Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: edd929216ade9f7c150a262ba3db44db0fed0e1b https://github.com/phpmyadmin/phpmyadmin/commit/edd929216ade9f7c150a262ba3db... Author: Michal Čihař michal@cihar.com Date: 2017-12-14 (Thu, 14 Dec 2017)
Changed paths: M libraries/URL.php M libraries/common.inc.php M libraries/navigation/NavigationTree.php M libraries/navigation/nodes/NodeColumn.php M libraries/navigation/nodes/NodeColumnContainer.php M libraries/navigation/nodes/NodeDatabase.php M libraries/navigation/nodes/NodeDatabaseContainer.php M libraries/navigation/nodes/NodeEvent.php M libraries/navigation/nodes/NodeEventContainer.php M libraries/navigation/nodes/NodeFunction.php M libraries/navigation/nodes/NodeFunctionContainer.php M libraries/navigation/nodes/NodeIndex.php M libraries/navigation/nodes/NodeIndexContainer.php M libraries/navigation/nodes/NodeProcedure.php M libraries/navigation/nodes/NodeProcedureContainer.php M libraries/navigation/nodes/NodeTable.php M libraries/navigation/nodes/NodeTableContainer.php M libraries/navigation/nodes/NodeTrigger.php M libraries/navigation/nodes/NodeTriggerContainer.php M libraries/navigation/nodes/NodeView.php M libraries/navigation/nodes/NodeViewContainer.php M test/classes/AdvisorTest.php M test/classes/DbSearchTest.php M test/classes/DisplayResultsTest.php M test/classes/FooterTest.php M test/classes/ThemeTest.php M test/classes/URLTest.php M test/classes/config/PageSettingsTest.php M test/classes/navigation/NavigationTest.php M test/classes/navigation/NodeDatabaseChildTest.php M test/classes/plugin/auth/AuthenticationConfigTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/libraries/PMA_Form_Processing_test.php M test/libraries/PMA_insert_edit_test.php M test/libraries/PMA_server_privileges_test.php M test/libraries/PMA_user_preferences_test.php M test/libraries/common/PMA_getDbLink_test.php
Log Message: ----------- Bring back token validation to GET requests
This is necessary to avoid CSRF on SQL queries. This is really more a short term fix, proper fix (to be implemented in master) is to avoid accepting SQL queries from GET requests.
This reverts commits:
* dae3390a02ca6687fd31ca784474d56240c6c538 * ea73fded7138038aa5a415c7081d838fc094eff7 * 90433788d6f319cd112f0962ba9b3d1c22b5f2c7 * f797a8d87d8bf3cab3380747194ddd3c5db195e1 * 9c1cfc855318d12f7c0a1c4fbe8f35564aa72769
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 5d71c3972f8feb7d2ed9ee6ac82596a4d6bdbe36 https://github.com/phpmyadmin/phpmyadmin/commit/5d71c3972f8feb7d2ed9ee6ac825... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2017-12-16 (Sat, 16 Dec 2017)
Changed paths: M libraries/URL.php M libraries/common.inc.php M libraries/navigation/NavigationTree.php M libraries/navigation/nodes/NodeColumn.php M libraries/navigation/nodes/NodeColumnContainer.php M libraries/navigation/nodes/NodeDatabase.php M libraries/navigation/nodes/NodeDatabaseContainer.php M libraries/navigation/nodes/NodeEvent.php M libraries/navigation/nodes/NodeEventContainer.php M libraries/navigation/nodes/NodeFunction.php M libraries/navigation/nodes/NodeFunctionContainer.php M libraries/navigation/nodes/NodeIndex.php M libraries/navigation/nodes/NodeIndexContainer.php M libraries/navigation/nodes/NodeProcedure.php M libraries/navigation/nodes/NodeProcedureContainer.php M libraries/navigation/nodes/NodeTable.php M libraries/navigation/nodes/NodeTableContainer.php M libraries/navigation/nodes/NodeTrigger.php M