[Phpmyadmin-git] [phpmyadmin/phpmyadmin] 56e9ed: fix unescaped parameter, see PMASA-2013-8 for deta...
Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: 56e9ede5223219cef2187ced385924ef2e0ae21d https://github.com/phpmyadmin/phpmyadmin/commit/56e9ede5223219cef2187ced3859... Author: Dieter Adriaenssens ruleant@users.sourceforge.net Date: 2013-07-07 (Sun, 07 Jul 2013)
Changed paths: M libraries/DisplayResults.class.php
Log Message: ----------- fix unescaped parameter, see PMASA-2013-8 for details
Commit: ff27a2c5e0c706f401b7ee8677cbd46568a4eca2 https://github.com/phpmyadmin/phpmyadmin/commit/ff27a2c5e0c706f401b7ee8677cb... Author: Dieter Adriaenssens ruleant@users.sourceforge.net Date: 2013-07-07 (Sun, 07 Jul 2013)
Changed paths: M libraries/DisplayResults.class.php
Log Message: ----------- add total as parameter to message
Commit: 2005c4b7c15afa61a41e1087464fe12645f535e1 https://github.com/phpmyadmin/phpmyadmin/commit/2005c4b7c15afa61a41e1087464f... Author: J.M me@mynetx.net Date: 2013-07-07 (Sun, 07 Jul 2013)
Changed paths: M ChangeLog M server_status.php
Log Message: ----------- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
Commit: d096a0fc46ef4708f3f4a440a8aba40163e3b72a https://github.com/phpmyadmin/phpmyadmin/commit/d096a0fc46ef4708f3f4a440a8ab... Author: J.M me@mynetx.net Date: 2013-07-07 (Sun, 07 Jul 2013)
Changed paths: M ChangeLog M libraries/navigation/NavigationHeader.class.php
Log Message: ----------- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
Commit: e0d8568ac681073b09f10ad1c4d801df36290036 https://github.com/phpmyadmin/phpmyadmin/commit/e0d8568ac681073b09f10ad1c4d8... Author: J.M me@mynetx.net Date: 2013-07-07 (Sun, 07 Jul 2013)
Changed paths: M ChangeLog M libraries/config/validate.lib.php
Log Message: ----------- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
Commit: 0fea53b7b82134ce0e1979a71b7ce080b5b6ff9a https://github.com/phpmyadmin/phpmyadmin/commit/0fea53b7b82134ce0e1979a71b7c... Author: Marc Delisle marc@infomarc.info Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths: M libraries/Error.class.php M libraries/Error_Handler.class.php M libraries/common.inc.php
Log Message: ----------- [security] Avoid full path disclosure from some libraries script, see PMASA-2013-12
Move the PHPMYADMIN constant definition earlier
Commit: 45d3f4326cad32b09b8d3a07382faf1eeda30dba https://github.com/phpmyadmin/phpmyadmin/commit/45d3f4326cad32b09b8d3a07382f... Author: Marc Delisle marc@infomarc.info Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths: M libraries/Config.class.php M libraries/List_Database.class.php M libraries/PMA.php M libraries/RecentTable.class.php M libraries/bookmark.lib.php
Log Message: ----------- Fix merge conflicts
Commit: 8e4fe7c57a976f2ce9a6931687f4697d519111ec https://github.com/phpmyadmin/phpmyadmin/commit/8e4fe7c57a976f2ce9a6931687f4... Author: Marc Delisle marc@infomarc.info Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths: M libraries/common.inc.php
Log Message: ----------- [security] Avoid full path disclosure from libraries/common.inc.php, see PMASA-2013-12
Commit: 90d968b447729405ee8b6cc5bb406b832ec3c99f https://github.com/phpmyadmin/phpmyadmin/commit/90d968b447729405ee8b6cc5bb40... Author: Marc Delisle marc@infomarc.info Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths: M libraries/config.default.php M libraries/plugins/auth/swekey/swekey.auth.lib.php
Log Message: ----------- Fix merge conflicts
