Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: dae3390a02ca6687fd31ca784474d56240c6c538 https://github.com/phpmyadmin/phpmyadmin/commit/dae3390a02ca6687fd31ca784474... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/URL.php Log Message: ----------- Remove token from GET requests The CSRF token really should be used only in POST requests. The reason for that is that it's a bit harder to get to if it is in request body (with POST) compared to GET request, where it is in the URL (being easily available in server logs). Also this will make the URLs look nicer ;-). This change will definite break some functionality, but since #6297 most of the code should be safe and remaining bugs can be fixed for upcoming release. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: ea73fded7138038aa5a415c7081d838fc094eff7 https://github.com/phpmyadmin/phpmyadmin/commit/ea73fded7138038aa5a415c7081d... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M test/classes/AdvisorTest.php M test/classes/DbSearchTest.php M test/classes/DisplayResultsTest.php M test/classes/FooterTest.php M test/classes/ThemeManagerTest.php M test/classes/ThemeTest.php M test/classes/URLTest.php M test/classes/config/PageSettingsTest.php M test/classes/plugin/auth/AuthenticationConfigTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/libraries/PMA_Form_Processing_test.php M test/libraries/PMA_insert_edit_test.php M test/libraries/PMA_server_privileges_test.php M test/libraries/PMA_user_preferences_test.php M test/libraries/common/PMA_getDbLink_test.php M test/libraries/common/PMA_showMessage_test_disabled.php Log Message: ----------- Adjust tests to token removal from GET Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 7f43348e6b77f12fc4669f7e5defb582bde49911 https://github.com/phpmyadmin/phpmyadmin/commit/7f43348e6b77f12fc4669f7e5def... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-08-01 (Mon, 01 Aug 2016) Changed paths: M libraries/URL.php M test/classes/AdvisorTest.php M test/classes/DbSearchTest.php M test/classes/DisplayResultsTest.php M test/classes/FooterTest.php M test/classes/ThemeManagerTest.php M test/classes/ThemeTest.php M test/classes/URLTest.php M test/classes/config/PageSettingsTest.php M test/classes/plugin/auth/AuthenticationConfigTest.php M test/classes/plugin/auth/AuthenticationCookieTest.php M test/libraries/PMA_Form_Processing_test.php M test/libraries/PMA_insert_edit_test.php M test/libraries/PMA_server_privileges_test.php M test/libraries/PMA_user_preferences_test.php M test/libraries/common/PMA_getDbLink_test.php M test/libraries/common/PMA_showMessage_test_disabled.php Log Message: ----------- Merge pull request #12415 from nijel/remove-token-get Remove token from GET requests Compare: https://github.com/phpmyadmin/phpmyadmin/compare/dc41f51bf4d2...7f43348e6b77