Branch: refs/heads/MAINT_4_0_10 Home: https://github.com/phpmyadmin/phpmyadmin Commit: ac81596bfcf0b3cae9f6bc821efa4aa1c7f0c81d https://github.com/phpmyadmin/phpmyadmin/commit/ac81596bfcf0b3cae9f6bc821efa... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-15 (Fri, 15 Jan 2016)
Changed paths: M setup/frames/form.inc.php M setup/index.php M setup/validate.php
Log Message: ----------- [Security] Fix path disclosure, items 1.4.x, 1.5 and 1.6
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: 9f3488fc3ab6b83618dbb4bebbea4b973764e2ac https://github.com/phpmyadmin/phpmyadmin/commit/9f3488fc3ab6b83618dbb4bebbea... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-19 (Tue, 19 Jan 2016)
Changed paths: M libraries/TableSearch.class.php
Log Message: ----------- Fix XSS in zoom search
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: 0ce4fd2750491a54d27f94cc1403f9da21738aa6 https://github.com/phpmyadmin/phpmyadmin/commit/0ce4fd2750491a54d27f94cc1403... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-19 (Tue, 19 Jan 2016)
Changed paths: M libraries/DbSearch.class.php
Log Message: ----------- Fix XSS in DB_search.php
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: 6a96e67487f2faecb4de4204fee9b96b94020720 https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M js/functions.js
Log Message: ----------- Use secure RNG if available
Recent browsers come with better RNG, so let's use it for generating password instead of Math.random if available.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 2369daa7f5f550797f560e6b46a021e4558c2d72 https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a0... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M js/functions.js
Log Message: ----------- Use full alphabet to generate random passwords
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 6fe54dfa000dd6f43f237e859781fad7111ac1bd https://github.com/phpmyadmin/phpmyadmin/commit/6fe54dfa000dd6f43f237e859781... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: A libraries/phpseclib/Crypt/Random.php M libraries/session.inc.php
Log Message: ----------- Use phpseclib's Crypt::Random to generate CSRF token
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 27eb98faedcdcd0b856577fcbdfe3e87b2445345 https://github.com/phpmyadmin/phpmyadmin/commit/27eb98faedcdcd0b856577fcbdfe... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M libraries/core.lib.php
Log Message: ----------- Escape javascript variable content
Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com
Commit: fe62b69a5b032de8e1d9d0a04456c1cecf46428c https://github.com/phpmyadmin/phpmyadmin/commit/fe62b69a5b032de8e1d9d0a04456... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M libraries/common.inc.php M libraries/core.lib.php
Log Message: ----------- Use hash_equals for comparing token
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 8023340a259ecae6a3bd9268f4e39d097bdf0146 https://github.com/phpmyadmin/phpmyadmin/commit/8023340a259ecae6a3bd9268f4e3... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M libraries/common.inc.php
Log Message: ----------- Include common libraries in setup
We use PMA_fatalError which in turn needs Response and related objects.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 215f4a8ebe717ba646be00fca8519cf768a902f5 https://github.com/phpmyadmin/phpmyadmin/commit/215f4a8ebe717ba646be00fca851... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M setup/lib/common.inc.php
Log Message: ----------- Can not use PMA_fatalError when including fails
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 7056ca9458d26b24a6b1d9255073237c1636ca33 https://github.com/phpmyadmin/phpmyadmin/commit/7056ca9458d26b24a6b1d9255073... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M libraries/common.inc.php
Log Message: ----------- Do not process subforms with PMA_MINIMUM_COMMON
In such case needed infrastructure is not loaded, so related code won't work anyway.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 25738352df8057b542eeac3237eb6fd1d3ba4289 https://github.com/phpmyadmin/phpmyadmin/commit/25738352df8057b542eeac3237eb... Author: Michal Čihař michal@cihar.com Date: 2016-01-26 (Tue, 26 Jan 2016)
Changed paths: M libraries/database_interface.lib.php
Log Message: ----------- Fallback to default collation connection
If user supplied wrong string we should gracefully fallback.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 5b79467245b6e0a476775e2958b42088794f8e02 https://github.com/phpmyadmin/phpmyadmin/commit/5b79467245b6e0a476775e2958b4... Author: Michal Čihař michal@cihar.com Date: 2016-01-27 (Wed, 27 Jan 2016)
Changed paths: M libraries/common.inc.php
Log Message: ----------- Enable localization before redirect
This is needed in case of IIS which needs full HTML response.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 16136ea0ef224ed22c3dffd629e3e147579f5f38 https://github.com/phpmyadmin/phpmyadmin/commit/16136ea0ef224ed22c3dffd629e3... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-01-27 (Wed, 27 Jan 2016)
Changed paths: M README M doc/conf.py M libraries/Config.class.php
Log Message: ----------- Increment version for 4.0.10.13 release
Signed-off-by: Isaac Bennetch bennetch@gmail.com
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/66149607b1b5...16136ea0ef22
-
Isaac Bennetch