924b38aaf87c60e9eedc86b8... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.php
Log Message: ----------- Avoid calculating strlen twice
Signed-off-by: Michal Čihař michal@cihar.com
Commit: d93b8736379ccc5cf0884ed9daa55ab7997b6ccb https://github.com/phpmyadmin/phpmyadmin/commit/d93b8736379ccc5cf0884ed9daa5... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/config/ServerConfigChecks.php
Log Message: ----------- Move return to correct place
Signed-off-by: Michal Čihař michal@cihar.com
Commit: fd324e583ed72b21ccaca4f84ec6b0a858861ae6 https://github.com/phpmyadmin/phpmyadmin/commit/fd324e583ed72b21ccaca4f84ec6... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/config/ServerConfigChecks.php
Log Message: ----------- Revert "Move return to correct place"
This reverts commit d93b8736379ccc5cf0884ed9daa55ab7997b6ccb.
Commit: 28eb84ef435bc0be8446ce62c57f438cf5bbd070 https://github.com/phpmyadmin/phpmyadmin/commit/28eb84ef435bc0be8446ce62c57f... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M ChangeLog M libraries/Table.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: ff1016e504770dd334ab30fa85de11e8559eee01 https://github.com/phpmyadmin/phpmyadmin/commit/ff1016e504770dd334ab30fa85de... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M libraries/create_addfield.lib.php M normalization.php M tbl_addfield.php
Log Message: ----------- Limit maximal numver of fields to 4096
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 623f5b46213b8b4fda16f52017dbaec3e44e1ce3 https://github.com/phpmyadmin/phpmyadmin/commit/623f5b46213b8b4fda16f52017db... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M file_echo.php
Log Message: ----------- Remove no longer used code
It was used by old charts code to download charts.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 835958af3105d13754f3ba3c58de85dc7c25633e https://github.com/phpmyadmin/phpmyadmin/commit/835958af3105d13754f3ba3c58de... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths: M ChangeLog M libraries/DisplayResults.php M libraries/Linter.php M libraries/PDF.php M libraries/plugins/schema/dia/Dia.php M libraries/plugins/schema/eps/Eps.php M libraries/plugins/schema/svg/Svg.php M libraries/tracking.lib.php M tbl_get_field.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 1e6b740e6feace1a7be44a19a980477ce62fdded https://github.com/phpmyadmin/phpmyadmin/commit/1e6b740e6feace1a7be44a19a980... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths: M import.php M libraries/dbi/DBIMysql.php M libraries/dbi/DBIMysqli.php
Log Message: ----------- Enable LOAD DATA LOCAL INFILE only when needed
There is no need to have this feature allowed for normal SQL queries, it can lead to leaking sensitive files from the web server. It's enough to enable it only in LDI import plugin, where we control what queries are executed.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: f0f8f2b65e46f11ed23efe3262810132ffa2b1bf https://github.com/phpmyadmin/phpmyadmin/commit/f0f8f2b65e46f11ed23efe326281... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths: M libraries/server_privileges.lib.php
Log Message: ----------- Escape routine privileges listing
Signed-off-by: Michal Čihař michal@cihar.com
Commit: b932b94577ec7516283d765a645e29d2fb4d6d5a https://github.com/phpmyadmin/phpmyadmin/commit/b932b94577ec7516283d765a645e... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths: M libraries/gis/GISGeometry.php
Log Message: ----------- Ensure GIS point coordinates are numeric
Signed-off-by: Michal Čihař michal@cihar.com
Commit: d3a91549be9fd63d3afe3ea542114aa72f4cd79a https://github.com/phpmyadmin/phpmyadmin/commit/d3a91549be9fd63d3afe3ea54211... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths: M libraries/session.inc.php
Log Message: ----------- Remove file path from the session error message
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 754c1c987bef11093e905dfa20b06273851647ea https://github.com/phpmyadmin/phpmyadmin/commit/754c1c987bef11093e905dfa20b0... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths: M lint.php
Log Message: ----------- Properly mark requests to lint as AJAX request
Signed-off-by: Michal Čihař michal@cihar.com
Commit: e67e69229a1df3a26df12b1bae89065834fd85b4 https://github.com/phpmyadmin/phpmyadmin/commit/e67e69229a1df3a26df12b1bae89... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php
Log Message: ----------- Remove option to show phpinfo() ($cfg['ShowPhpInfo'])
