Branch: refs/heads/MAINT_4_0_10 Home: https://github.com/phpmyadmin/phpmyadmin Commit: ac81596bfcf0b3cae9f6bc821efa4aa1c7f0c81d https://github.com/phpmyadmin/phpmyadmin/commit/ac81596bfcf0b3cae9f6bc821efa... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-01-15 (Fri, 15 Jan 2016) Changed paths: M setup/frames/form.inc.php M setup/index.php M setup/validate.php Log Message: ----------- [Security] Fix path disclosure, items 1.4.x, 1.5 and 1.6 Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: 9f3488fc3ab6b83618dbb4bebbea4b973764e2ac https://github.com/phpmyadmin/phpmyadmin/commit/9f3488fc3ab6b83618dbb4bebbea... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-01-19 (Tue, 19 Jan 2016) Changed paths: M libraries/TableSearch.class.php Log Message: ----------- Fix XSS in zoom search Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: 0ce4fd2750491a54d27f94cc1403f9da21738aa6 https://github.com/phpmyadmin/phpmyadmin/commit/0ce4fd2750491a54d27f94cc1403... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-01-19 (Tue, 19 Jan 2016) Changed paths: M libraries/DbSearch.class.php Log Message: ----------- Fix XSS in DB_search.php Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: 6a96e67487f2faecb4de4204fee9b96b94020720 https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9... Author: Michal Čihař <michal@cihar.com> Date: 2016-01-26 (Tue, 26 Jan 2016) Changed paths: M js/functions.js Log Message: ----------- Use secure RNG if available Recent browsers come with better RNG, so let's use it for generating password instead of Math.random if available. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 2369daa7f5f550797f560e6b46a021e4558c2d72 https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a0... Author: Michal Čihař <michal@cihar.com> Date: 2016-01-26 (Tue, 26 Jan 2016) Changed paths: M js/functions.js Log Message: ----------- Use full alphabet to generate random passwords Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 6fe54dfa000dd6f43f237e859781fad7111ac1bd https://github.com/phpmyadmin/phpmyadmin/commit/6fe54dfa000dd6f43f237e859781... Author: Michal Čihař <michal@cihar.com> Date: 2016-01-26 (Tue, 26 Jan 2016) Changed paths: A libraries/phpseclib/Crypt/Random.php M libraries/session.inc.php Log Message: ----------- Use phpseclib's Crypt::Random to generate CSRF token Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 27eb98faedcdcd0b856577fcbdfe3e87b2445345 https://github.com/phpmyadmin/phpmyadmin/commit/27eb98faedcdcd0b856577fcbdfe... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-01-26 (Tue, 26 Jan 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Escape javascript variable content Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: fe62b69a5b032de8e1d9d0a04456c1cecf46428c https://github.com/phpmyadmin/phpmyadmin/commit/fe62b69a5b032de8e1d9d0a04456... Author: Michal Čihař <michal@cihar.com> Date: 2016-01-26 (Tue, 26 Jan 2016) Changed paths: M libraries/common.inc.php M libraries/core.lib.php Log Message: ----------- Use hash_equals for comparing token Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 8023340a259ecae6a3bd9268f4e39d097bdf0146 https://github.com/phpmyadmin/phpmyadmin/commit/8023340a259ecae6a3bd9268f4e3... Author: Michal Čihař <michal@cihar.com> Date: 2016-01-26 (Tue, 26 Jan 2016) Changed paths: M libraries/common.inc.php Log Message: ----------- Include common libraries in setup We use PMA_fatalError which in turn needs Response and related objects. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 215f4a8ebe717ba646be00fca8519cf768a902f5 https://github.com/phpmyadmin/phpmyadmin/commit/215f4a8ebe717ba646be00fca851... Author: Michal Čihař <michal@cihar.com> Date: 2016-01-26 (Tue, 26 Jan 2016) Changed paths: M setup/lib/common.inc.php Log Message: ----------- Can not use PMA_fatalError when including fails Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 7056ca9458d26b24a6b1d9255073237c1636ca33 https://github.com/phpmyadmin/phpmyadmin/commit/7056ca9458d26b24a6b1d9255073... Author: Michal Čihař <michal@cihar.com> Date: 2016-01-26 (Tue, 26 Jan 2016) Changed paths: M libraries/common.inc.php Log Message: ----------- Do not process subforms with PMA_MINIMUM_COMMON In such case needed infrastructure is not loaded, so related code won't work anyway. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 25738352df8057b542eeac3237eb6fd1d3ba4289 https://github.com/phpmyadmin/phpmyadmin/commit/25738352df8057b542eeac3237eb... Author: Michal Čihař <michal@cihar.com> Date: 2016-01-26 (Tue, 26 Jan 2016) Changed paths: M libraries/database_interface.lib.php Log Message: ----------- Fallback to default collation connection If user supplied wrong string we should gracefully fallback. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 5b79467245b6e0a476775e2958b42088794f8e02 https://github.com/phpmyadmin/phpmyadmin/commit/5b79467245b6e0a476775e2958b4... Author: Michal Čihař <michal@cihar.com> Date: 2016-01-27 (Wed, 27 Jan 2016) Changed paths: M libraries/common.inc.php Log Message: ----------- Enable localization before redirect This is needed in case of IIS which needs full HTML response. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 16136ea0ef224ed22c3dffd629e3e147579f5f38 https://github.com/phpmyadmin/phpmyadmin/commit/16136ea0ef224ed22c3dffd629e3... Author: Isaac Bennetch <bennetch@gmail.com> Date: 2016-01-27 (Wed, 27 Jan 2016) Changed paths: M README M doc/conf.py M libraries/Config.class.php Log Message: ----------- Increment version for 4.0.10.13 release Signed-off-by: Isaac Bennetch <bennetch@gmail.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/66149607b1b5...16136ea0ef22