libraries/navigation/nodes/NodeTriggerContainer.php M libraries/navigation/nodes/NodeView.php M libraries/navigation/nodes/NodeViewContainer.php M test/classes/AdvisorTest.php M test/classes/DbSearchTest.php M test/classes/DisplayResultsTest.php M test/classes/FooterTest.php M test/classes/ThemeTest.php M test/classes/URLTest.php M test/classes/config/PageSettingsTest.php M test/classes/navigation/NavigationTest.php M test/classes/navigation/NodeDatabaseChildTest.php M test/classes/plugin/auth/AuthenticationConfigTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/libraries/PMA_Form_Processing_test.php M test/libraries/PMA_insert_edit_test.php M test/libraries/PMA_server_privileges_test.php M test/libraries/PMA_user_preferences_test.php M test/libraries/common/PMA_getDbLink_test.php
Log Message: ----------- Merge pull request #235 from phpmyadmin/token-get
Bring back token validation to GET requests
Commit: 5503abe53a4ee1d8481c2c4283cb7341e1bff03e https://github.com/phpmyadmin/phpmyadmin/commit/5503abe53a4ee1d8481c2c4283cb... Author: Michal Čihař michal@cihar.com Date: 2017-12-18 (Mon, 18 Dec 2017)
Changed paths: M libraries/URL.php M libraries/common.inc.php M libraries/navigation/NavigationTree.php M libraries/navigation/nodes/NodeColumn.php M libraries/navigation/nodes/NodeColumnContainer.php M libraries/navigation/nodes/NodeDatabase.php M libraries/navigation/nodes/NodeDatabaseContainer.php M libraries/navigation/nodes/NodeEvent.php M libraries/navigation/nodes/NodeEventContainer.php M libraries/navigation/nodes/NodeFunction.php M libraries/navigation/nodes/NodeFunctionContainer.php M libraries/navigation/nodes/NodeIndex.php M libraries/navigation/nodes/NodeIndexContainer.php M libraries/navigation/nodes/NodeProcedure.php M libraries/navigation/nodes/NodeProcedureContainer.php M libraries/navigation/nodes/NodeTable.php M libraries/navigation/nodes/NodeTableContainer.php M libraries/navigation/nodes/NodeTrigger.php M libraries/navigation/nodes/NodeTriggerContainer.php M libraries/navigation/nodes/NodeView.php M libraries/navigation/nodes/NodeViewContainer.php M test/classes/AdvisorTest.php M test/classes/DbSearchTest.php M test/classes/DisplayResultsTest.php M test/classes/FooterTest.php M test/classes/ThemeTest.php M test/classes/URLTest.php M test/classes/config/PageSettingsTest.php M test/classes/navigation/NavigationTest.php M test/classes/navigation/NodeDatabaseChildTest.php M test/classes/plugin/auth/AuthenticationConfigTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/libraries/PMA_Form_Processing_test.php M test/libraries/PMA_insert_edit_test.php M test/libraries/PMA_server_privileges_test.php M test/libraries/PMA_user_preferences_test.php M test/libraries/common/PMA_getDbLink_test.php
Log Message: ----------- Merge remote-tracking branch 'security/QA_4_7-security' into QA_4_7-security
Commit: 771715a57f339d8caa46c1f8931a7b15ae35e609 https://github.com/phpmyadmin/phpmyadmin/commit/771715a57f339d8caa46c1f8931a... Author: Michal Čihař michal@cihar.com Date: 2017-12-18 (Mon, 18 Dec 2017)
Log Message: ----------- Merge branch 'QA_4_7-security' into master-security
Commit: d12bf0fe0150ec8e517af9f9525046fc9c74452e https://github.com/phpmyadmin/phpmyadmin/commit/d12bf0fe0150ec8e517af9f95250... Author: Isaac Bennetch bennetch@gmail.com Date: 2017-12-23 (Sat, 23 Dec 2017)
Log Message: ----------- Merge remote-tracking branch 'security/master-security'
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/dd3a40384f51...d12bf0fe0150