This is really more a PHP debugging feature than anything related to phpMyAdmin. If user wants to debug, it's as simple a creating file with one line of php code.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 3ec8ba8693589b434283bb89489e5bf4908bfa79 https://github.com/phpmyadmin/phpmyadmin/commit/3ec8ba8693589b434283bb89489e... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php
Log Message: ----------- Merge pull request #179 from phpmyadmin/remove-phpinfo
Remove option to show phpinfo() ($cfg['ShowPhpInfo'])
Commit: c868852ae498893aa1717108b72e869146eaed49 https://github.com/phpmyadmin/phpmyadmin/commit/c868852ae498893aa1717108b72e... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths: M ChangeLog M libraries/Config.php M libraries/VersionInformation.php M libraries/server_privileges.lib.php M user_password.php M view_create.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 99492bf42aee13181ec6b796c5d13db3ee915b94 https://github.com/phpmyadmin/phpmyadmin/commit/99492bf42aee13181ec6b796c5d1... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths: M ChangeLog M libraries/core.lib.php M libraries/session.inc.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/auth/AuthenticationHttpTest.php M test/classes/plugin/auth/AuthenticationSignonTest.php M test/libraries/core/PMA_headerLocation_test.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 9f64b31fccd588f5534ec7cca1de42f11c202888 https://github.com/phpmyadmin/phpmyadmin/commit/9f64b31fccd588f5534ec7cca1de... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths: M ChangeLog
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 77a4d6ed9504b37d7cd26bcea26f30ecc6afdadd https://github.com/phpmyadmin/phpmyadmin/commit/77a4d6ed9504b37d7cd26bcea26f... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths: R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh
Log Message: ----------- Move generator scripts out of the code
Signed-off-by: Michal Čihař michal@cihar.com
Commit: cc9d0f128ca51afb49f453d9327c851bcbe07f19 https://github.com/phpmyadmin/phpmyadmin/commit/cc9d0f128ca51afb49f453d9327c... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths: M db_central_columns.php M libraries/DisplayResults.php M libraries/browse_foreigners.lib.php M libraries/controllers/server/ServerBinlogController.php M libraries/plugins/AuthenticationPlugin.php M libraries/plugins/auth/AuthenticationCookie.php M templates/columns_definitions/column_name.phtml M templates/table/search/options.phtml M templates/table/search/options_zoom.phtml
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: c90967071a3f43c7b53315c2595277748c1b4bed https://github.com/phpmyadmin/phpmyadmin/commit/c90967071a3f43c7b53315c25952... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths: M user_password.php
Log Message: ----------- Do not allow to set too long password
We do not accept password longer than 256 chars, so do not accept it on password change as well.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 774f0c1fefefa9b505838719c94ace9c61126bd6 https://github.com/phpmyadmin/phpmyadmin/commit/774f0c1fefefa9b505838719c94a... Author: Michal Čihař michal@cihar.com Date: 2016-07-27 (Wed, 27 Jul 2016)
Changed paths: M libraries/ZipFile.php M libraries/engines/Innodb.php M libraries/sysinfo.lib.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 471c3377c1316a793960d4e99452990d2cefb9b1 https://github.com/phpmyadmin/phpmyadmin/commit/471c3377c1316a793960d4e99452... Author: Michal Čihař michal@cihar.com Date: 2016-07-27 (Wed, 27 Jul 2016)
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 51b676c8e056cd18f2bf23521fa393282228a534 https://github.com/phpmyadmin/phpmyadmin/commit/51b676c8e056cd18f2bf23521fa3... Author: Michal Čihař michal@cihar.com Date: 2016-07-27 (Wed, 27 Jul 2016)
Changed paths: M doc/config.rst M po/es.po
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: d31ff5a1e739d5a8b470b45960f8052d2ced1bba https://github.com/phpmyadmin/phpmyadmin/commit/d31ff5a1e739d5a8b470b45960f8... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths: M DCO M README M doc/config.rst M doc/copyright.rst M doc/credits.rst M doc/faq.rst M doc/glossary.rst A doc/images/usergroups.png M doc/privileges.rst M doc/require.rst M doc/setup.rst M doc/transformations.rst M libraries/config.default.php M libraries/dbi/DBIMysqli.php M libraries/error_report.lib.php M libraries/iconv_wrapper.lib.php M libraries/import.lib.php M libraries/ip_allow_deny.lib.php M libraries/plugins/export/ExportPhparray.php M libraries/plugins/transformations/TEMPLATE_ABSTRACT M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php M libraries/session.inc.php M libraries/url_generating.lib.php M scripts/line-counts.sh M scripts/revision-info M setup/index.php M test/README.rst M test/classes/AdvisorTest.php M test/classes/ConfigTest.php M test/classes/DisplayResultsTest.php M test/classes/MessageTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/auth/AuthenticationHttpTest.php M test/classes/plugin/auth/AuthenticationSignonTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/core/PMA_headerLocation_test.php M test/selenium/TestBase.