Branch: refs/heads/MAINT_4_5_4 Home: https://github.com/phpmyadmin/phpmyadmin Commit: 75a55824012406a08c4debf5ddb7ae41c32a7dbc https://github.com/phpmyadmin/phpmyadmin/commit/75a55824012406a08c4debf5ddb7... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-19 (Tue, 19 Jan 2016)
Changed paths: M libraries/DbSearch.class.php
Log Message: ----------- Fix XSS in DB_search.php
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: 5aee5035646c4fc617564cb0d3d58c0435d64d81 https://github.com/phpmyadmin/phpmyadmin/commit/5aee5035646c4fc617564cb0d3d5... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-19 (Tue, 19 Jan 2016)
Changed paths: M setup/frames/form.inc.php M setup/index.php M setup/validate.php
Log Message: ----------- Fix path disclosure, items 1.4.x, 1.5 and 1.6
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: 019c4f25d500ec5db9ba3b84cc961a7e4e850738 https://github.com/phpmyadmin/phpmyadmin/commit/019c4f25d500ec5db9ba3b84cc96... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-19 (Tue, 19 Jan 2016)
Changed paths: M js/normalization.js
Log Message: ----------- Fix XSS in normalization.php
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: edffb52884b09562490081c3b8666ef46c296418 https://github.com/phpmyadmin/phpmyadmin/commit/edffb52884b09562490081c3b866... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-19 (Tue, 19 Jan 2016)
Changed paths: M templates/table/search/rows_zoom.phtml
Log Message: ----------- Fix XSS in zoom search
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: ec0e88e37ef30a66eada1c072953f4ec385a3e49 https://github.com/phpmyadmin/phpmyadmin/commit/ec0e88e37ef30a66eada1c072953... Author: Michal Čihař michal@cihar.com Date: 2016-01-19 (Tue, 19 Jan 2016)
Changed paths: M libraries/common.inc.php M libraries/core.lib.php
Log Message: ----------- Use hash_equals for comparing token
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 0a24f92d081033576bfdd9d4bdec1a54501734c1 https://github.com/phpmyadmin/phpmyadmin/commit/0a24f92d081033576bfdd9d4bdec... Author: Michal Čihař michal@cihar.com Date: 2016-01-19 (Tue, 19 Jan 2016)
Changed paths: M import_status.php M libraries/Response.class.php M libraries/core.lib.php M libraries/display_import_ajax.lib.php M lint.php M normalization.php M setup/validate.php M version_check.php
Log Message: ----------- Set correct content type for JSON responses
Signed-off-by: Michal Čihař michal@cihar.com
Commit: f20970d32c3dfdf82aef7b6c244da1f769043813 https://github.com/phpmyadmin/phpmyadmin/commit/f20970d32c3dfdf82aef7b6c244d... Author: Michal Čihař michal@cihar.com Date: 2016-01-19 (Tue, 19 Jan 2016)
Changed paths: M libraries/session.inc.php
Log Message: ----------- Use phpseclib's Crypt::Random to generate CSRF token
Signed-off-by: Michal Čihař michal@cihar.com
Commit: cb7748ac9cffcd1cd0f3081499cd4aafa9d1065e https://github.com/phpmyadmin/phpmyadmin/commit/cb7748ac9cffcd1cd0f3081499cd... Author: Michal Čihař michal@cihar.com Date: 2016-01-19 (Tue, 19 Jan 2016)
Changed paths: M libraries/phpseclib/Crypt/AES.php M libraries/phpseclib/Crypt/Base.php M libraries/phpseclib/Crypt/Random.php M libraries/phpseclib/Crypt/Rijndael.php
Log Message: ----------- Update phpseclib to 2.0.1
New version uses PHP 7.0 random_bytes to generate cryptographically secure pseudo-random bytes.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 11496890d7e21786cbfd9fd17ab968f498116b3f https://github.com/phpmyadmin/phpmyadmin/commit/11496890d7e21786cbfd9fd17ab9... Author: Michal Čihař michal@cihar.com Date: 2016-01-19 (Tue, 19 Jan 2016)
Changed paths: M js/codemirror/addon/lint/sql-lint.js
Log Message: ----------- Tell jQuery we're expecting JSON here
It's better to be explicit rather than relying on autodetection.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: aca42efa01917cc0fe8cfdb2927a6399ca1742f2 https://github.com/phpmyadmin/phpmyadmin/commit/aca42efa01917cc0fe8cfdb2927a... Author: Michal Čihař michal@cihar.com Date: 2016-01-25 (Mon, 25 Jan 2016)
