Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: dae3390a02ca6687fd31ca784474d56240c6c538 https://github.com/phpmyadmin/phpmyadmin/commit/dae3390a02ca6687fd31ca784474... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths: M libraries/URL.php
Log Message: ----------- Remove token from GET requests
The CSRF token really should be used only in POST requests. The reason for that is that it's a bit harder to get to if it is in request body (with POST) compared to GET request, where it is in the URL (being easily available in server logs).
Also this will make the URLs look nicer ;-).
This change will definite break some functionality, but since #6297 most of the code should be safe and remaining bugs can be fixed for upcoming release.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ea73fded7138038aa5a415c7081d838fc094eff7 https://github.com/phpmyadmin/phpmyadmin/commit/ea73fded7138038aa5a415c7081d... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths: M test/classes/AdvisorTest.php M test/classes/DbSearchTest.php M test/classes/DisplayResultsTest.php M test/classes/FooterTest.php M test/classes/ThemeManagerTest.php M test/classes/ThemeTest.php M test/classes/URLTest.php M test/classes/config/PageSettingsTest.php M test/classes/plugin/auth/AuthenticationConfigTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/libraries/PMA_Form_Processing_test.php M test/libraries/PMA_insert_edit_test.php M test/libraries/PMA_server_privileges_test.php M test/libraries/PMA_user_preferences_test.php M test/libraries/common/PMA_getDbLink_test.php M test/libraries/common/PMA_showMessage_test_disabled.php
Log Message: ----------- Adjust tests to token removal from GET
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 7f43348e6b77f12fc4669f7e5defb582bde49911 https://github.com/phpmyadmin/phpmyadmin/commit/7f43348e6b77f12fc4669f7e5def... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-08-01 (Mon, 01 Aug 2016)
Changed paths: M libraries/URL.php M test/classes/AdvisorTest.php M test/classes/DbSearchTest.php M test/classes/DisplayResultsTest.php M test/classes/FooterTest.php M test/classes/ThemeManagerTest.php M test/classes/ThemeTest.php M test/classes/URLTest.php M test/classes/config/PageSettingsTest.php M test/classes/plugin/auth/AuthenticationConfigTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/libraries/PMA_Form_Processing_test.php M test/libraries/PMA_insert_edit_test.php M test/libraries/PMA_server_privileges_test.php M test/libraries/PMA_user_preferences_test.php M test/libraries/common/PMA_getDbLink_test.php M test/libraries/common/PMA_showMessage_test_disabled.php
Log Message: ----------- Merge pull request #12415 from nijel/remove-token-get
Remove token from GET requests
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/dc41f51bf4d2...7f43348e6b77
-
Madhura Jayaratne