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 4caa90a8324c928da3e6050f20736dbcbeaf1627 https://github.com/phpmyadmin/phpmyadmin/commit/4caa90a8324c928da3e6050f2073... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths: M libraries/DbSearch.php
Log Message: ----------- Escape string when showing confirmation message
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 1eefa08bb05a3f857f57adad785f89c16c2d6ff8 https://github.com/phpmyadmin/phpmyadmin/commit/1eefa08bb05a3f857f57adad785f... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths: M js/functions.js M version_check.php
Log Message: ----------- Add login and token validation to version_check
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 8dcaae5f83588b1aa65a05d3d93f408540dbf22d https://github.com/phpmyadmin/phpmyadmin/commit/8dcaae5f83588b1aa65a05d3d93f... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths: M libraries/Response.php
Log Message: ----------- Do not try to wrap output in case response handling is disabled
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 1221b5ea4a0b5023a379ccca7db784dbe410cf3c https://github.com/phpmyadmin/phpmyadmin/commit/1221b5ea4a0b5023a379ccca7db7... Author: Michal Čihař michal@cihar.com Date: 2016-07-29 (Fri, 29 Jul 2016)
Changed paths: M ChangeLog M libraries/DatabaseInterface.php M libraries/Util.php M libraries/controllers/server/ServerDatabasesController.php M po/fi.po M server_privileges.php M test/classes/controllers/ServerDatabasesControllerTest.php M themes/original/css/common.css.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 1f595e37e0f68c98034a0d13787787607d5f74f1 https://github.com/phpmyadmin/phpmyadmin/commit/1f595e37e0f68c98034a0d137877... Author: Michal Čihař michal@cihar.com Date: 2016-07-29 (Fri, 29 Jul 2016)
Changed paths: M libraries/replication.inc.php
Log Message: ----------- Move hostname sanitization to correct place
Signed-off-by: Michal Čihař michal@cihar.com
Commit: d621855169f7ac97c1250c7982be8c160ae056ef https://github.com/phpmyadmin/phpmyadmin/commit/d621855169f7ac97c1250c7982be... Author: Michal Čihař michal@cihar.com Date: 2016-08-01 (Mon, 01 Aug 2016)
Changed paths: M ChangeLog M import.php M libraries/config/messages.inc.php M libraries/sql.lib.php M po/af.po M po/ar.po M po/az.po M po/be.po M po/be@latin.po M po/bg.po M po/bn.po M po/br.po M po/brx.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/gu.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr@latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz@latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M sql.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: ef9bd20e7a1b793bf9a64b04b3c5a9e332bb80df https://github.com/phpmyadmin/phpmyadmin/commit/ef9bd20e7a1b793bf9a64b04b3c5... Author: Michal Čihař michal@cihar.com Date: 2016-08-02 (Tue, 02 Aug 2016)
Changed paths: M ChangeLog M doc/config.rst M doc/privileges.rst M po/ia.po M po/sl.po M user_password.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 493ece49ee378bd01beed56cea1ecd7656bec302 https://github.com/phpmyadmin/phpmyadmin/commit/493ece49ee378bd01beed56cea1e... Author: Michal Čihař michal@cihar.com Date: 2016-08-02 (Tue, 02 Aug 2016)
Changed paths: M libraries/plugins/auth/AuthenticationCookie.php M po/it.po M po/tr.po
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: e7d4ef2fbc8f3e83716af24941edc975d55b6554 https://github.com/phpmyadmin/phpmyadmin/commit/e7d4ef2fbc8f3e83716af24941ed... Author: Michal Čihař michal@cihar.com Date: 2016-08-02 (Tue, 02 Aug 2016)
Changed paths: M ChangeLog M index.php M js/ajax.js M libraries/DatabaseInterface.php M libraries/Footer.php M libraries/advisory_rules.txt M libraries/config/messages.inc.php M po/af.po M po/ar.po M po/az.po M po/be.po M po/be@latin.po M po/bg.po M po/bn.po M po/br.po M po/brx.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/gu.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr@latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz@latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M templates/privileges/edit_routine_privileges.phtml M templates/table/structure/display_table_stats.phtml M themes/original/css/common.css.php
