Branch: refs/heads/MAINT_4_4_15 Home: https://github.com/phpmyadmin/phpmyadmin Commit: 2d4ebc8c12dab01084f74c6b8d04512f306cf772 https://github.com/phpmyadmin/phpmyadmin/commit/2d4ebc8c12dab01084f74c6b8d04... Author: Deven Bansod devenbansod.bits@gmail.com Date: 2016-10-12 (Wed, 12 Oct 2016)
Changed paths: M libraries/navigation/NavigationTree.class.php M libraries/navigation/Nodes/Node.class.php
Log Message: ----------- Use sprintf instead of directly concatenating the variable
Signed-off-by: Deven Bansod devenbansod.bits@gmail.com
Commit: a67a818f402f685289b4018aac1e79cb249f6ab0 https://github.com/phpmyadmin/phpmyadmin/commit/a67a818f402f685289b4018aac1e... Author: Michal Čihař michal@cihar.com Date: 2016-12-08 (Thu, 08 Dec 2016)
Changed paths: M libraries/navigation/NavigationTree.class.php M libraries/navigation/Nodes/Node.class.php
Log Message: ----------- Merge remote-tracking branch 'security/pull/219' into MAINT_4_4_15-security
Commit: 4549ebde5a044b42c36da50dbf1af76a88545352 https://github.com/phpmyadmin/phpmyadmin/commit/4549ebde5a044b42c36da50dbf1a... Author: Michal Čihař michal@cihar.com Date: 2016-12-08 (Thu, 08 Dec 2016)
Changed paths: M libraries/structure.lib.php
Log Message: ----------- Quote table name for use in regexp
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 1e5c0ae5b44c58296e11b92497767c8677653cba https://github.com/phpmyadmin/phpmyadmin/commit/1e5c0ae5b44c58296e11b9249776... Author: Michal Čihař michal@cihar.com Date: 2016-12-08 (Thu, 08 Dec 2016)
Changed paths: M setup/frames/index.inc.php
Log Message: ----------- Avoid using REQUEST_URI in form action
It's really not necessary here and might cause redirection issues.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 38f9223a862ed085863645d839d5d50ea590c3f9 https://github.com/phpmyadmin/phpmyadmin/commit/38f9223a862ed085863645d839d5... Author: Michal Čihař michal@cihar.com Date: 2016-12-08 (Thu, 08 Dec 2016)
Changed paths: M tbl_replace.php
Log Message: ----------- Avoid infinite recursion on goto
Signed-off-by: Michal Čihař michal@cihar.com
Commit: bd3677f161977bf0cc800cae82e65355bf49f342 https://github.com/phpmyadmin/phpmyadmin/commit/bd3677f161977bf0cc800cae82e6... Author: Michal Čihař michal@cihar.com Date: 2016-12-08 (Thu, 08 Dec 2016)
Changed paths: M libraries/Theme.class.php
Log Message: ----------- Do not provide fallback to cookie for font size
* This should be already handled by Config class * Injecting cookie value to CSS could be security risk
Signed-off-by: Michal Čihař michal@cihar.com
Commit: ca8edbcd83fcd624701f43c99e7e675c1ab20387 https://github.com/phpmyadmin/phpmyadmin/commit/ca8edbcd83fcd624701f43c99e7e... Author: Michal Čihař michal@cihar.com Date: 2016-12-21 (Wed, 21 Dec 2016)
Changed paths: M libraries/replication_gui.lib.php
Log Message: ----------- Do not allow arbitrary connection in replication setup without AllowArbitraryServer
Signed-off-by: Michal Čihař michal@cihar.com
Commit: a0c04fa7b8d307aaf188cf956aff4350062eed3b https://github.com/phpmyadmin/phpmyadmin/commit/a0c04fa7b8d307aaf188cf956aff... Author: Michal Čihař michal@cihar.com Date: 2017-01-07 (Sat, 07 Jan 2017)
Changed paths: M doc/setup.rst M libraries/config/ConfigFile.class.php M libraries/vendor_config.php M setup/config.php M setup/frames/config.inc.php M setup/frames/index.inc.php M setup/lib/index.lib.php M test/libraries/PMA_ConfigFile_test.php M test/libraries/PMA_SetupIndex_test.php
Log Message: ----------- Remove setup download/load/delete features
This removes risk of third party manipulating with the configuration as there was race condition between editing and using the file.
Downloading the file should not be big hassle and this really makes the whole setup a bit simpler.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: 9bebed18a3ea7cad9745aa4b2a81483fd0fa519d https://github.com/phpmyadmin/phpmyadmin/commit/9bebed18a3ea7cad9745aa4b2a81... Author: Michal Čihař michal@cihar.com Date: 2017-01-07 (Sat, 07 Jan 2017)
Changed paths: M setup/index.php
Log Message: ----------- Disable setup if configuration already exists
The setup allows to figure out quite a lot about system and network, so it's safer to block access to it once phpMyAdmin has been configured.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: d63645ca48ecdddb670a43fa9c77a8c107da0ba1 https://github.com/phpmyadmin/phpmyadmin/commit/d63645ca48ecdddb670a43fa9c77... Author: Michal Čihař michal@cihar.com Date: 2017-01-17 (Tue, 17 Jan 2017)
Changed paths: M libraries/php-gettext/gettext.php
Log Message: ----------- Merge changes from php-gettext 1.0.12
This ensures that parameter to select_string is numeric, avoiding code injection through it.
Our code is not vulnerable as we do not pass user supplied values to this function, this fix is included only to be closer to upstream.
Signed-off-by: Michal Čihař michal@cihar.com
Commit: c6a59d48dafd5152ea9eb7fbdb41d8e389e3e92c https://github.com/phpmyadmin/phpmyadmin/commit/c6a59d48dafd5152ea9eb7fbdb41... Author: Michal Čihař michal@cihar.com Date: 2017-01-21 (Sat, 21 Jan 2017)
Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php
Log Message: ----------- Prepare changelog for 4.4.15.10
Signed-off-by: Michal Čihař michal@cihar.com
Commit: fbd634d4c1d668e77ad15cdb38c4a85db5c75002 https://github.com/phpmyadmin/phpmyadmin/commit/fbd634d4c1d668e77ad15cdb38c4... Author: Isaac Bennetch bennetch@gmail.com Date: 2017-01-23 (Mon, 23 Jan 2017)
Changed paths: M ChangeLog
Log Message: ----------- Finalize ChangeLog for 4.4.15.10
Signed-off-by: Isaac Bennetch bennetch@gmail.com
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/0a3a0994a23b...fbd634d4c1d6
-
Isaac Bennetch