Changed paths: M templates/header_location.phtml
Log Message: ----------- Escape javascript variable content
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 671d61830417101352fd8153f276f8854bb17fd0 https://github.com/phpmyadmin/phpmyadmin/commit/671d61830417101352fd8153f276... Author: Michal Čihař michal@cihar.com Date: 2016-01-25 (Mon, 25 Jan 2016)
Changed paths: M ChangeLog M db_create.php M db_designer.php M export.php M gis_data_editor.php M js/server_status_monitor.js M js/server_status_variables.js M js/server_variables.js M libraries/sql.lib.php M schema_export.php M test/libraries/PMA_operations_test.php
Log Message: ----------- Merge branch 'MAINT_4_5_4' into MAINT_4_5_4-security
Commit: 8dedcc1a175eb07debd4fe116407c43694c60b22 https://github.com/phpmyadmin/phpmyadmin/commit/8dedcc1a175eb07debd4fe116407... Author: Michal Čihař michal@cihar.com Date: 2016-01-25 (Mon, 25 Jan 2016)
Changed paths: M js/functions.js
Log Message: ----------- Use secure RNG if available
Recent browsers come with better RNG, so let's use it for generating password instead of Math.random if available.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 912856b432d794201884c36e5f390d446339b6e4 https://github.com/phpmyadmin/phpmyadmin/commit/912856b432d794201884c36e5f39... Author: Michal Čihař michal@cihar.com Date: 2016-01-25 (Mon, 25 Jan 2016)
Changed paths: M js/functions.js
Log Message: ----------- Use full alphabet to generate random passwords
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 3bb784045b7d75e530bdb34522e59d7ad233ba15 https://github.com/phpmyadmin/phpmyadmin/commit/3bb784045b7d75e530bdb34522e5... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M libraries/phpseclib/Crypt/AES.php M libraries/phpseclib/Crypt/Base.php M libraries/phpseclib/Crypt/Random.php M libraries/phpseclib/Crypt/Rijndael.php M libraries/session.inc.php
Log Message: ----------- Merge pull request #4 from phpmyadmin/random
Improve token generation
Commit: 8aa28962f14b5fc6aba8cf018b7e347d4854f427 https://github.com/phpmyadmin/phpmyadmin/commit/8aa28962f14b5fc6aba8cf018b7e... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M import_status.php M js/codemirror/addon/lint/sql-lint.js M libraries/Response.class.php M libraries/core.lib.php M libraries/display_import_ajax.lib.php M lint.php M normalization.php M setup/validate.php M version_check.php
Log Message: ----------- Merge pull request #6 from phpmyadmin/json-header
Set correct content type for JSON responses
Commit: c8615de52a8ad0ec235c6c6efcab1e7a6f8914df https://github.com/phpmyadmin/phpmyadmin/commit/c8615de52a8ad0ec235c6c6efcab... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M templates/header_location.phtml
Log Message: ----------- Merge pull request #7 from phpmyadmin/iis-escape
Escape javascript variable content
Commit: 1d885f90bc35cae54e348260e8a960754c6c3155 https://github.com/phpmyadmin/phpmyadmin/commit/1d885f90bc35cae54e348260e8a9... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M js/functions.js
Log Message: ----------- Merge pull request #8 from phpmyadmin/js-password
Improve JS password generating
Commit: 7ffd8d69a17fab5eee144a7e68990da35e45f089 https://github.com/phpmyadmin/phpmyadmin/commit/7ffd8d69a17fab5eee144a7e6899... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M libraries/common.inc.php M libraries/core.lib.php
Log Message: ----------- Merge pull request #5 from phpmyadmin/hash_equals
Use hash_equals for comparing token
Commit: 85ccdbb5b9c6c7a9830e5cb468662837a59a7aa3 https://github.com/phpmyadmin/phpmyadmin/commit/85ccdbb5b9c6c7a9830e5cb46866... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M libraries/common.inc.php
Log Message: ----------- Include common libraries in setup
