Branch: refs/heads/master Home: https://github.com/phpmyadmin/phpmyadmin Commit: d76496ba1d11de13ba1f982a462e014f9d923b29 https://github.com/phpmyadmin/phpmyadmin/commit/d76496ba1d11de13ba1f982a462e... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-06-14 (Tue, 14 Jun 2016)

Changed paths: M ChangeLog M libraries/config/FormDisplay.php

Log Message: ----------- Setup script did not properly use input type password in all cases

Signed-off-by: Isaac Bennetch bennetch@gmail.com

Commit: 72213573182896bd6a6e5af5ba1881dd87c4a20b https://github.com/phpmyadmin/phpmyadmin/commit/72213573182896bd6a6e5af5ba18... Author: Michal Čihař michal@cihar.com Date: 2016-06-15 (Wed, 15 Jun 2016)

Changed paths: M templates/table/structure/display_table_stats.phtml

Log Message: ----------- Fix XSS on table structure

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 03f73d48369703e0d3584699b08e24891c3295b8 https://github.com/phpmyadmin/phpmyadmin/commit/03f73d48369703e0d3584699b08e... Author: Michal Čihař michal@cihar.com Date: 2016-06-15 (Wed, 15 Jun 2016)

Changed paths: M libraries/server_privileges.lib.php

Log Message: ----------- Fix XSS on server privileges

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 55db1256c5d6e27c2d9fbd78e9c6f9fc11fe8571 https://github.com/phpmyadmin/phpmyadmin/commit/55db1256c5d6e27c2d9fbd78e9c6... Author: Michal Čihař michal@cihar.com Date: 2016-06-15 (Wed, 15 Jun 2016)

Changed paths: M ChangeLog M libraries/config/FormDisplay.php

Log Message: ----------- Merge pull request #48 from phpmyadmin/security-45

Fix issue #45 input types in setup script

Commit: 19eef4eebb528dcce0ec922947f9ee9da3b2a2b8 https://github.com/phpmyadmin/phpmyadmin/commit/19eef4eebb528dcce0ec922947f9... Author: Michal Čihař michal@cihar.com Date: 2016-06-15 (Wed, 15 Jun 2016)

Changed paths: M test/libraries/PMA_user_preferences_test.php

Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security

Commit: 5633b1d57b23ddaa5a9a976a323c90c18d9be03d https://github.com/phpmyadmin/phpmyadmin/commit/5633b1d57b23ddaa5a9a976a323c... Author: Michal Čihař michal@cihar.com Date: 2016-06-15 (Wed, 15 Jun 2016)

Changed paths: M setup/frames/index.inc.php

Log Message: ----------- Use javascript for redirection to https

The current approach is broken since whitelisting is active in url.php and also allows potential bbcode injection.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 4767f24ea4c1e3822ce71a636c341e8ad8d07aa6 https://github.com/phpmyadmin/phpmyadmin/commit/4767f24ea4c1e3822ce71a636c34... Author: Michal Čihař michal@cihar.com Date: 2016-06-15 (Wed, 15 Jun 2016)

Changed paths: M js/get_scripts.js.php

Log Message: ----------- Limit number of included scripts in get_scripts.js.php

This avoids potential DOS, the limit is same as we use for generating the URLs.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 27caf5b46bd0890e576fea7bd7b166a0639fdf68 https://github.com/phpmyadmin/phpmyadmin/commit/27caf5b46bd0890e576fea7bd7b1... Author: Michal Čihař michal@cihar.com Date: 2016-06-16 (Thu, 16 Jun 2016)

Changed paths: M libraries/Config.php M libraries/core.lib.php A test/libraries/core/PMA_cleanupPathInfo_test.php

Log Message: ----------- Improve detection of script name

In case PHP_SELF was not set by server, we used REQUEST_URI, which might embed PATH_INFO as well. However we really need to know the path without it, so let's strip it as well.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 6c5d5ffc7fac2cbf8d4d7eac5c983c84db588c3d https://github.com/phpmyadmin/phpmyadmin/commit/6c5d5ffc7fac2cbf8d4d7eac5c98... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M ChangeLog M gis_data_editor.php M libraries/Index.php M libraries/gis/GISVisualization.php M libraries/rte/rte_list.lib.php M libraries/server_privileges.lib.php M po/fr.po M server_status_processes.php

Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security

Commit: b0180f18c828706af3a6800f0fb01a536d3ef8c7 https://github.com/phpmyadmin/phpmyadmin/commit/b0180f18c828706af3a6800f0fb0... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M libraries/config/FormDisplay.php

Log Message: ----------- Properly convert POST parameters

We can get array instead of single parameter, so handle this gracefully.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: ef1493d9b4b5c89ff3ff9965068f3ebf5a3059bc https://github.com/phpmyadmin/phpmyadmin/commit/ef1493d9b4b5c89ff3ff9965068f... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M libraries/Util.php M libraries/config/FormDisplay.php

Log Message: ----------- Move request conversion to generic code

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 96e0aa35653ec0c66084a7e9343465e16c1f769b https://github.com/phpmyadmin/phpmyadmin/commit/96e0aa35653ec0c66084a7e93434... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M setup/validate.php

Log Message: ----------- Fix error reporting on invalid request data

Signed-off-by: Michal Čihař michal@cihar.com

Commit: cd229d718e8cb4bc8ba32446beaa82d27727b6f0 https://github.com/phpmyadmin/phpmyadmin/commit/cd229d718e8cb4bc8ba32446beaa... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M libraries/config/Validator.php

Log Message: ----------- Validate input of validator

We can not trust the input here, so we can expect anything and deal with missing parameters or invalid values.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 331c560fbfa0e7d2dce674b5e88e983c5f2a451d https://github.com/phpmyadmin/phpmyadmin/commit/331c560fbfa0e7d2dce674b5e88e... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M setup/config.php M setup/frames/index.inc.php

Log Message: ----------- Improve error handling in setup in case config dir is not present

We do not show these options in UI, but the scripts should handle it gracefully.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 1d2e2be925a5f6af70117f81892ad601e3dc161b https://github.com/phpmyadmin/phpmyadmin/commit/1d2e2be925a5f6af70117f81892a... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M libraries/DatabaseInterface.php M libraries/Error.php M templates/list/item.phtml

Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security

Commit: 00b9be9c4afa98d1a37f2b74c75f8c67ccf251d4 https://github.com/phpmyadmin/phpmyadmin/commit/00b9be9c4afa98d1a37f2b74c75f... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M test/classes/ErrorTest.php

Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security

Commit: 27664605b945b13e1d2b71adea822ace2099cc96 https://github.com/phpmyadmin/phpmyadmin/commit/27664605b945b13e1d2b71adea82... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M examples/openid.php

Log Message: ----------- Improve error handling in OpenID example

- properly check parameter types - catch all exceptions (eg. network error)

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 1363ce574974ad6971f552a30b6b05f48dc80392 https://github.com/phpmyadmin/phpmyadmin/commit/1363ce574974ad6971f552a30b6b... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M db_central_columns.php M libraries/Config.php M libraries/Util.php M libraries/display_import.lib.php M libraries/js_escape.lib.php M libraries/navigation/NavigationTree.php M setup/lib/form_processing.lib.php

Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security

Commit: 94cf3864254ffaf3a69e97d8fc454888368b94ab https://github.com/phpmyadmin/phpmyadmin/commit/94cf3864254ffaf3a69e97d8fc45... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M examples/openid.php

Log Message: ----------- Escape error messages from OpenID

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 418aeea3d83b0b6021bac311d849570acfc6e48c https://github.com/phpmyadmin/phpmyadmin/commit/418aeea3d83b0b6021bac311d849... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M examples/openid.php

Log Message: ----------- Add error handling to constructing openid message

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 0815af37f483f329f0c0565d68821fea9c47b5f5 https://github.com/phpmyadmin/phpmyadmin/commit/0815af37f483f329f0c0565d6882... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M templates/table/structure/display_partitions.phtml

Log Message: ----------- Add missing escaping to partition listing

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 8716855b309dbe65d7b9a5d681b80579b225b322 https://github.com/phpmyadmin/phpmyadmin/commit/8716855b309dbe65d7b9a5d681b8... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M templates/server/databases/table_row.phtml

