Branch: refs/heads/MAINT_4_4_15 Home: https://github.com/phpmyadmin/phpmyadmin Commit: 2d4ebc8c12dab01084f74c6b8d04512f306cf772 https://github.com/phpmyadmin/phpmyadmin/commit/2d4ebc8c12dab01084f74c6b8d04... Author: Deven Bansod <devenbansod.bits@gmail.com> Date: 2016-10-12 (Wed, 12 Oct 2016) Changed paths: M libraries/navigation/NavigationTree.class.php M libraries/navigation/Nodes/Node.class.php Log Message: ----------- Use sprintf instead of directly concatenating the variable Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com> Commit: a67a818f402f685289b4018aac1e79cb249f6ab0 https://github.com/phpmyadmin/phpmyadmin/commit/a67a818f402f685289b4018aac1e... Author: Michal Čihař <michal@cihar.com> Date: 2016-12-08 (Thu, 08 Dec 2016) Changed paths: M libraries/navigation/NavigationTree.class.php M libraries/navigation/Nodes/Node.class.php Log Message: ----------- Merge remote-tracking branch 'security/pull/219' into MAINT_4_4_15-security Commit: 4549ebde5a044b42c36da50dbf1af76a88545352 https://github.com/phpmyadmin/phpmyadmin/commit/4549ebde5a044b42c36da50dbf1a... Author: Michal Čihař <michal@cihar.com> Date: 2016-12-08 (Thu, 08 Dec 2016) Changed paths: M libraries/structure.lib.php Log Message: ----------- Quote table name for use in regexp Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 1e5c0ae5b44c58296e11b92497767c8677653cba https://github.com/phpmyadmin/phpmyadmin/commit/1e5c0ae5b44c58296e11b9249776... Author: Michal Čihař <michal@cihar.com> Date: 2016-12-08 (Thu, 08 Dec 2016) Changed paths: M setup/frames/index.inc.php Log Message: ----------- Avoid using REQUEST_URI in form action It's really not necessary here and might cause redirection issues. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 38f9223a862ed085863645d839d5d50ea590c3f9 https://github.com/phpmyadmin/phpmyadmin/commit/38f9223a862ed085863645d839d5... Author: Michal Čihař <michal@cihar.com> Date: 2016-12-08 (Thu, 08 Dec 2016) Changed paths: M tbl_replace.php Log Message: ----------- Avoid infinite recursion on goto Signed-off-by: Michal Čihař <michal@cihar.com> Commit: bd3677f161977bf0cc800cae82e65355bf49f342 https://github.com/phpmyadmin/phpmyadmin/commit/bd3677f161977bf0cc800cae82e6... Author: Michal Čihař <michal@cihar.com> Date: 2016-12-08 (Thu, 08 Dec 2016) Changed paths: M libraries/Theme.class.php Log Message: ----------- Do not provide fallback to cookie for font size * This should be already handled by Config class * Injecting cookie value to CSS could be security risk Signed-off-by: Michal Čihař <michal@cihar.com> Commit: ca8edbcd83fcd624701f43c99e7e675c1ab20387 https://github.com/phpmyadmin/phpmyadmin/commit/ca8edbcd83fcd624701f43c99e7e... Author: Michal Čihař <michal@cihar.com> Date: 2016-12-21 (Wed, 21 Dec 2016) Changed paths: M libraries/replication_gui.lib.php Log Message: ----------- Do not allow arbitrary connection in replication setup without AllowArbitraryServer Signed-off-by: Michal Čihař <michal@cihar.com> Commit: a0c04fa7b8d307aaf188cf956aff4350062eed3b https://github.com/phpmyadmin/phpmyadmin/commit/a0c04fa7b8d307aaf188cf956aff... Author: Michal Čihař <michal@cihar.com> Date: 2017-01-07 (Sat, 07 Jan 2017) Changed paths: M doc/setup.rst M libraries/config/ConfigFile.class.php M libraries/vendor_config.php M setup/config.php M setup/frames/config.inc.php M setup/frames/index.inc.php M setup/lib/index.lib.php M test/libraries/PMA_ConfigFile_test.php M test/libraries/PMA_SetupIndex_test.php Log Message: ----------- Remove setup download/load/delete features This removes risk of third party manipulating with the configuration as there was race condition between editing and using the file. Downloading the file should not be big hassle and this really makes the whole setup a bit simpler. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 9bebed18a3ea7cad9745aa4b2a81483fd0fa519d https://github.com/phpmyadmin/phpmyadmin/commit/9bebed18a3ea7cad9745aa4b2a81... Author: Michal Čihař <michal@cihar.com> Date: 2017-01-07 (Sat, 07 Jan 2017) Changed paths: M setup/index.php Log Message: ----------- Disable setup if configuration already exists The setup allows to figure out quite a lot about system and network, so it's safer to block access to it once phpMyAdmin has been configured. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: d63645ca48ecdddb670a43fa9c77a8c107da0ba1 https://github.com/phpmyadmin/phpmyadmin/commit/d63645ca48ecdddb670a43fa9c77... Author: Michal Čihař <michal@cihar.com> Date: 2017-01-17 (Tue, 17 Jan 2017) Changed paths: M libraries/php-gettext/gettext.php Log Message: ----------- Merge changes from php-gettext 1.0.12 This ensures that parameter to select_string is numeric, avoiding code injection through it. Our code is not vulnerable as we do not pass user supplied values to this function, this fix is included only to be closer to upstream. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: c6a59d48dafd5152ea9eb7fbdb41d8e389e3e92c https://github.com/phpmyadmin/phpmyadmin/commit/c6a59d48dafd5152ea9eb7fbdb41... Author: Michal Čihař <michal@cihar.com> Date: 2017-01-21 (Sat, 21 Jan 2017) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php Log Message: ----------- Prepare changelog for 4.4.15.10 Signed-off-by: Michal Čihař <michal@cihar.com> Commit: fbd634d4c1d668e77ad15cdb38c4a85db5c75002 https://github.com/phpmyadmin/phpmyadmin/commit/fbd634d4c1d668e77ad15cdb38c4... Author: Isaac Bennetch <bennetch@gmail.com> Date: 2017-01-23 (Mon, 23 Jan 2017) Changed paths: M ChangeLog Log Message: ----------- Finalize ChangeLog for 4.4.15.10 Signed-off-by: Isaac Bennetch <bennetch@gmail.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/0a3a0994a23b...fbd634d4c1d6