Commit: 7992beb8e42f2a4a3dab275b119d1ebd58e3b164 https://github.com/phpmyadmin/phpmyadmin/commit/7992beb8e42f2a4a3dab275b119d... Author: Marc Delisle marc@infomarc.info Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths: M libraries/common.inc.php
Log Message: ----------- Move protection statement at beginning of script
Commit: 7bfe445f9919716460e006faf7aa226279944e23 https://github.com/phpmyadmin/phpmyadmin/commit/7bfe445f9919716460e006faf7aa... Author: Marc Delisle marc@infomarc.info Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths: M libraries/engines/bdb.lib.php M libraries/engines/berkeleydb.lib.php M libraries/engines/binlog.lib.php M libraries/engines/innobase.lib.php M libraries/engines/innodb.lib.php M libraries/engines/memory.lib.php M libraries/engines/merge.lib.php M libraries/engines/mrg_myisam.lib.php M libraries/engines/myisam.lib.php M libraries/engines/ndbcluster.lib.php M libraries/engines/pbxt.lib.php
Log Message: ----------- Fix merge conflicts
Commit: 142e465c80a1fb3d71e214d29c566c15a416518d https://github.com/phpmyadmin/phpmyadmin/commit/142e465c80a1fb3d71e214d29c56... Author: Marc Delisle marc@infomarc.info Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths: M libraries/pmd_common.php M libraries/schema/Pdf_Relation_Schema.class.php
Log Message: ----------- [security] Avoid full path disclosure from some libraries scripts, see PMASA-2013-12
Commit: f7065ee2a828368f4037dbaba5aeb69803094eea https://github.com/phpmyadmin/phpmyadmin/commit/f7065ee2a828368f4037dbaba5ae... Author: Marc Delisle marc@infomarc.info Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths: R libraries/.htaccess
Log Message: ----------- Delete .htaccess which does not work on all web servers
Commit: 14292721367bafa8778b436063e0fb893364e709 https://github.com/phpmyadmin/phpmyadmin/commit/14292721367bafa8778b436063e0... Author: Marc Delisle marc@infomarc.info Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths: R setup/frames/.htaccess R setup/lib/.htaccess
Log Message: ----------- Remove other .htaccess for directories which are not at risk
Commit: 257bd7349c312a05bde28732d8b8a72d0191cdad https://github.com/phpmyadmin/phpmyadmin/commit/257bd7349c312a05bde28732d8b8... Author: Marc Delisle marc@infomarc.info Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths: M ChangeLog
Log Message: ----------- ChangeLog entry for full path disclosure fixes
Commit: 974d0dedeea7c79ac4533e614d9c0c3abd97e8f9 https://github.com/phpmyadmin/phpmyadmin/commit/974d0dedeea7c79ac4533e614d9c... Author: Marc Delisle marc@infomarc.info Date: 2013-07-23 (Tue, 23 Jul 2013)
Changed paths: M ChangeLog M pmd_pdf.php
Log Message: ----------- [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
Commit: 8ef025ef3d05c164654fee7001517626cf604bb1 https://github.com/phpmyadmin/phpmyadmin/commit/8ef025ef3d05c164654fee700151... Author: Marc Delisle marc@infomarc.info Date: 2013-07-23 (Tue, 23 Jul 2013)
Changed paths: M ChangeLog M schema_export.php
Log Message: ----------- [security] Fix control user SQL injection in schema_export.php, see PMASA-2015
Commit: 1293e9b6e9eb7a831c5738f346ea44dee6d1bf0f https://github.com/phpmyadmin/phpmyadmin/commit/1293e9b6e9eb7a831c5738f346ea... Author: Marc Delisle marc@infomarc.info Date: 2013-07-23 (Tue, 23 Jul 2013)
Changed paths: M ChangeLog M libraries/schema/Export_Relation_Schema.class.php
Log Message: ----------- [security] Fix self-XSS in schema export, see PMASA-2013-14
Commit: b9c814ed6d59733c54965e01e90ffd5d3348fd2c https://github.com/phpmyadmin/phpmyadmin/commit/b9c814ed6d59733c54965e01e90f... Author: Dieter Adriaenssens ruleant@users.sourceforge.net Date: 2013-07-27 (Sat, 27 Jul 2013)
