Branch: refs/tags/RELEASE_4_4_15_8 Home: https://github.com/phpmyadmin/phpmyadmin Commit: d929c8962a047d439f7d066caaf815e1dd4112ba https://github.com/phpmyadmin/phpmyadmin/commit/d929c8962a047d439f7d066caaf8... Author: Michal Čihař <michal@cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M phpinfo.php Log Message: ----------- Sent CSP headers for phpinfo Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 2989e4943b85e08e8a2e284e597e62ab7c823c0d https://github.com/phpmyadmin/phpmyadmin/commit/2989e4943b85e08e8a2e284e597e... Author: Michal Čihař <michal@cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/Util.class.php Log Message: ----------- Avoid possible path traversal using MySQL username Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 6b310f055e109de21af3ec9cda6ae4ff0f5f6f7e https://github.com/phpmyadmin/phpmyadmin/commit/6b310f055e109de21af3ec9cda6a... Author: Michal Čihař <michal@cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportPhparray.class.php Log Message: ----------- Generate valid PHP code even when table/database name contains PHP markup Signed-off-by: Michal Čihař <michal@cihar.com> Commit: e47a77db5d5a322e9beca989b71bcf53f48c6570 https://github.com/phpmyadmin/phpmyadmin/commit/e47a77db5d5a322e9beca989b71b... Author: Michal Čihař <michal@cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M test/classes/plugin/export/PMA_ExportPhparray_test.php Log Message: ----------- Fix PHP export tests Signed-off-by: Michal Čihař <michal@cihar.com> Commit: fac2bb1f7050c44af405b23b2cbab9822857914e https://github.com/phpmyadmin/phpmyadmin/commit/fac2bb1f7050c44af405b23b2cba... Author: Michal Čihař <michal@cihar.com> Date: 2016-06-30 (Thu, 30 Jun 2016) Changed paths: M libraries/plugins/export/ExportXml.class.php M test/classes/plugin/export/PMA_ExportXml_test.php Log Message: ----------- Properly escape generated XML export Many fields could contain XML markup, so we need to ensure the generated XML is valid. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: cd682a6ab8e31f22bbd13a26d0b71bfd601c9f5c https://github.com/phpmyadmin/phpmyadmin/commit/cd682a6ab8e31f22bbd13a26d0b7... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-08 (Fri, 08 Jul 2016) Changed paths: M libraries/plugins/auth/AuthenticationCookie.class.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Improve cookie encryption - use MAC to validate content before decryption - create unique IV for every cookie Signed-off-by: Michal Čihař <michal@cihar.com> Commit: ab0f14901fcaab649213fa6fd42832b52b34c4de https://github.com/phpmyadmin/phpmyadmin/commit/ab0f14901fcaab649213fa6fd428... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-09 (Sat, 09 Jul 2016) Changed paths: M composer.json M doc/other.rst M index.php M libraries/config/messages.inc.php M libraries/import.lib.php M libraries/plugins/import/README M po/af.po M po/ar.po M po/az.po M po/be.po M po/be@latin.po M po/bg.po M po/bn.po M po/br.po M po/bs.po M po/ca.po M po/ckb.po M po/cs.po M po/cy.po M po/da.po M po/de.po M po/el.po M po/en_GB.po M po/eo.po M po/es.po M po/et.po M po/eu.po M po/fa.po M po/fi.po M po/fr.po M po/fy.po M po/gl.po M po/he.po M po/hi.po M po/hr.po M po/hu.po M po/hy.po M po/ia.po M po/id.po M po/it.po M po/ja.po M po/ka.po M po/kk.po M po/km.po M po/kn.po M po/ko.po M po/ksh.po M po/ky.po M po/li.po M po/lt.po M po/lv.po M po/mk.po M po/ml.po M po/mn.po M po/ms.po M po/nb.po M po/ne.po M po/nl.po M po/pa.po M po/phpmyadmin.pot M po/pl.po M po/pt.po M po/pt_BR.po M po/ro.po M po/ru.po M po/si.po M po/sk.po M po/sl.po M po/sq.po M po/sr.po M po/sr@latin.po M po/sv.po M po/ta.po M po/te.po M po/th.po M po/tk.po M po/tr.po M po/tt.po M po/ug.po M po/uk.po M po/ur.po M po/uz.po M po/uz@latin.po M po/vi.po M po/vls.po M po/zh_CN.po M po/zh_TW.po M scripts/create-release.sh M test/libraries/core/PMA_getLinks_test.php Log Message: ----------- Use https for wiki links Signed-off-by: Michal Čihař <michal@cihar.com> Commit: fd8cdd79333e5ab47d395f5f5178faaaf795d39e https://github.com/phpmyadmin/phpmyadmin/commit/fd8cdd79333e5ab47d395f5f5178... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M libraries/replication_gui.lib.php M libraries/server_status_variables.lib.php Log Message: ----------- Properly escape MySQL status variables Signed-off-by: Michal Čihař <michal@cihar.com> Commit: bec52644f1faf641bf11b8bc365a21a8f84a639d https://github.com/phpmyadmin/phpmyadmin/commit/bec52644f1faf641bf11b8bc365a... Author: Isaac Bennetch <bennetch@gmail.com> Date: 2016-07-10 (Sun, 10 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Add Secure and HttpOnly flags for session cookie setup in examples Signed-off-by: Isaac Bennetch <bennetch@gmail.com> Commit: e291300af3cd3686c438ba36d9cd94c80353a820 https://github.com/phpmyadmin/phpmyadmin/commit/e291300af3cd3686c438ba36d9cd... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Make proxy IP parsing aware of multiple proxies Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 2257e60f78cf9d813f33b613524fd01e7be302eb https://github.com/phpmyadmin/phpmyadmin/commit/2257e60f78cf9d813f33b613524f... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M .scrutinizer.yml M build.xml M config.sample.inc.php M doc/config.rst M doc/setup.rst R examples/swekey.sample.conf M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php M libraries/plugins/auth/AuthenticationCookie.class.php R libraries/plugins/auth/swekey/authentication.inc.php R libraries/plugins/auth/swekey/musbe-ca.crt R libraries/plugins/auth/swekey/swekey.auth.lib.php R libraries/plugins/auth/swekey/swekey.php M phpunit.xml.dist M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Remove Swekey support It is buggy and their servers are no longer working. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 3d47645c55d6c18e4e140ebc4bbde746e7456959 https://github.com/phpmyadmin/phpmyadmin/commit/3d47645c55d6c18e4e140ebc4bbd... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Remove debugging code Signed-off-by: Michal Čihař <michal@cihar.com> Commit: de89b270f23c5210646d6d0867b5de34972befc9 https://github.com/phpmyadmin/phpmyadmin/commit/de89b270f23c5210646d6d0867b5... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-11 (Mon, 11 Jul 2016) Changed paths: M libraries/ip_allow_deny.lib.php Log Message: ----------- Fix syntax error in older PHP versions Signed-off-by: Michal Čihař <michal@cihar.com> Commit: d0b6abf5eb78ce7a175515165cd39e18bdb5836f https://github.com/phpmyadmin/phpmyadmin/commit/d0b6abf5eb78ce7a175515165cd3... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/tbl_gis_visualization.lib.php Log Message: ----------- Fix XSS in tbl_gis_visualization.php Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: 1dc9c7d1fca15c3f6170729429912b88e513e970 https://github.com/phpmyadmin/phpmyadmin/commit/1dc9c7d1fca15c3f617072942991... Author: Madhura Jayaratne <madhura.cj@gmail.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/replication_gui.lib.php Log Message: ----------- Fix XSS in server_replication.php Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com> Commit: 63af274953f7047bae39bc4d2aa59bd450cf9f05 https://github.com/phpmyadmin/phpmyadmin/commit/63af274953f7047bae39bc4d2aa5... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php Log Message: ----------- Use whitelist rather than blacklist for URL filtering Signed-off-by: Michal Čihař <michal@cihar.com> Commit: cee1a8d3f5de1ebe21df0b484c16822293b94130 https://github.com/phpmyadmin/phpmyadmin/commit/cee1a8d3f5de1ebe21df0b484c16... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M changelog.php M index.php M libraries/display_git_revision.lib.php M libraries/engines/pbxt.lib.php M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php M libraries/sanitizing.lib.php M themes.php Log Message: ----------- Add rel="noopener noreferrer" to all target="_blank" links Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 37a1f4f4995a918af9e060813eb2a86cf211d0b7 https://github.com/phpmyadmin/phpmyadmin/commit/37a1f4f4995a918af9e060813eb2... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M test/classes/PMA_DisplayResults_test.php M test/classes/plugin/transformations/Transformation_Plugins_test.php M test/engines/PMA_StorageEngine_pbxt_test.php Log Message: ----------- Adjust tests to recent changes Signed-off-by: Michal Čihař <michal@cihar.com> Commit: bf322fdea3ec06275e2588d1d879b410e2c8d2d9 https://github.com/phpmyadmin/phpmyadmin/commit/bf322fdea3ec06275e2588d1d879... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/ImageLinkTransformationsPlugin.class.php M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php M test/classes/plugin/transformations/Transformation_Plugins_test.php Log Message: ----------- Use _blank target instead of invalid _new Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 76b5dd2948bd114e2468afd375b3e9a6bbc30059 https://github.com/phpmyadmin/phpmyadmin/commit/76b5dd2948bd114e2468afd375b3... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/export/ExportMediawiki.class.php Log Message: ----------- Escape HTML in Mediawiki comments Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 6e8a1c03d2fc31714ef35a0ea24277cf863b44a2 https://github.com/phpmyadmin/phpmyadmin/commit/6e8a1c03d2fc31714ef35a0ea242... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/tracking.lib.php Log Message: ----------- Ensure last version is numeric Signed-off-by: Michal Čihař <michal@cihar.com> Commit: b758a9e36705932f0fe35b33a9faca354ed62a3a https://github.com/phpmyadmin/phpmyadmin/commit/b758a9e36705932f0fe35b33a9fa... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M examples/openid.php M examples/signon.php Log Message: ----------- Hide session error messages to avoid FPD Signed-off-by: Michal Čihař <michal@cihar.com> Commit: c976baa8f6606cf4f127bcd44bf8a2b79459c550 https://github.com/phpmyadmin/phpmyadmin/commit/c976baa8f6606cf4f127bcd44bf8... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M import.php M libraries/File.class.php M libraries/file_listing.lib.php Log Message: ----------- Do not allow symlinks in UploadDir Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 698ef5155a1220d4d1392ebe37c21132115e32ce https://github.com/phpmyadmin/phpmyadmin/commit/698ef5155a1220d4d1392ebe37c2... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.class.php Log Message: ----------- Use phpseclib's Crypt module to generate encryption keys Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 2cd97c646650e6554b9a519606dd213b78546b64 https://github.com/phpmyadmin/phpmyadmin/commit/2cd97c646650e6554b9a519606dd... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php M test/classes/plugin/transformations/Transformation_Plugins_test.php Log Message: ----------- Use iframe sandbox for rendering HTML in transformation Signed-off-by: Michal Čihař <michal@cihar.com> Commit: beaaaa9efd7f3e6e61aa038edfede98632599fe6 https://github.com/phpmyadmin/phpmyadmin/commit/beaaaa9efd7f3e6e61aa038edfed... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/VersionInformation.php M libraries/error_report.lib.php Log Message: ----------- Prefer curl over file_get_contents Curl is better in SSL certificate verification. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 10bdb0df4a73013112d146a0c046c903d1e2b3e3 https://github.com/phpmyadmin/phpmyadmin/commit/10bdb0df4a73013112d146a0c046... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/config/Validator.class.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M libraries/replication.inc.php A test/libraries/core/PMA_sanitizeMySQLHost_test.php Log Message: ----------- Sanitize MySQL host name before connecting It can contain p: prefix which we don't want to honor. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 2104fb66eb2b0194dabd96c0685b874db2de9af2 https://github.com/phpmyadmin/phpmyadmin/commit/2104fb66eb2b0194dabd96c0685b... