Branch: refs/tags/RELEASE_4_4_15_8 Home: https://github.com/phpmyadmin/phpmyadmin Commit: d929c8962a047d439f7d066caaf815e1dd4112ba https://github.com/phpmyadmin/phpmyadmin/commit/d929c8962a047d439f7d066caaf8... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)

Changed paths: M phpinfo.php

Log Message: ----------- Sent CSP headers for phpinfo

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 2989e4943b85e08e8a2e284e597e62ab7c823c0d https://github.com/phpmyadmin/phpmyadmin/commit/2989e4943b85e08e8a2e284e597e... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)

Changed paths: M libraries/Util.class.php

Log Message: ----------- Avoid possible path traversal using MySQL username

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 6b310f055e109de21af3ec9cda6ae4ff0f5f6f7e https://github.com/phpmyadmin/phpmyadmin/commit/6b310f055e109de21af3ec9cda6a... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)

Changed paths: M libraries/plugins/export/ExportPhparray.class.php

Log Message: ----------- Generate valid PHP code even when table/database name contains PHP markup

Signed-off-by: Michal Čihař michal@cihar.com

Commit: e47a77db5d5a322e9beca989b71bcf53f48c6570 https://github.com/phpmyadmin/phpmyadmin/commit/e47a77db5d5a322e9beca989b71b... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)

Changed paths: M test/classes/plugin/export/PMA_ExportPhparray_test.php

Log Message: ----------- Fix PHP export tests

Signed-off-by: Michal Čihař michal@cihar.com

Commit: fac2bb1f7050c44af405b23b2cbab9822857914e https://github.com/phpmyadmin/phpmyadmin/commit/fac2bb1f7050c44af405b23b2cba... Author: Michal Čihař michal@cihar.com Date: 2016-06-30 (Thu, 30 Jun 2016)

Changed paths: M libraries/plugins/export/ExportXml.class.php M test/classes/plugin/export/PMA_ExportXml_test.php

Log Message: ----------- Properly escape generated XML export

Many fields could contain XML markup, so we need to ensure the generated XML is valid.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: cd682a6ab8e31f22bbd13a26d0b71bfd601c9f5c https://github.com/phpmyadmin/phpmyadmin/commit/cd682a6ab8e31f22bbd13a26d0b7... Author: Michal Čihař michal@cihar.com Date: 2016-07-08 (Fri, 08 Jul 2016)

Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php

Log Message: ----------- Improve cookie encryption

- use MAC to validate content before decryption - create unique IV for every cookie

Signed-off-by: Michal Čihař michal@cihar.com

Commit: ab0f14901fcaab649213fa6fd42832b52b34c4de https://github.com/phpmyadmin/phpmyadmin/commit/ab0f14901fcaab649213fa6fd428... Author: Michal Čihař michal@cihar.com Date: 2016-07-09 (Sat, 09 Jul 2016)

Changed paths: M composer.json M doc/other.rst M index.php M libraries/config/messages.inc.php M libraries/import.lib.php M libraries/plugins/import/README M po/af.po M po/ar.po M po/az.po M po/be.po M po/be@latin.po M po/bg.po M po/bn.po M po/br.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr@latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz@latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php

Log Message: ----------- Use https for wiki links

Signed-off-by: Michal Čihař michal@cihar.com

Commit: fd8cdd79333e5ab47d395f5f5178faaaf795d39e https://github.com/phpmyadmin/phpmyadmin/commit/fd8cdd79333e5ab47d395f5f5178... Author: Michal Čihař michal@cihar.com Date: 2016-07-10 (Sun, 10 Jul 2016)

Changed paths: M libraries/replication_gui.lib.php M libraries/server_status_variables.lib.php

Log Message: ----------- Properly escape MySQL status variables

Signed-off-by: Michal Čihař michal@cihar.com

Commit: bec52644f1faf641bf11b8bc365a21a8f84a639d https://github.com/phpmyadmin/phpmyadmin/commit/bec52644f1faf641bf11b8bc365a... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-07-10 (Sun, 10 Jul 2016)

