[Phpmyadmin-git] [phpmyadmin/phpmyadmin] 01d35b: fix self-XSS, thanks to Michał Bentkowski for repo...

Branch: refs/heads/MAINT_3_5_8 Home: https://github.com/phpmyadmin/phpmyadmin Commit: 01d35b3558e47fba947719857bd71f6fd9e5dce8 https://github.com/phpmyadmin/phpmyadmin/commit/01d35b3558e47fba947719857bd… Author: Dieter Adriaenssens &lt;ruleant(a)users.sourceforge.net&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M libraries/display_tbl.lib.php Log Message: ----------- fix self-XSS, thanks to Michał Bentkowski for reporting, see PMASA-2013-8 Commit: 99e97594258a10c55fb825de6a8031356d24dbe2 https://github.com/phpmyadmin/phpmyadmin/commit/99e97594258a10c55fb825de6a8… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M ChangeLog Log Message: ----------- ChangeLog entry for PMASA-2013-8 Commit: 7f9d762e89157144fbcc01167a3141e39ac25da1 https://github.com/phpmyadmin/phpmyadmin/commit/7f9d762e89157144fbcc01167a3… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M ChangeLog M js/tbl_chart.js Log Message: ----------- Fix self-XSS in Display chart, see PMASA-2013-9 Commit: 6f003b0ccb1293e5ff5be41bd25582485f480743 https://github.com/phpmyadmin/phpmyadmin/commit/6f003b0ccb1293e5ff5be41bd25… Author: J.M &lt;me(a)mynetx.net&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M ChangeLog M server_status.php Log Message: ----------- Fix stored XSS in Server status monitor, see PMASA-2013-9 Commit: 7c58ed002f570c3793df0a77a625d3177ee9a12e https://github.com/phpmyadmin/phpmyadmin/commit/7c58ed002f570c3793df0a77a62… Author: J.M &lt;me(a)mynetx.net&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M ChangeLog M libraries/navigation_header.inc.php Log Message: ----------- Fix stored XSS in navigation panel logo link, see PMASA-2013-9 Commit: 845dae144f4ed665a14bf4912046d5d3d220ef96 https://github.com/phpmyadmin/phpmyadmin/commit/845dae144f4ed665a14bf491204… Author: J.M &lt;me(a)mynetx.net&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M ChangeLog M libraries/config/validate.lib.php Log Message: ----------- Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9 Commit: 9d3941059a7e6a9c12f27c837ea3886b98ac653c https://github.com/phpmyadmin/phpmyadmin/commit/9d3941059a7e6a9c12f27c837ea… Author: J.M &lt;me(a)mynetx.net&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M ChangeLog M version_check.php Log Message: ----------- JSON content type header for version_check.php, see PMASA-2013-9 Commit: f8754f0c63b858a8338cb2e22003477b58a882d2 https://github.com/phpmyadmin/phpmyadmin/commit/f8754f0c63b858a8338cb2e2200… Author: J.M &lt;me(a)mynetx.net&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: A js/jquery/jquery-1.6.2+fix-9521.js R js/jquery/jquery-1.6.2.js Log Message: ----------- Rename jQuery file Commit: adb2ed34dd40996b5bd269fed43c9c9904e563e5 https://github.com/phpmyadmin/phpmyadmin/commit/adb2ed34dd40996b5bd269fed43… Author: Dave Methvin &lt;dave.methvin(a)gmail.com&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M js/jquery/jquery-1.6.2+fix-9521.js Log Message: ----------- Prioritize #id over <tag> to avoid XSS via location.hash (#9521) Signed-off-by: J.M. &lt;me(a)mynetx.net&gt; Commit: 2fd460fa60022206a14bd3ac3966c324ca93c3b1 https://github.com/phpmyadmin/phpmyadmin/commit/2fd460fa60022206a14bd3ac396… Author: J.M &lt;me(a)mynetx.net&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M js/jquery/jquery-1.6.2+fix-9521.js Log Message: ----------- Add comment about included fix in jQuery file header Commit: 045a82e133ced81acf37b159c4a7270b0175070b https://github.com/phpmyadmin/phpmyadmin/commit/045a82e133ced81acf37b159c4a… Author: J.M &lt;me(a)mynetx.net&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M index.php M libraries/common.inc.php M navigation.php M setup/index.php Log Message: ----------- Update jQuery references to jQuery-1.6.2+fix-9521.js Commit: d92ab0e10ad5ecc18db40412c54e354e2627e1ca https://github.com/phpmyadmin/phpmyadmin/commit/d92ab0e10ad5ecc18db40412c54… Author: J.M &lt;me(a)mynetx.net&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M ChangeLog Log Message: ----------- Add ChangeLog entry for jQuery 1.6.3 fix backport Commit: 299c481a58386a846884720d90682ad4079edf3a https://github.com/phpmyadmin/phpmyadmin/commit/299c481a58386a846884720d906… Author: J.M &lt;me(a)mynetx.net&gt; Date: 2013-07-08 (Mon, 08 Jul 2013) Changed paths: M ChangeLog M index.php A js/jquery/jquery-1.6.2+fix-9521.js R js/jquery/jquery-1.6.2.js M libraries/common.inc.php M navigation.php M setup/index.php Log Message: ----------- Merge branch 'mynetx/patch-jquery-1-6-2' [security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMASA-2013-9 Commit: 0440926bcdf98cda6f9096b7988bd8e01bf6711d https://github.com/phpmyadmin/phpmyadmin/commit/0440926bcdf98cda6f9096b7988… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-11 (Thu, 11 Jul 2013) Changed paths: M libraries/Error.class.php M libraries/Error_Handler.class.php M libraries/common.inc.php Log Message: ----------- [security] Avoid full path disclosure from some libraries script, see PMASA-2013-12 Move the PHPMYADMIN constant definition earlier Commit: 63848b24389dfabda8306112e20742b3ff7b8b12 https://github.com/phpmyadmin/phpmyadmin/commit/63848b24389dfabda8306112e20… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-11 (Thu, 11 Jul 2013) Changed paths: M libraries/Config.class.php M libraries/List_Database.class.php M libraries/PDF.class.php M libraries/PMA.php M libraries/RecentTable.class.php M libraries/bookmark.lib.php Log Message: ----------- [security] Avoid full path disclosure from some libraries scripts, see PMASA-2013-12 Commit: 4cc91616057d7517df306fe27b291c9639493d88 https://github.com/phpmyadmin/phpmyadmin/commit/4cc91616057d7517df306fe27b2… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-12 (Fri, 12 Jul 2013) Changed paths: M libraries/common.inc.php Log Message: ----------- [security] Avoid full path disclosure from libraries/common.inc.php, see PMASA-2013-12 Commit: 5d49c44fb862bfdfb8205ff15e8469cfb1b1c5d9 https://github.com/phpmyadmin/phpmyadmin/commit/5d49c44fb862bfdfb8205ff15e8… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-13 (Sat, 13 Jul 2013) Changed paths: M libraries/auth/swekey/swekey.auth.lib.php M libraries/config.default.php M libraries/data_drizzle.inc.php M libraries/data_mysql.inc.php Log Message: ----------- [security] Avoid full path disclosure from some libraries scripts, see PMASA-2013-12 Commit: 2f93578e20fd422f922183254dd50318d03a3e24 https://github.com/phpmyadmin/phpmyadmin/commit/2f93578e20fd422f922183254dd… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-15 (Mon, 15 Jul 2013) Changed paths: M libraries/common.inc.php Log Message: ----------- Move protection statement at beginning of script Commit: 8559162ebc8ce822fa01ac429a6aab08cfa4ceda https://github.com/phpmyadmin/phpmyadmin/commit/8559162ebc8ce822fa01ac429a6… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-15 (Mon, 15 Jul 2013) Changed paths: M libraries/dbi/drizzle-wrappers.lib.php M libraries/display_tbl.lib.php M libraries/engines/bdb.lib.php M libraries/engines/berkeleydb.lib.php M libraries/engines/binlog.lib.php M libraries/engines/innobase.lib.php