Log Message: ----------- Properly escape translated string

Signed-off-by: Michal Čihař michal@cihar.com

Commit: d648ade18d6cbb796a93261491c121f078df2d88 https://github.com/phpmyadmin/phpmyadmin/commit/d648ade18d6cbb796a93261491c1... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M templates/server/binlog/log_selector.phtml

Log Message: ----------- Escape binary log name

Signed-off-by: Michal Čihař michal@cihar.com

Commit: be3ecbb4cca3fbe20e3b3aa4e049902d18b60865 https://github.com/phpmyadmin/phpmyadmin/commit/be3ecbb4cca3fbe20e3b3aa4e049... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M libraries/plugins/transformations/abs/DateFormatTransformationsPlugin.php M libraries/plugins/transformations/abs/DownloadTransformationsPlugin.php M libraries/plugins/transformations/abs/ImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php M libraries/plugins/transformations/abs/LongToIPv4TransformationsPlugin.php M libraries/plugins/transformations/abs/PreApPendTransformationsPlugin.php M libraries/plugins/transformations/abs/SubstringTransformationsPlugin.php M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php M libraries/transformations.lib.php M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_transformation_test.php

Log Message: ----------- Simplify and cleanup transformation plugins

Remove PMA_transformation_global_html_replace which makes the code only more confusing.

Also add escaping to browse transformations.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 791bdafcdd441883f2bf2721356afeaf8146ab70 https://github.com/phpmyadmin/phpmyadmin/commit/791bdafcdd441883f2bf2721356a... Author: Michal Čihař michal@cihar.com Date: 2016-06-17 (Fri, 17 Jun 2016)

Changed paths: M ChangeLog M examples/openid.php M js/get_scripts.js.php M libraries/Config.php M libraries/Util.php M libraries/config/FormDisplay.php M libraries/config/Validator.php M libraries/core.lib.php M libraries/plugins/transformations/abs/DateFormatTransformationsPlugin.php M libraries/plugins/transformations/abs/DownloadTransformationsPlugin.php M libraries/plugins/transformations/abs/ImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/InlineTransformationsPlugin.php M libraries/plugins/transformations/abs/LongToIPv4TransformationsPlugin.php M libraries/plugins/transformations/abs/PreApPendTransformationsPlugin.php M libraries/plugins/transformations/abs/SubstringTransformationsPlugin.php M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php M libraries/server_privileges.lib.php M libraries/transformations.lib.php M setup/config.php M setup/frames/index.inc.php M setup/validate.php M templates/server/binlog/log_selector.phtml M templates/server/databases/table_row.phtml M templates/table/structure/display_partitions.phtml M templates/table/structure/display_table_stats.phtml M test/classes/plugin/transformations/TransformationPluginsTest.php M test/libraries/PMA_transformation_test.php A test/libraries/core/PMA_cleanupPathInfo_test.php

Log Message: ----------- Merge branch 'QA_4_6-security' into master-security

Commit: 1e5716cb96d46efc305381ae0da08e73fe340f05 https://github.com/phpmyadmin/phpmyadmin/commit/1e5716cb96d46efc305381ae0da0... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M libraries/Header.php

Log Message: ----------- Add referrer CSP and <meta> tag

This avoids leaking Referer header in modern browsers.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 79661610f6f65443e0ec1e382a7240437f28436c https://github.com/phpmyadmin/phpmyadmin/commit/79661610f6f65443e0ec1e382a72... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M js/get_image.js.php

Log Message: ----------- Escape attributes when showing images in javascript

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 895a131d2eb7e447757a35d5731c7d647823ea8b https://github.com/phpmyadmin/phpmyadmin/commit/895a131d2eb7e447757a35d5731c... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M js/ajax.js

Log Message: ----------- Escape HTML when rendering AJAX error

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 364732e309cccb3fb56c938ed8d8bc0e04a3ca98 https://github.com/phpmyadmin/phpmyadmin/commit/364732e309cccb3fb56c938ed8d8... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M js/console.js