Changed paths: M examples/openid.php M examples/signon.php

Log Message: ----------- Add Secure and HttpOnly flags for session cookie setup in examples

Signed-off-by: Isaac Bennetch bennetch@gmail.com

Commit: e291300af3cd3686c438ba36d9cd94c80353a820 https://github.com/phpmyadmin/phpmyadmin/commit/e291300af3cd3686c438ba36d9cd... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)

Changed paths: M libraries/ip_allow_deny.lib.php

Log Message: ----------- Make proxy IP parsing aware of multiple proxies

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 2257e60f78cf9d813f33b613524fd01e7be302eb https://github.com/phpmyadmin/phpmyadmin/commit/2257e60f78cf9d813f33b613524f... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)

Changed paths: M .scrutinizer.yml M build.xml M config.sample.inc.php M doc/config.rst M doc/setup.rst R examples/swekey.sample.conf M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/plugins/auth/AuthenticationCookie.class.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php M phpunit.xml.dist M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php

Log Message: ----------- Remove Swekey support

It is buggy and their servers are no longer working.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 3d47645c55d6c18e4e140ebc4bbde746e7456959 https://github.com/phpmyadmin/phpmyadmin/commit/3d47645c55d6c18e4e140ebc4bbd... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)

Changed paths: M libraries/core.lib.php

Log Message: ----------- Remove debugging code

Signed-off-by: Michal Čihař michal@cihar.com

Commit: de89b270f23c5210646d6d0867b5de34972befc9 https://github.com/phpmyadmin/phpmyadmin/commit/de89b270f23c5210646d6d0867b5... Author: Michal Čihař michal@cihar.com Date: 2016-07-11 (Mon, 11 Jul 2016)

Changed paths: M libraries/ip_allow_deny.lib.php

Log Message: ----------- Fix syntax error in older PHP versions

Signed-off-by: Michal Čihař michal@cihar.com

Commit: d0b6abf5eb78ce7a175515165cd39e18bdb5836f https://github.com/phpmyadmin/phpmyadmin/commit/d0b6abf5eb78ce7a175515165cd3... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/tbl_gis_visualization.lib.php

Log Message: ----------- Fix XSS in tbl_gis_visualization.php

Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com

Commit: 1dc9c7d1fca15c3f6170729429912b88e513e970 https://github.com/phpmyadmin/phpmyadmin/commit/1dc9c7d1fca15c3f617072942991... Author: Madhura Jayaratne madhura.cj@gmail.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/replication_gui.lib.php

Log Message: ----------- Fix XSS in server_replication.php

Signed-off-by: Madhura Jayaratne madhura.cj@gmail.com

Commit: 63af274953f7047bae39bc4d2aa59bd450cf9f05 https://github.com/phpmyadmin/phpmyadmin/commit/63af274953f7047bae39bc4d2aa5... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php

Log Message: ----------- Use whitelist rather than blacklist for URL filtering

Signed-off-by: Michal Čihař michal@cihar.com

Commit: cee1a8d3f5de1ebe21df0b484c16822293b94130 https://github.com/phpmyadmin/phpmyadmin/commit/cee1a8d3f5de1ebe21df0b484c16... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M changelog.php M index.php M libraries/display_git_revision.lib.php M libraries/engines/pbxt.lib.php M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/sanitizing.lib.php M themes.php

Log Message: ----------- Add rel="noopener noreferrer" to all target="_blank" links

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 37a1f4f4995a918af9e060813eb2a86cf211d0b7 https://github.com/phpmyadmin/phpmyadmin/commit/37a1f4f4995a918af9e060813eb2... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M test/classes/PMA_DisplayResults_test.php M test/classes/plugin/transformations/Transformation_Plugins_test.php M test/engines/PMA_StorageEngine_pbxt_test.php