M libraries/engines/innodb.lib.php M libraries/engines/memory.lib.php M libraries/engines/merge.lib.php M libraries/engines/mrg_myisam.lib.php M libraries/engines/myisam.lib.php M libraries/engines/ndbcluster.lib.php M libraries/engines/pbms.lib.php M libraries/engines/pbxt.lib.php Log Message: ----------- [security] Avoid full path disclosure from some libraries scripts, see PMASA-2013-12 Commit: 1c1e3dca2b0cdfe10615f51a73b7d00718ad8d4b https://github.com/phpmyadmin/phpmyadmin/commit/1c1e3dca2b0cdfe10615f51a73b… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-17 (Wed, 17 Jul 2013) Changed paths: M libraries/pmd_common.php M libraries/schema/Pdf_Relation_Schema.class.php Log Message: ----------- [security] Avoid full path disclosure from some libraries scripts, see PMASA-2013-12 Commit: cd587e6fbce2a85fd6c435fec4ee9449b4c5c5df https://github.com/phpmyadmin/phpmyadmin/commit/cd587e6fbce2a85fd6c435fec4e… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-17 (Wed, 17 Jul 2013) Changed paths: R libraries/.htaccess Log Message: ----------- Delete .htaccess which does not work on all web servers Commit: 8e488a61de87c122d7ee28f03a3b31242d43fb18 https://github.com/phpmyadmin/phpmyadmin/commit/8e488a61de87c122d7ee28f03a3… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-17 (Wed, 17 Jul 2013) Changed paths: R setup/frames/.htaccess R setup/lib/.htaccess Log Message: ----------- Remove other .htaccess for directories which are not at risk Commit: 3b723eba5b192804ab2476ceba7ecd3b471913c6 https://github.com/phpmyadmin/phpmyadmin/commit/3b723eba5b192804ab2476ceba7… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-17 (Wed, 17 Jul 2013) Changed paths: M ChangeLog Log Message: ----------- ChangeLog entry for full path disclosure fixes Commit: 4cbeef599cda87c6d2b1d7ef5542fe1ff316f706 https://github.com/phpmyadmin/phpmyadmin/commit/4cbeef599cda87c6d2b1d7ef554… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-23 (Tue, 23 Jul 2013) Changed paths: M ChangeLog M pmd_pdf.php Log Message: ----------- Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15 Commit: 20f71e767bcd037178cb5455543071323bc7ffd9 https://github.com/phpmyadmin/phpmyadmin/commit/20f71e767bcd037178cb5455543… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-23 (Tue, 23 Jul 2013) Changed paths: M ChangeLog M schema_export.php Log Message: ----------- [security] Fix control user SQL injection in schema_export.php, see PMASA-2015 Commit: dede065d7ad59fb7c31ae384961564b7f7a7c005 https://github.com/phpmyadmin/phpmyadmin/commit/dede065d7ad59fb7c31ae384961… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-23 (Tue, 23 Jul 2013) Changed paths: M ChangeLog M libraries/schema/Export_Relation_Schema.class.php Log Message: ----------- [security] Fix self-XSS in schema export, see PMASA-2013-14 Commit: 333d82d3271b2a1b445134bb6bbb15ae8c9ba8a6 https://github.com/phpmyadmin/phpmyadmin/commit/333d82d3271b2a1b445134bb6bb… Author: Dieter Adriaenssens &lt;ruleant(a)users.sourceforge.net&gt; Date: 2013-07-27 (Sat, 27 Jul 2013) Changed paths: M ChangeLog M version_check.php Log Message: ----------- [security] Fix unencoded json object, see PMASA-2013-11 Commit: 633c628e5cd8dcbbf17ad79d26b17a8b31ee9b7b https://github.com/phpmyadmin/phpmyadmin/commit/633c628e5cd8dcbbf17ad79d26b… Author: Marc Delisle &lt;marc(a)infomarc.info&gt; Date: 2013-07-28 (Sun, 28 Jul 2013) Changed paths: M ChangeLog M Documentation.html M README M libraries/Config.class.php Log Message: ----------- 3.5.8.2 release Compare: https://github.com/phpmyadmin/phpmyadmin/compare/ddada9fb9599...633c628e5cd8