Log Message: ----------- Escape error message from server

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 80cd2f448cfd18e6149a26a6819d99f47d87f158 https://github.com/phpmyadmin/phpmyadmin/commit/80cd2f448cfd18e6149a26a6819d... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M ChangeLog M libraries/export.lib.php M setup/frames/servers.inc.php

Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security

Commit: b73175ed12f12aa11cc955c17ad93646b018eab6 https://github.com/phpmyadmin/phpmyadmin/commit/b73175ed12f12aa11cc955c17ad9... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M ChangeLog M export.php M libraries/export.lib.php M setup/frames/servers.inc.php M view_operations.php

Log Message: ----------- Merge branch 'master' into master-security

Commit: 22b19b5d695fad7393875628f6fe1d4ba071f951 https://github.com/phpmyadmin/phpmyadmin/commit/22b19b5d695fad7393875628f6fe... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M js/ajax.js M js/console.js M js/get_image.js.php M libraries/Header.php

Log Message: ----------- Merge branch 'QA_4_6-security' into master-security

Commit: 2f4950828ec241e8cbdcf13090c2582a6fa620cb https://github.com/phpmyadmin/phpmyadmin/commit/2f4950828ec241e8cbdcf13090c2... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M libraries/Header.php

Log Message: ----------- Update referrer <meta> to match current standards

Signed-off-by: Michal Čihař michal@cihar.com

Commit: f77612dfe7b55ea676f351a4d545d7ac22fc0f8e https://github.com/phpmyadmin/phpmyadmin/commit/f77612dfe7b55ea676f351a4d545... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Log Message: ----------- Merge branch 'QA_4_6-security' into master-security

Commit: 4bcc606225f15bac0b07780e74f667f6ac283da7 https://github.com/phpmyadmin/phpmyadmin/commit/4bcc606225f15bac0b07780e74f6... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M libraries/controllers/table/TableSearchController.php

Log Message: ----------- Always use delimiter not present in search expression

This avoids need to figure out correct escaping in case delimiter is present in the expression.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 1cc7466db3a05e95fe57a6702f41773e6829d54b https://github.com/phpmyadmin/phpmyadmin/commit/1cc7466db3a05e95fe57a6702f41... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M import.php M libraries/Tracker.php M libraries/plugins/export/ExportSql.php M templates/columns_definitions/transformation.phtml M test/libraries/core/PMA_warnMissingExtension_test.php

Log Message: ----------- Quote delimiter before using preg_replace

Signed-off-by: Michal Čihař michal@cihar.com

Commit: c8abc5fab6caa1a7d203dd944e3cad8842fbeea9 https://github.com/phpmyadmin/phpmyadmin/commit/c8abc5fab6caa1a7d203dd944e3c... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M libraries/Table.php M libraries/Template.php M po/zh_CN.po

Log Message: ----------- Merge branch 'master' into master-security

Commit: 637d4eb4de4137eb7be19570828b6b93895ab723 https://github.com/phpmyadmin/phpmyadmin/commit/637d4eb4de4137eb7be19570828b... Author: Michal Čihař michal@cihar.com Date: 2016-06-20 (Mon, 20 Jun 2016)

Changed paths: M import.php M libraries/Tracker.php M libraries/controllers/table/TableSearchController.php M libraries/plugins/export/ExportSql.php M templates/columns_definitions/transformation.phtml M test/libraries/core/PMA_warnMissingExtension_test.php

Log Message: ----------- Merge branch 'QA_4_6-security' into master-security

Commit: 792cd1262f012b9b13639519d414f2acaeb5e972 https://github.com/phpmyadmin/phpmyadmin/commit/792cd1262f012b9b13639519d414... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M templates/table/structure/display_partitions.phtml

Log Message: ----------- Escape partition comment when displaying

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 0b7416c5f4439ed3f11c023785f2d4c49a1b09fc https://github.com/phpmyadmin/phpmyadmin/commit/0b7416c5f4439ed3f11c023785f2... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M libraries/server_privileges.lib.php

Log Message: ----------- Escape user group when displaying

Signed-off-by: Michal Čihař michal@cihar.com

Commit: d95a4a2f96c9b080f3364defcc1cd6ecd8bdc2be https://github.com/phpmyadmin/phpmyadmin/commit/d95a4a2f96c9b080f3364defcc1c... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M libraries/SavedSearches.php