Log Message: ----------- Adjust tests to recent changes

Signed-off-by: Michal Čihař michal@cihar.com

Commit: bf322fdea3ec06275e2588d1d879b410e2c8d2d9 https://github.com/phpmyadmin/phpmyadmin/commit/bf322fdea3ec06275e2588d1d879... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/plugins/transformations/abstract/ImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php M test/classes/plugin/transformations/Transformation_Plugins_test.php

Log Message: ----------- Use _blank target instead of invalid _new

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 76b5dd2948bd114e2468afd375b3e9a6bbc30059 https://github.com/phpmyadmin/phpmyadmin/commit/76b5dd2948bd114e2468afd375b3... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/plugins/export/ExportMediawiki.class.php

Log Message: ----------- Escape HTML in Mediawiki comments

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 6e8a1c03d2fc31714ef35a0ea24277cf863b44a2 https://github.com/phpmyadmin/phpmyadmin/commit/6e8a1c03d2fc31714ef35a0ea242... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/tracking.lib.php

Log Message: ----------- Ensure last version is numeric

Signed-off-by: Michal Čihař michal@cihar.com

Commit: b758a9e36705932f0fe35b33a9faca354ed62a3a https://github.com/phpmyadmin/phpmyadmin/commit/b758a9e36705932f0fe35b33a9fa... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M examples/openid.php M examples/signon.php

Log Message: ----------- Hide session error messages to avoid FPD

Signed-off-by: Michal Čihař michal@cihar.com

Commit: c976baa8f6606cf4f127bcd44bf8a2b79459c550 https://github.com/phpmyadmin/phpmyadmin/commit/c976baa8f6606cf4f127bcd44bf8... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M import.php M libraries/File.class.php M libraries/file_listing.lib.php

Log Message: ----------- Do not allow symlinks in UploadDir

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 698ef5155a1220d4d1392ebe37c21132115e32ce https://github.com/phpmyadmin/phpmyadmin/commit/698ef5155a1220d4d1392ebe37c2... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/config/ServerConfigChecks.class.php

Log Message: ----------- Use phpseclib's Crypt module to generate encryption keys

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 2cd97c646650e6554b9a519606dd213b78546b64 https://github.com/phpmyadmin/phpmyadmin/commit/2cd97c646650e6554b9a519606dd... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php M test/classes/plugin/transformations/Transformation_Plugins_test.php

Log Message: ----------- Use iframe sandbox for rendering HTML in transformation

Signed-off-by: Michal Čihař michal@cihar.com

Commit: beaaaa9efd7f3e6e61aa038edfede98632599fe6 https://github.com/phpmyadmin/phpmyadmin/commit/beaaaa9efd7f3e6e61aa038edfed... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/VersionInformation.php M libraries/error_report.lib.php

Log Message: ----------- Prefer curl over file_get_contents

Curl is better in SSL certificate verification.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 10bdb0df4a73013112d146a0c046c903d1e2b3e3 https://github.com/phpmyadmin/phpmyadmin/commit/10bdb0df4a73013112d146a0c046... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/config/Validator.class.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/replication.inc.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php

Log Message: ----------- Sanitize MySQL host name before connecting

It can contain p: prefix which we don't want to honor.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 2104fb66eb2b0194dabd96c0685b874db2de9af2 https://github.com/phpmyadmin/phpmyadmin/commit/2104fb66eb2b0194dabd96c0685b... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/core.lib.php M libraries/tracking.lib.php A test/libraries/core/PMA_safeUnserialize_test.php

Log Message: ----------- Validate serialized data before unserializing

We need only strings, integers or arrays, so there is no need to unserialize strings containing any complex types.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: b1801af0c118e4a47a54968c7e1236cd39c670af https://github.com/phpmyadmin/phpmyadmin/commit/b1801af0c118e4a47a54968c7e12... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/display_create_database.lib.php

Log Message: ----------- Escape suggested database name

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 5d427d65089af5106ae0e306379d99b6d3c51764 https://github.com/phpmyadmin/phpmyadmin/commit/5d427d65089af5106ae0e306379d... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/db_designer.lib.php M libraries/plugins/schema/Export_Relation_Schema.class.php M libraries/pmd_common.php M libraries/relation.lib.php