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 2ec1f50d4580b4d2c22e39f908efa1cd5688b890 https://github.com/phpmyadmin/phpmyadmin/commit/2ec1f50d4580b4d2c22e39f908ef... Author: Michal Čihař michal@cihar.com Date: 2016-08-03 (Wed, 03 Aug 2016)
Changed paths: M ChangeLog M libraries/controllers/database/DatabaseStructureController.php M libraries/mult_submits.lib.php M libraries/transformations.lib.php M po/et.po M po/it.po M po/ja.po M po/nl.po
Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security
Commit: 0f6b76b57844af5b43675c9ff5489d1a3a6baa63 https://github.com/phpmyadmin/phpmyadmin/commit/0f6b76b57844af5b43675c9ff548... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-08-16 (Tue, 16 Aug 2016)
Changed paths: M .scrutinizer.yml M build.xml M changelog.php M config.sample.inc.php M doc/config.rst M doc/setup.rst M examples/openid.php M examples/signon.php R examples/swekey.sample.conf M file_echo.php M import.php M index.php M js/functions.js M js/tbl_relation.js M libraries/DbSearch.php M libraries/Error.php M libraries/File.php M libraries/RecentFavoriteTable.php M libraries/Response.php M libraries/Table.php M libraries/Util.php M libraries/VersionInformation.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/ServerConfigChecks.php M libraries/config/Validator.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/core.lib.php M libraries/create_addfield.lib.php M libraries/db_designer.lib.php M libraries/dbi/DBIMysql.php M libraries/dbi/DBIMysqli.php M libraries/display_export.lib.php M libraries/display_git_revision.lib.php M libraries/engines/Pbxt.php M libraries/error_report.lib.php M libraries/file_listing.lib.php M libraries/gis/GISGeometry.php M libraries/ip_allow_deny.lib.php M libraries/navigation/NavigationTree.php M libraries/navigation/nodes/Node.php M libraries/navigation/nodes/NodeDatabase.php M libraries/plugin_interface.lib.php M libraries/plugins/auth/AuthenticationCookie.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php M libraries/plugins/export/ExportMediawiki.php M libraries/plugins/export/ExportPhparray.php M libraries/plugins/export/ExportSql.php M libraries/plugins/export/ExportXml.php M libraries/plugins/import/ImportShp.php M libraries/plugins/schema/ExportRelationSchema.php M libraries/plugins/transformations/abs/FormattedTransformationsPlugin.php M libraries/plugins/transformations/abs/ImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/ImageUploadTransformationsPlugin.php M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php M libraries/plugins/transformations/abs/RegexValidationTransformationsPlugin.php M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh M libraries/pmd_common.php M libraries/relation.lib.php M libraries/replication.inc.php M libraries/replication_gui.lib.php M libraries/sanitizing.lib.php M libraries/server_privileges.lib.php M libraries/server_status_variables.lib.php M libraries/server_user_groups.lib.php M libraries/session.inc.php M libraries/tracking.lib.php M libraries/zip_extension.lib.php M lint.php M normalization.php R phpinfo.php M phpunit.xml.dist A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh M tbl_addfield.php M templates/list/item.phtml M templates/server/databases/create.phtml M templates/table/gis_visualization/gis_visualization.phtml M templates/table/search/zoom_result_form.phtml M templates/table/structure/display_structure.phtml M test/classes/DisplayResultsTest.php M test/classes/engines/PbxtTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/classes/plugin/export/ExportPhparrayTest.php M test/classes/plugin/export/ExportXmlTest.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_ip_allow_deny_test.php M test/libraries/PMA_zip_extension_test.php A test/libraries/core/PMA_isAllowedDomain_test.php A test/libraries/core/PMA_safeUnserialize_test.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php M themes.php M transformation_wrapper.php M url.php M user_password.php M version_check.php
Log Message: ----------- Merge remote-tracking branch 'security/QA_4_6-security' into QA_4_6
Commit: b9a6a9993e175ff13375462333ce1139095d01e1 https://github.com/phpmyadmin/phpmyadmin/commit/b9a6a9993e175ff13375462333ce... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-08-16 (Tue, 16 Aug 2016)
Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.php
Log Message: ----------- Release 4.6.4
Signed-off-by: Isaac Bennetch bennetch@gmail.com
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/13d341530bec...b9a6a9993e17