Changed paths: M ChangeLog M version_check.php
Log Message: ----------- [security] Fix unencoded json object, see PMASA-2013-11
Commit: e0c8704f725c56c87b644676ded94dba695de39f https://github.com/phpmyadmin/phpmyadmin/commit/e0c8704f725c56c87b644676ded9... Author: Dieter Adriaenssens ruleant@users.sourceforge.net Date: 2013-07-27 (Sat, 27 Jul 2013)
Changed paths: M ChangeLog M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
Log Message: ----------- [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13
Commit: 836529be425c5a309549ef440ee4d3bd6b30ca29 https://github.com/phpmyadmin/phpmyadmin/commit/836529be425c5a309549ef440ee4... Author: Marc Delisle marc@infomarc.info Date: 2013-07-28 (Sun, 28 Jul 2013)
Changed paths: M ChangeLog R libraries/.htaccess M libraries/Config.class.php M libraries/DisplayResults.class.php M libraries/Error.class.php M libraries/Error_Handler.class.php M libraries/List_Database.class.php M libraries/PMA.php M libraries/RecentTable.class.php M libraries/bookmark.lib.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/validate.lib.php M libraries/engines/bdb.lib.php M libraries/engines/berkeleydb.lib.php M libraries/engines/binlog.lib.php M libraries/engines/innobase.lib.php M libraries/engines/innodb.lib.php M libraries/engines/memory.lib.php M libraries/engines/merge.lib.php M libraries/engines/mrg_myisam.lib.php M libraries/engines/myisam.lib.php M libraries/engines/ndbcluster.lib.php M libraries/engines/pbxt.lib.php M libraries/navigation/NavigationHeader.class.php M libraries/plugins/auth/swekey/swekey.auth.lib.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php M libraries/pmd_common.php M libraries/schema/Export_Relation_Schema.class.php M libraries/schema/Pdf_Relation_Schema.class.php M pmd_pdf.php M schema_export.php M server_status.php R setup/frames/.htaccess R setup/lib/.htaccess M version_check.php
Log Message: ----------- Fix merge conflicts
Commit: 269d0c89fe0c652389295785ed9a9dc282c7616e https://github.com/phpmyadmin/phpmyadmin/commit/269d0c89fe0c652389295785ed9a... Author: Marc Delisle marc@infomarc.info Date: 2013-07-28 (Sun, 28 Jul 2013)
Changed paths: M ChangeLog R libraries/.htaccess M libraries/Config.class.php M libraries/DisplayResults.class.php M libraries/Error.class.php M libraries/Error_Handler.class.php M libraries/List_Database.class.php M libraries/PMA.php M libraries/RecentTable.class.php M libraries/bookmark.lib.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/Validator.class.php M libraries/engines/bdb.lib.php M libraries/engines/berkeleydb.lib.php M libraries/engines/binlog.lib.php M libraries/engines/innobase.lib.php M libraries/engines/innodb.lib.php M libraries/engines/memory.lib.php M libraries/engines/merge.lib.php M libraries/engines/mrg_myisam.lib.php M libraries/engines/myisam.lib.php M libraries/engines/ndbcluster.lib.php M libraries/engines/pbxt.lib.php M libraries/navigation/NavigationHeader.class.php M libraries/plugins/auth/swekey/swekey.auth.lib.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php M libraries/pmd_common.php M libraries/schema/Export_Relation_Schema.class.php M libraries/schema/Pdf_Relation_Schema.class.php M libraries/server_status.lib.php M pmd_pdf.php M schema_export.php M server_status.php R setup/frames/.htaccess R setup/lib/.htaccess
Log Message: ----------- Fix merge conflicts
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/6df3c0adb58c...269d0c89fe0c
-
Marc Delisle