Log Message: ----------- Ensure page number is integer

Even if somebody decides to change configuration storage structure.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: b49dba4bdcb58a8717c42e351a6cce462efd2599 https://github.com/phpmyadmin/phpmyadmin/commit/b49dba4bdcb58a8717c42e351a6c... Author: Michal Čihař michal@cihar.com Date: 2016-07-12 (Tue, 12 Jul 2016)

Changed paths: M libraries/RecentFavoriteTable.class.php M libraries/Table.class.php

Log Message: ----------- Correctly escape MySQL username in queries

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 2582fa1018e19f2b58b541bbe466a20f2cbd88d4 https://github.com/phpmyadmin/phpmyadmin/commit/2582fa1018e19f2b58b541bbe466... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M transformation_wrapper.php

Log Message: ----------- Validate image scaling dimensions

Ensure we pass only integers and they are not too big.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 5b7da187d0bfc3de3ff8a15767f88556363281d7 https://github.com/phpmyadmin/phpmyadmin/commit/5b7da187d0bfc3de3ff8a15767f8... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M libraries/plugin_interface.lib.php

Log Message: ----------- Do not try to create non existing classes

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 4f8a16cc008ebf81a06eef0656d3f46f5380ffe9 https://github.com/phpmyadmin/phpmyadmin/commit/4f8a16cc008ebf81a06eef0656d3... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M libraries/plugins/export/ExportSql.class.php

Log Message: ----------- Properly handle newlines in SQL comments

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 566a6885e82aa54f25843664443b11ca45c106bc https://github.com/phpmyadmin/phpmyadmin/commit/566a6885e82aa54f25843664443b... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M transformation_wrapper.php

Log Message: ----------- Do not use empty MIME type

This will turn on content sniffing in browser leading to unwanted results.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: fb0e7ea4b4f795946f6b723dd8086594aed49d5e https://github.com/phpmyadmin/phpmyadmin/commit/fb0e7ea4b4f795946f6b723dd808... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M transformation_wrapper.php

Log Message: ----------- Escape HTML markup in transformation wrapper

...in case content type is html.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 93a6913196e60d87772e795b1374fab894475f84 https://github.com/phpmyadmin/phpmyadmin/commit/93a6913196e60d87772e795b1374... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M libraries/server_user_groups.lib.php

Log Message: ----------- Add missing escaping in user group queries

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 4062df92df1ef0f3c548807da3b6c7b63d2f74d6 https://github.com/phpmyadmin/phpmyadmin/commit/4062df92df1ef0f3c548807da3b6... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M libraries/plugins/transformations/abstract/RegexValidationTransformationsPlugin.class.php

Log Message: ----------- Properly escape error input in the message

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 1c62be26242489ca30357a8fe423b708c5659059 https://github.com/phpmyadmin/phpmyadmin/commit/1c62be26242489ca30357a8fe423... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M libraries/plugins/transformations/abstract/ImageUploadTransformationsPlugin.class.php

Log Message: ----------- Ensure widht and height are integers

Signed-off-by: Michal Čihař michal@cihar.com

Commit: f6af4f32cd4112d774d823e236982a218569d13c https://github.com/phpmyadmin/phpmyadmin/commit/f6af4f32cd4112d774d823e23698... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php

Log Message: ----------- Ensure widht and height are integers

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 5ea073c2a3b07e4d58dc4d9be3106526f1edf6c3 https://github.com/phpmyadmin/phpmyadmin/commit/5ea073c2a3b07e4d58dc4d9be310... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php

Log Message: ----------- Ensure widht and height are integers

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 6f3cd526e3e6acd655899c6edccb92cdcb62a493 https://github.com/phpmyadmin/phpmyadmin/commit/6f3cd526e3e6acd655899c6edccb... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M js/tbl_relation.js