We use PMA_fatalError which in turn needs Response and related objects.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 447c88f4884fe30a25d38c331c31d820a19f8c93 https://github.com/phpmyadmin/phpmyadmin/commit/447c88f4884fe30a25d38c331c31... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M setup/lib/common.inc.php
Log Message: ----------- Can not use PMA_fatalError when including fails
Signed-off-by: Michal Čihař michal@cihar.com
Commit: f83b52737e321005959497d8e8f59f8aaedc9048 https://github.com/phpmyadmin/phpmyadmin/commit/f83b52737e321005959497d8e8f5... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M libraries/common.inc.php
Log Message: ----------- Do not process subforms with PMA_MINIMUM_COMMON
In such case needed infrastructure is not loaded, so related code won't work anyway.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 76b10187c38634a29d6780f99f6dcd796191073b https://github.com/phpmyadmin/phpmyadmin/commit/76b10187c38634a29d6780f99f6d... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M libraries/DatabaseInterface.class.php
Log Message: ----------- Fallback to default collation connection
If user supplied wrong string we should gracefully fallback.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c57d3cc7b97b5f32801032f7bb222297aa97dfea https://github.com/phpmyadmin/phpmyadmin/commit/c57d3cc7b97b5f32801032f7bb22... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M libraries/sql-parser/autoload.php
Log Message: ----------- Avoid invalid invocation of SQL parser
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 0cade5712a719f15c44a436895fff3802f1169a5 https://github.com/phpmyadmin/phpmyadmin/commit/0cade5712a719f15c44a436895ff... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M test/libraries/core/PMA_headerLocation_test.php
Log Message: ----------- Fix test expectations
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 60530a1df9f71870d045eef6ae3a845aa58f7973 https://github.com/phpmyadmin/phpmyadmin/commit/60530a1df9f71870d045eef6ae3a... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M .travis.yml
Log Message: ----------- Merge branch 'MAINT_4_5_4' into MAINT_4_5_4-security
Commit: d4b9c22c1f8465bda5b6a83dc7e2cf59c3fe44e1 https://github.com/phpmyadmin/phpmyadmin/commit/d4b9c22c1f8465bda5b6a83dc7e2... Author: Michal Čihař michal@cihar.com Date: 2016-01-27 (Wed, 27 Jan 2016)
Changed paths: M libraries/common.inc.php
Log Message: ----------- Enable localization before redirect
This is needed in case of IIS which needs full HTML response.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 5a3de108f26e4b0dddadddbe8ccdb1dd5526771f https://github.com/phpmyadmin/phpmyadmin/commit/5a3de108f26e4b0dddadddbe8ccd... Author: Michal Čihař michal@cihar.com Date: 2016-01-27 (Wed, 27 Jan 2016)
Changed paths: M libraries/phpseclib/Crypt/AES.php M libraries/phpseclib/Crypt/Rijndael.php
Log Message: ----------- Avoid execution outside phpMyAdmin
This is hacky, but avoids path disclossure on direct access to the scripts.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c9536a88e9d49a67bcfed4873e476aff4b0782b1 https://github.com/phpmyadmin/phpmyadmin/commit/c9536a88e9d49a67bcfed4873e47... Author: Michal Čihař michal@cihar.com Date: 2016-01-27 (Wed, 27 Jan 2016)
Changed paths: M libraries/phpseclib/Crypt/AES.php M libraries/phpseclib/Crypt/Rijndael.php
Log Message: ----------- Move security check behind namespace
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 2870a797f366589d89bc23c6cf29681f17ce3a89 https://github.com/phpmyadmin/phpmyadmin/commit/2870a797f366589d89bc23c6cf29... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-01-27 (Wed, 27 Jan 2016)
Changed paths: M README M doc/conf.py M libraries/Config.class.php
Log Message: ----------- Release 4.5.4
Signed-off-by: Isaac Bennetch bennetch@gmail.com
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/6e6b922ee8bd...2870a797f366