Branch: refs/heads/MAINT_4_0_10 Home: https://github.com/phpmyadmin/phpmyadmin Commit: e46fdb8e5e5fab4df762d0af54e328f290f442a8 https://github.com/phpmyadmin/phpmyadmin/commit/e46fdb8e5e5fab4df762d0af54e3... Author: Michal Čihař <michal@cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M phpinfo.php Log Message: ----------- Sent CSP headers for phpinfo Signed-off-by: Michal Čihař <michal@cihar.com> Commit: c6cfb58834267c36169d045bc42ebbcacfa7f1c2 https://github.com/phpmyadmin/phpmyadmin/commit/c6cfb58834267c36169d045bc42e... Author: Michal Čihař <michal@cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/Util.class.php Log Message: ----------- Avoid possible path traversal using MySQL username Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 34a1cebf762af07ba80e9d3aa05ffcd20b4025c7 https://github.com/phpmyadmin/phpmyadmin/commit/34a1cebf762af07ba80e9d3aa05f... Author: Michal Čihař <michal@cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportPhparray.class.php Log Message: ----------- Generate valid PHP code even when table/database name contains PHP markup Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 59e0f3dee4b7cfe05375f8b0e90adb19e1af6377 https://github.com/phpmyadmin/phpmyadmin/commit/59e0f3dee4b7cfe05375f8b0e90a... Author: Michal Čihař <michal@cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportXml.class.php Log Message: ----------- Properly escape generated XML export Many fields could contain XML markup, so we need to ensure the generated XML is valid. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 95b7b7d6dd1402aba6a0d9ccc8683b7ef53602b4 https://github.com/phpmyadmin/phpmyadmin/commit/95b7b7d6dd1402aba6a0d9ccc868... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-08 (Fri, 08 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Improve cookie encryption - use MAC to validate content before decryption - create unique IV for every cookie Signed-off-by: Michal Čihař <michal@cihar.com> Commit: cf2e0afdb7b247a54192e85b298ec89adaecebca https://github.com/phpmyadmin/phpmyadmin/commit/cf2e0afdb7b247a54192e85b298e... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-09 (Sat, 09 Jul 2016) Changed paths: M composer.json M doc/other.rst M index.php M libraries/config/FormDisplay.class.php M libraries/config/messages.inc.php M libraries/import.lib.php M po/af.po M po/ar.po M po/az.po M po/be.po M po/be@latin.po M po/bg.po M po/bn.po M po/br.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/gl.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/ko.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr@latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz@latin.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php Log Message: ----------- Use https for wiki links Signed-off-by: Michal Čihař <michal@cihar.com> Commit: a9005b20bcb81b1e2007ab69c6bd67a3679d56b3 https://github.com/phpmyadmin/phpmyadmin/commit/a9005b20bcb81b1e2007ab69c6bd... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M libraries/replication_gui.lib.php M server_status_variables.php Log Message: ----------- Properly escape MySQL status variables Signed-off-by: Michal Čihař <michal@cihar.com> Commit: eb2c702ab22e58cb6e719f6c8a0e0c9816e3e1a1 https://github.com/phpmyadmin/phpmyadmin/commit/eb2c702ab22e58cb6e719f6c8a0e... Author: Isaac Bennetch <bennetch@gmail.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Add Secure and HttpOnly flags for session cookie setup in examples Signed-off-by: Isaac Bennetch <bennetch@gmail.com> Commit: 4440790902618c98f81f23a28747ccc117bfe53b https://github.com/phpmyadmin/phpmyadmin/commit/4440790902618c98f81f23a28747... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Make proxy IP parsing aware of multiple proxies Signed-off-by: Michal Čihař <michal@cihar.com> Commit: ec2bd5d84c4583a38f0086bac207e88f27d77749 https://github.com/phpmyadmin/phpmyadmin/commit/ec2bd5d84c4583a38f0086bac207... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst R examples/swekey.sample.conf M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/plugins/auth/AuthenticationCookie.class.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php Log Message: ----------- Remove Swekey support It is buggy and their servers are no longer working. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: ee6557a689a73b21449ba3ad29c7317aeb06011e https://github.com/phpmyadmin/phpmyadmin/commit/ee6557a689a73b21449ba3ad29c7... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Remove debugging code Signed-off-by: Michal Čihař <michal@cihar.com> Commit: dc2518974124b98a57107e9486084df76a655227 https://github.com/phpmyadmin/phpmyadmin/commit/dc2518974124b98a57107e948608... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Fix syntax error in older PHP versions Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 6cbbcdb719829075aaa2d5a91828831dbf1d74e1 https://github.com/phpmyadmin/phpmyadmin/commit/6cbbcdb719829075aaa2d5a91828... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/replication_gui.lib.php Log Message: ----------- Fix XSS in server_replication.php Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: a416cbe6c7dd14b843f4ceed6d17be112ad4aad6 https://github.com/phpmyadmin/phpmyadmin/commit/a416cbe6c7dd14b843f4ceed6d17... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php Log Message: ----------- Use whitelist rather than blacklist for URL filtering Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 63a5fdaa21ed2f755b164376aeb661425e8a1ba7 https://github.com/phpmyadmin/phpmyadmin/commit/63a5fdaa21ed2f755b164376aeb6... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M changelog.php M index.php M libraries/display_git_revision.lib.php M libraries/engines/pbxt.lib.php M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/sanitizing.lib.php M themes.php Log Message: ----------- Add rel="noopener noreferrer" to all target="_blank" links Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 0a4cdc25f1b30db18186726d9122e68b4cba120a https://github.com/phpmyadmin/phpmyadmin/commit/0a4cdc25f1b30db18186726d9122... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php Log Message: ----------- Use _blank target instead of invalid _new Signed-off-by: Michal Čihař <michal@cihar.com> Commit: e9a4de70a769312d3dce61b69f65015cdd2c4681 https://github.com/phpmyadmin/phpmyadmin/commit/e9a4de70a769312d3dce61b69f65... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/export/ExportMediawiki.class.php Log Message: ----------- Escape HTML in Mediawiki comments Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 41684ff1a1fe2380c93fc3a0bf2d68ceb81b55e5 https://github.com/phpmyadmin/phpmyadmin/commit/41684ff1a1fe2380c93fc3a0bf2d... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Hide session error messages to avoid FPD Signed-off-by: Michal Čihař <michal@cihar.com> Commit: ab05803a4257c12ee75c3cf1cbc941b3ab1dcf7e https://github.com/phpmyadmin/phpmyadmin/commit/ab05803a4257c12ee75c3cf1cbc9... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M import.php M libraries/File.class.php M libraries/file_listing.lib.php Log Message: ----------- Do not allow symlinks in UploadDir Signed-off-by: Michal Čihař <michal@cihar.com> Commit: c8297b4718d46f1d78ec7405cdbeb3b3f937001f https://github.com/phpmyadmin/phpmyadmin/commit/c8297b4718d46f1d78ec7405cdbe... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php M setup/lib/index.lib.php Log Message: ----------- Use phpseclib's Crypt module to generate encryption keys Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 14fd2758114040d4aa2d49c50f425f1e5a046a7f https://github.com/phpmyadmin/phpmyadmin/commit/14fd2758114040d4aa2d49c50f42... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php Log Message: ----------- Use iframe sandbox for rendering HTML in transformation Signed-off-by: Michal Čihař <michal@cihar.com> Commit: bdc7436c7796c7500a53d84bf44c6e24bf96fa74 https://github.com/phpmyadmin/phpmyadmin/commit/bdc7436c7796c7500a53d84bf44c... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M version_check.php Log Message: ----------- Prefer curl over file_get_contents Curl is better in SSL certificate verification. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 8e0918cc410fea4bb58a26caa0bb07b65c8da77c https://github.com/phpmyadmin/phpmyadmin/commit/8e0918cc410fea4bb58a26caa0bb... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/validate.lib.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/replication.inc.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php Log Message: ----------- Sanitize MySQL host name before connecting It can contain p: prefix which we don't want to honor. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 80c93025a7523da0fd7ba25c11d10adbe425d439 https://github.com/phpmyadmin/phpmyadmin/commit/80c93025a7523da0fd7ba25c11d1... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/core.lib.php M tbl_tracking.php A test/libraries/core/PMA_safeUnserialize_test.php Log Message: ----------- Validate serialized data before unserializing We need only strings, integers or arrays, so there is no need to unserialize strings containing any complex types. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: a3953f88ef5ab287718bf73c454733947ce52128 https://github.com/phpmyadmin/phpmyadmin/commit/a3953f88ef5ab287718bf73c4547... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/display_create_database.lib.php Log Message: ----------- Escape suggested database name Signed-off-by: Michal Čihař <michal@cihar.com> Commit: fec9b98a22afd6e484e584c71990cc1325e96f2c https://github.com/phpmyadmin/phpmyadmin/commit/fec9b98a22afd6e484e584c71990... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/schema/Export_Relation_Schema.class.php M libraries/schema/User_Schema.class.php M pmd_pdf.php Log Message: ----------- Ensure page number is integer Even if somebody decides to change configuration storage structure. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 8ac57b1281250cbf3f0eee3db23fed281ad2ba3d https://github.com/phpmyadmin/phpmyadmin/commit/8ac57b1281250cbf3f0eee3db23f... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/RecentTable.class.php M libraries/Table.class.php Log Message: ----------- Correctly escape MySQL username in queries Signed-off-by: Michal Čihař <michal@cihar.com> Commit: ff88cdbed224273b65e3df3a584c16e8b893cbbf https://github.com/phpmyadmin/phpmyadmin/commit/ff88cdbed224273b65e3df3a584c... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Validate image scaling dimensions Ensure we pass only integers and they are not too big. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 7f7a8ac4678d8488759ee68ff751f45821546dd3 https://github.com/phpmyadmin/phpmyadmin/commit/7f7a8ac4678d8488759ee68ff751... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugin_interface.lib.php Log Message: ----------- Do not try to create non existing classes Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 56e13501184d1354b84b63dce7c00deae5066e9b https://github.com/phpmyadmin/phpmyadmin/commit/56e13501184d1354b84b63dce7c0... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Properly handle newlines in SQL comments Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 8f3ee9f9dbcbaddebcdd95f4cbd7c7ea00ab17da https://github.com/phpmyadmin/phpmyadmin/commit/8f3ee9f9dbcbaddebcdd95f4cbd7... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Do not use empty MIME type This will turn on content sniffing in browser leading to unwanted results. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 09a427b288cbbd1508a055a5594f906c22a60dec https://github.com/phpmyadmin/phpmyadmin/commit/09a427b288cbbd1508a055a5594f... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Escape HTML markup in transformation wrapper ...in case content type is html. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 31546255f3ba8c8f2fc1e001aabff2da4054d293 https://github.com/phpmyadmin/phpmyadmin/commit/31546255f3ba8c8f2fc1e001aabf... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 04156efeb02ade052e46e09c93c74b95e2da9175 https://github.com/phpmyadmin/phpmyadmin/commit/04156efeb02ade052e46e09c93c7... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 0f87b73ae203d79f74765c97f637a51b87205515 https://github.com/phpmyadmin/phpmyadmin/commit/0f87b73ae203d79f74765c97f637... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/TableSearch.class.php Log Message: ----------- HML encode embedded JSON data Signed-off-by: Michal Čihař <michal@cihar.com> Commit: ab26a8fe97be18f854c12ffda704f253c7706dfd https://github.com/phpmyadmin/phpmyadmin/commit/ab26a8fe97be18f854c12ffda704... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Fix exporting multiline comments Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 714818f3ad21aa44ed2017ede8009cbc30d4816d https://github.com/phpmyadmin/phpmyadmin/commit/714818f3ad21aa44ed2017ede800... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M ChangeLog M README M README.rst M changelog.php M composer.json M config.sample.inc.php M doc/developers.rst M doc/faq.rst M doc/intro.rst M doc/other.rst M doc/transformations.rst M index.php M libraries/Util.class.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/plugins/export/ExportLatex.class.php M libraries/plugins/export/ExportSql.class.php M libraries/plugins/export/ExportXml.class.php M po/es.po M test/classes/PMA_Message_test.php M test/libraries/PMA_sanitize_test.php M test/libraries/common/PMA_showDocu_test.php M test/test_data/exploit_test.sql M themes.php M version_check.php Log Message: ----------- Use https to access phpmyadmin.net Signed-off-by: Michal Čihař <michal@cihar.com> Commit: e8c5cab3c117e68a0d837319e0e83bdfc50be1fb https://github.com/phpmyadmin/phpmyadmin/commit/e8c5cab3c117e68a0d837319e0e8... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Improve URL filtering in url.php Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 6f8eb0993d1a37f14608b90e433791b723c51085 https://github.com/phpmyadmin/phpmyadmin/commit/6f8eb0993d1a37f14608b90e4337... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php Log Message: ----------- Delete temporary file before reporting error Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 378c3820bf1a3c184640cd8bbe95a3b1f30ff747 https://github.com/phpmyadmin/phpmyadmin/commit/378c3820bf1a3c184640cd8bbe95... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php M libraries/zip_extension.lib.php M test/libraries/PMA_zip_extension_test.php Log Message: ----------- Sanitize filename on SHP import Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 85e1d6ec808634834927ef33e1bc77f617a67ca1 https://github.com/phpmyadmin/phpmyadmin/commit/85e1d6ec808634834927ef33e1bc... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/OutputBuffering.class.php M url.php Log Message: ----------- Send standard set of HTTP headers on redirect Signed-off-by: Michal Čihař <michal@cihar.com> Commit: ae8693db68581d4d0d3a25e317f4ca7cf55b128f https://github.com/phpmyadmin/phpmyadmin/commit/ae8693db68581d4d0d3a25e317f4... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst M index.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M setup/lib/index.lib.php Log Message: ----------- Backport cookie encryption from 4.6 branch - Use hash_hmac for MAC rather than plain SHA1 - Use different secret for MAC than encryption - Merge pmaServer and pmaPass cookies - Document 32 chars length for blowfish_secret Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 5a28b63f9c3f96e0510740625cade52ea32dc392 https://github.com/phpmyadmin/phpmyadmin/commit/5a28b63f9c3f96e0510740625cad... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M tbl_addfield.php M tbl_create.php Log Message: ----------- Limit maximal numver of fields to 4096 Signed-off-by: Michal Čihař <michal@cihar.com> Commit: f261abbdf9fa7f96e30e8e040866a326f5e9b95d https://github.com/phpmyadmin/phpmyadmin/commit/f261abbdf9fa7f96e30e8e040866... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M file_echo.php Log Message: ----------- Remove no longer used code It was used by old charts code to download charts. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: d03954bf9ca3b1cc4037214e7983617732282872 https://github.com/phpmyadmin/phpmyadmin/commit/d03954bf9ca3b1cc4037214e7983... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M import.php M libraries/dbi/mysql.dbi.lib.php M libraries/dbi/mysqli.dbi.lib.php Log Message: ----------- Enable LOAD DATA LOCAL INFILE only when needed There is no need to have this feature allowed for normal SQL queries, it can lead to leaking sensitive files from the web server. It's enough to enable it only in LDI import plugin, where we control what queries are executed. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 4d15f6b131a7ffc107714d9503f8a93e4c7461af https://github.com/phpmyadmin/phpmyadmin/commit/4d15f6b131a7ffc107714d9503f8... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php Log Message: ----------- Fix random invocation Signed-off-by: Michal Čihař <michal@cihar.com> Commit: ac703223e97398d1d3ad902afd036e303dc3de9b https://github.com/phpmyadmin/phpmyadmin/commit/ac703223e97398d1d3ad902afd03... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/gis/pma_gis_geometry.php Log Message: ----------- Ensure GIS point coordinates are numeric Signed-off-by: Michal Čihař <michal@cihar.com> Commit: eec14404a738b1259ee7dfc4fbdf17b47e497f1d https://github.com/phpmyadmin/phpmyadmin/commit/eec14404a738b1259ee7dfc4fbdf... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php Log Message: ----------- Remove option to show phpinfo() ($cfg['ShowPhpInfo']) This is really more a PHP debugging feature than anything related to phpMyAdmin. If user wants to debug, it's as simple a creating file with one line of php code. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 47d00af08a90c5aa47c23f5eaa7b31818bffe9d6 https://github.com/phpmyadmin/phpmyadmin/commit/47d00af08a90c5aa47c23f5eaa7b... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh Log Message: ----------- Move generator scripts out of the code Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 262aa8ec73641a9cba264711575c04424757d655 https://github.com/phpmyadmin/phpmyadmin/commit/262aa8ec73641a9cba264711575c... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M user_password.php Log Message: ----------- Fix password change with cookie auth Signed-off-by: Michal Čihař <michal@cihar.com> Commit: b0e66715ba77d2171458c2a0ef5e2673e9f7ff76 https://github.com/phpmyadmin/phpmyadmin/commit/b0e66715ba77d2171458c2a0ef5e... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M user_password.php Log Message: ----------- Do not allow to set too long password We do not accept password longer than 256 chars, so do not accept it on password change as well. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 126321da378cf14165f845309446be410470229b https://github.com/phpmyadmin/phpmyadmin/commit/126321da378cf14165f845309446... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/DbSearch.class.php Log Message: ----------- Escape string when showing confirmation message Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 533ffa49427c2c5e9a1a7a332df54a8b7f7e57f5 https://github.com/phpmyadmin/phpmyadmin/commit/533ffa49427c2c5e9a1a7a332df5... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M js/functions.js M version_check.php Log Message: ----------- Add login and token validation to version_check Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 2922cb7c70300e76cbaa7509c007f48615ac879d https://github.com/phpmyadmin/phpmyadmin/commit/2922cb7c70300e76cbaa7509c007... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/Response.class.php Log Message: ----------- Do not try to wrap output in case response handling is disabled Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 12db0baeaee530007fe7b1915faf3e9867356f7b https://github.com/phpmyadmin/phpmyadmin/commit/12db0baeaee530007fe7b1915faf... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M libraries/replication.inc.php Log Message: ----------- Move hostname sanitization to correct place Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 5ba96c8804d9dd18ad380e9c5cb713201ab3cb89 https://github.com/phpmyadmin/phpmyadmin/commit/5ba96c8804d9dd18ad380e9c5cb7... Author: Isaac Bennetch <bennetch@gmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php Log Message: ----------- Release 4.0.10.17 Signed-off-by: Isaac Bennetch <bennetch@gmail.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/01673e94ddc4...5ba96c8804d9