Log Message: ----------- Properly escape foreign key selection

Signed-off-by: Michal Čihař michal@cihar.com

Commit: b8c216c81910f77dffaae6dba49631324d9afbbc https://github.com/phpmyadmin/phpmyadmin/commit/b8c216c81910f77dffaae6dba496... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M libraries/TableSearch.class.php

Log Message: ----------- HML encode embedded JSON data

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 2ac1359292f8ae081a7f9565a70ecb6afbd1f78b https://github.com/phpmyadmin/phpmyadmin/commit/2ac1359292f8ae081a7f9565a70e... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M libraries/plugins/export/ExportSql.class.php

Log Message: ----------- Fix exporting multiline comments

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 3b885af874762abb1b0b28c7fa8ca3406115abfc https://github.com/phpmyadmin/phpmyadmin/commit/3b885af874762abb1b0b28c7fa8c... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M test/classes/plugin/transformations/Transformation_Plugins_test.php

Log Message: ----------- Fix tests for transformations

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 91336e1d5c556b5f4d6a6a8fa79ad12369fa5412 https://github.com/phpmyadmin/phpmyadmin/commit/91336e1d5c556b5f4d6a6a8fa79a... Author: Michal Čihař michal@cihar.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M test/classes/PMA_TableSearch_test.php

Log Message: ----------- Fix test for table search

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 20db714269a65b4a6e893e9ae8b52be53cb378e7 https://github.com/phpmyadmin/phpmyadmin/commit/20db714269a65b4a6e893e9ae8b5... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-07-13 (Wed, 13 Jul 2016)

Changed paths: M libraries/navigation/Nodes/Node_Database.class.php

Log Message: ----------- Add missing escaping in navigation pane

Signed-off-by: Isaac Bennetch bennetch@gmail.com

Commit: bf9ad3a8eb4e66892d394f7073af669d483d4e31 https://github.com/phpmyadmin/phpmyadmin/commit/bf9ad3a8eb4e66892d394f7073af... Author: Michal Čihař michal@cihar.com Date: 2016-07-18 (Mon, 18 Jul 2016)

Changed paths: M ChangeLog M README M README.rst M changelog.php M config.sample.inc.php M doc/config.rst M doc/transformations.rst M index.php M libraries/Util.class.php M libraries/error_report.lib.php M libraries/plugins/export/ExportLatex.class.php M libraries/plugins/export/ExportSql.class.php M libraries/plugins/export/ExportXml.class.php M po/es.po M test/classes/PMA_Config_test.php M test/classes/PMA_Message_test.php M test/classes/config/PMA_FormDisplay_test.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php M test/classes/plugin/export/PMA_ExportXml_test.php M test/classes/plugin/transformations/Transformation_Plugins_test.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/PMA_sanitize_test.php M test/libraries/PMA_user_preferences_test.php M test/libraries/common/PMA_showDocu_test.php M test/test_data/exploit_test.sql M test/test_data/phpmyadmin_importXML_For_Testing.xml M test/test_data/pma_bookmark.sql

Log Message: ----------- Use https to access phpmyadmin.net

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 88c72dc8dfc7033453cdc0f266b9c472e11db07c https://github.com/phpmyadmin/phpmyadmin/commit/88c72dc8dfc7033453cdc0f266b9... Author: Michal Čihař michal@cihar.com Date: 2016-07-18 (Mon, 18 Jul 2016)

Changed paths: M libraries/core.lib.php

Log Message: ----------- Improve URL filtering in url.php

Signed-off-by: Michal Čihař michal@cihar.com

Commit: e31ac0b6832a594a0344ddeb0b7d4516516454bf https://github.com/phpmyadmin/phpmyadmin/commit/e31ac0b6832a594a0344ddeb0b7d... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)

Changed paths: M libraries/plugins/import/ImportShp.class.php

Log Message: ----------- Delete temporary file before reporting error

Signed-off-by: Michal Čihař michal@cihar.com

Commit: f80a250873210f7c98b5dc5a7131adeaa057486e https://github.com/phpmyadmin/phpmyadmin/commit/f80a250873210f7c98b5dc5a7131... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)