Log Message: ----------- Avoid undefined index in case of incomplete bookmark

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 36df83a97a7f140fdb008b727a94f882847c6a6f https://github.com/phpmyadmin/phpmyadmin/commit/36df83a97a7f140fdb008b727a94... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M libraries/DbQbe.php

Log Message: ----------- Escape saved search name

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 960fd1fd52023047a23d069178bfff7463c2cefc https://github.com/phpmyadmin/phpmyadmin/commit/960fd1fd52023047a23d069178bf... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M templates/table/search/rows_zoom.phtml

Log Message: ----------- Properly escape zoom search column type

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 57ae483bad33059a885366d5445b7e1f6f29860a https://github.com/phpmyadmin/phpmyadmin/commit/57ae483bad33059a885366d5445b... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M js/functions.js

Log Message: ----------- Escape database name when showing dialog

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 301e1b0f7d2506b16a9e828360db21c27f051509 https://github.com/phpmyadmin/phpmyadmin/commit/301e1b0f7d2506b16a9e828360db... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M libraries/operations.lib.php

Log Message: ----------- Fix adjusting privileges for tables/databases with quote in name

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 11509c5431b2b79c29b8aa12042095d9e3c8de16 https://github.com/phpmyadmin/phpmyadmin/commit/11509c5431b2b79c29b8aa120420... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M libraries/operations.lib.php

Log Message: ----------- Merge branch 'QA_4_6'

Commit: 4d21b5c077db50c2a54b7f569d20f463cc2651f5 https://github.com/phpmyadmin/phpmyadmin/commit/4d21b5c077db50c2a54b7f569d20... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M js/tbl_chart.js

Log Message: ----------- Fixed rendering of chart of columns with HTML inside

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 519e634a8d13dd8739646c4cf566bde4c7092143 https://github.com/phpmyadmin/phpmyadmin/commit/519e634a8d13dd8739646c4cf566... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M libraries/Template.php M libraries/operations.lib.php M libraries/server_privileges.lib.php M po/zh_CN.po M test/libraries/PMA_server_privileges_test.php

Log Message: ----------- Merge branch 'QA_4_6' into QA_4_6-security

Commit: 9c8f537a231f314e9cdee037ce97b44821f14cd4 https://github.com/phpmyadmin/phpmyadmin/commit/9c8f537a231f314e9cdee037ce97... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M libraries/DbQbe.php M libraries/operations.lib.php M libraries/server_privileges.lib.php M test/libraries/PMA_server_privileges_test.php

Log Message: ----------- Merge branch 'master' into master-security

Commit: 6ba52a72b4ad227ec99a7714c2fe4c0570863caf https://github.com/phpmyadmin/phpmyadmin/commit/6ba52a72b4ad227ec99a7714c2fe... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M js/functions.js M js/tbl_chart.js M libraries/DbQbe.php M libraries/SavedSearches.php M libraries/server_privileges.lib.php M templates/table/search/rows_zoom.phtml M templates/table/structure/display_partitions.phtml

Log Message: ----------- Merge branch 'QA_4_6-security' into master-security

Commit: 615212a14d7d87712202f37354acf8581987fc5a https://github.com/phpmyadmin/phpmyadmin/commit/615212a14d7d87712202f37354ac... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php

Log Message: ----------- Do not allow javascript: links in transformation

Signed-off-by: Michal Čihař michal@cihar.com

Commit: c3f7aa8190b45a05bd5440174ae31d80b95a41d3 https://github.com/phpmyadmin/phpmyadmin/commit/c3f7aa8190b45a05bd5440174ae3... Author: Michal Čihař michal@cihar.com Date: 2016-06-22 (Wed, 22 Jun 2016)

Changed paths: M libraries/plugins/transformations/abs/TextImageLinkTransformationsPlugin.php M libraries/plugins/transformations/abs/TextLinkTransformationsPlugin.php

Log Message: ----------- Merge branch 'QA_4_6-security' into master-security

Compare: https://github.com/phpmyadmin/phpmyadmin/compare/d338a61d329a...c3f7aa8190b4