Changed paths: M libraries/plugins/import/ImportShp.class.php M libraries/zip_extension.lib.php M test/libraries/PMA_zip_extension_test.php

Log Message: ----------- Sanitize filename on SHP import

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 06a1677fef6e89ecad1df455f5af77a3457d3805 https://github.com/phpmyadmin/phpmyadmin/commit/06a1677fef6e89ecad1df455f5af... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)

Changed paths: M libraries/navigation/NavigationTree.class.php M libraries/navigation/Nodes/Node.class.php

Log Message: ----------- Properly escape NavigationTreeDbSeparator in queries

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 5c9f25db4648fa81a2e0b7375a61495b60313394 https://github.com/phpmyadmin/phpmyadmin/commit/5c9f25db4648fa81a2e0b7375a61... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)

Changed paths: M url.php

Log Message: ----------- Send standard set of HTTP headers on redirect

Signed-off-by: Michal Čihař michal@cihar.com

Commit: ec62a6d7d9fbbaf9ecf41477eaca7a52e0aade74 https://github.com/phpmyadmin/phpmyadmin/commit/ec62a6d7d9fbbaf9ecf41477eaca... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)

Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst M index.php M libraries/config/ServerConfigChecks.class.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php

Log Message: ----------- Backport cookie encryption from 4.6 branch

- Use hash_hmac for MAC rather than plain SHA1 - Use different secret for MAC than encryption - Merge pmaServer and pmaPass cookies - Document 32 chars length for blowfish_secret

Signed-off-by: Michal Čihař michal@cihar.com

Commit: d5570787a79ac1fe503bca6b340e860f7dcaf9d8 https://github.com/phpmyadmin/phpmyadmin/commit/d5570787a79ac1fe503bca6b340e... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)

Changed paths: M libraries/config/ServerConfigChecks.class.php

Log Message: ----------- Move return to correct place

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 1586714fe94098ea2bd7d4b57c9bd6e0b921322a https://github.com/phpmyadmin/phpmyadmin/commit/1586714fe94098ea2bd7d4b57c9b... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)

Changed paths: M libraries/config/ServerConfigChecks.class.php

Log Message: ----------- Revert "Move return to correct place"

This reverts commit d5570787a79ac1fe503bca6b340e860f7dcaf9d8.

Commit: 62ae47c0bc83ba53e4c200fba1fb832f765fb5f0 https://github.com/phpmyadmin/phpmyadmin/commit/62ae47c0bc83ba53e4c200fba1fb... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)

Changed paths: M libraries/create_addfield.lib.php M normalization.php M tbl_addfield.php

Log Message: ----------- Limit maximal numver of fields to 4096

Signed-off-by: Michal Čihař michal@cihar.com

Commit: a553a11764292dd96815ef60486cac93f55ed08b https://github.com/phpmyadmin/phpmyadmin/commit/a553a11764292dd96815ef60486c... Author: Michal Čihař michal@cihar.com Date: 2016-07-22 (Fri, 22 Jul 2016)

Changed paths: M file_echo.php

Log Message: ----------- Remove no longer used code

It was used by old charts code to download charts.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: d02d61ada7c8e29753fd37440b511a1088efb060 https://github.com/phpmyadmin/phpmyadmin/commit/d02d61ada7c8e29753fd37440b51... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)

Changed paths: M import.php M libraries/dbi/DBIMysql.class.php M libraries/dbi/DBIMysqli.class.php

Log Message: ----------- Enable LOAD DATA LOCAL INFILE only when needed

There is no need to have this feature allowed for normal SQL queries, it can lead to leaking sensitive files from the web server. It's enough to enable it only in LDI import plugin, where we control what queries are executed.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 2cfe5137695df8c917a7d50fdbe3afbbd22c66da https://github.com/phpmyadmin/phpmyadmin/commit/2cfe5137695df8c917a7d50fdbe3... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)

Changed paths: M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php

Log Message: ----------- Adjust cookie tests to match current code

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 3ded2394686bbdbee13caa13c5f59e424712482d https://github.com/phpmyadmin/phpmyadmin/commit/3ded2394686bbdbee13caa13c5f5... Author: Michal Čihař michal@cihar.com Date: 2016-07-23 (Sat, 23 Jul 2016)

Changed paths: M libraries/gis/GIS_Geometry.class.php

Log Message: ----------- Ensure GIS point coordinates are numeric

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 61591c4438ff1ab25c0d5a5fb3f0f363a627fe2c https://github.com/phpmyadmin/phpmyadmin/commit/61591c4438ff1ab25c0d5a5fb3f0... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)

Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php

Log Message: ----------- Remove option to show phpinfo() ($cfg['ShowPhpInfo'])

This is really more a PHP debugging feature than anything related to phpMyAdmin. If user wants to debug, it's as simple a creating file with one line of php code.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 0a3c6d3ddc1bdebf3d4cd12bae0f23c42b1b3915 https://github.com/phpmyadmin/phpmyadmin/commit/0a3c6d3ddc1bdebf3d4cd12bae0f... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)

Changed paths: R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh

Log Message: ----------- Move generator scripts out of the code

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 0cbf74792ff0344389dd0be2d6eb226b9b2c23e4 https://github.com/phpmyadmin/phpmyadmin/commit/0cbf74792ff0344389dd0be2d6eb... Author: Michal Čihař michal@cihar.com Date: 2016-07-26 (Tue, 26 Jul 2016)

Changed paths: M user_password.php

Log Message: ----------- Do not allow to set too long password

We do not accept password longer than 256 chars, so do not accept it on password change as well.

Signed-off-by: Michal Čihař michal@cihar.com

Commit: c3f6c8e5c834bef2d6d0577fe7251969e423639c https://github.com/phpmyadmin/phpmyadmin/commit/c3f6c8e5c834bef2d6d0577fe725... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)

Changed paths: M libraries/DbSearch.class.php

Log Message: ----------- Escape string when showing confirmation message

Signed-off-by: Michal Čihař michal@cihar.com

Commit: a1d29fabf8ee96b50f084887342d526bbf375c69 https://github.com/phpmyadmin/phpmyadmin/commit/a1d29fabf8ee96b50f084887342d... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)

Changed paths: M libraries/Response.class.php

Log Message: ----------- Do not try to wrap output in case response handling is disabled

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 4ef7964f60d6e998ef5f656542e751158aa98a3f https://github.com/phpmyadmin/phpmyadmin/commit/4ef7964f60d6e998ef5f656542e7... Author: Michal Čihař michal@cihar.com Date: 2016-07-28 (Thu, 28 Jul 2016)

Changed paths: M js/functions.js M version_check.php

Log Message: ----------- Add login and token validation to version_check

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 4dcdf5fc845261bd3de136ca71818dc4b482ac1d https://github.com/phpmyadmin/phpmyadmin/commit/4dcdf5fc845261bd3de136ca7181... Author: Michal Čihař michal@cihar.com Date: 2016-07-29 (Fri, 29 Jul 2016)

Changed paths: M libraries/replication.inc.php

Log Message: ----------- Move hostname sanitization to correct place

Signed-off-by: Michal Čihař michal@cihar.com

Commit: 39864227e7c33f9a6ef29890017e48164df54858 https://github.com/phpmyadmin/phpmyadmin/commit/39864227e7c33f9a6ef29890017e... Author: Isaac Bennetch bennetch@gmail.com Date: 2016-08-16 (Tue, 16 Aug 2016)

Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php

Log Message: ----------- Release 4.4.15.8

Signed-off-by: Isaac Bennetch bennetch@gmail.com

Compare: https://github.com/phpmyadmin/phpmyadmin/compare/d929c8962a04%5E...39864227e...