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/core.lib.php M libraries/tracking.lib.php A test/libraries/core/PMA_safeUnserialize_test.php Log Message: ----------- Validate serialized data before unserializing We need only strings, integers or arrays, so there is no need to unserialize strings containing any complex types. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: b1801af0c118e4a47a54968c7e1236cd39c670af https://github.com/phpmyadmin/phpmyadmin/commit/b1801af0c118e4a47a54968c7e12... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/display_create_database.lib.php Log Message: ----------- Escape suggested database name Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 5d427d65089af5106ae0e306379d99b6d3c51764 https://github.com/phpmyadmin/phpmyadmin/commit/5d427d65089af5106ae0e306379d... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/db_designer.lib.php M libraries/plugins/schema/Export_Relation_Schema.class.php M libraries/pmd_common.php M libraries/relation.lib.php Log Message: ----------- Ensure page number is integer Even if somebody decides to change configuration storage structure. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: b49dba4bdcb58a8717c42e351a6cce462efd2599 https://github.com/phpmyadmin/phpmyadmin/commit/b49dba4bdcb58a8717c42e351a6c... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-12 (Tue, 12 Jul 2016) Changed paths: M libraries/RecentFavoriteTable.class.php M libraries/Table.class.php Log Message: ----------- Correctly escape MySQL username in queries Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 2582fa1018e19f2b58b541bbe466a20f2cbd88d4 https://github.com/phpmyadmin/phpmyadmin/commit/2582fa1018e19f2b58b541bbe466... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Validate image scaling dimensions Ensure we pass only integers and they are not too big. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 5b7da187d0bfc3de3ff8a15767f88556363281d7 https://github.com/phpmyadmin/phpmyadmin/commit/5b7da187d0bfc3de3ff8a15767f8... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugin_interface.lib.php Log Message: ----------- Do not try to create non existing classes Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 4f8a16cc008ebf81a06eef0656d3f46f5380ffe9 https://github.com/phpmyadmin/phpmyadmin/commit/4f8a16cc008ebf81a06eef0656d3... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Properly handle newlines in SQL comments Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 566a6885e82aa54f25843664443b11ca45c106bc https://github.com/phpmyadmin/phpmyadmin/commit/566a6885e82aa54f25843664443b... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Do not use empty MIME type This will turn on content sniffing in browser leading to unwanted results. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: fb0e7ea4b4f795946f6b723dd8086594aed49d5e https://github.com/phpmyadmin/phpmyadmin/commit/fb0e7ea4b4f795946f6b723dd808... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M transformation_wrapper.php Log Message: ----------- Escape HTML markup in transformation wrapper ...in case content type is html. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 93a6913196e60d87772e795b1374fab894475f84 https://github.com/phpmyadmin/phpmyadmin/commit/93a6913196e60d87772e795b1374... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/server_user_groups.lib.php Log Message: ----------- Add missing escaping in user group queries Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 4062df92df1ef0f3c548807da3b6c7b63d2f74d6 https://github.com/phpmyadmin/phpmyadmin/commit/4062df92df1ef0f3c548807da3b6... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/RegexValidationTransformationsPlugin.class.php Log Message: ----------- Properly escape error input in the message Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 1c62be26242489ca30357a8fe423b708c5659059 https://github.com/phpmyadmin/phpmyadmin/commit/1c62be26242489ca30357a8fe423... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/ImageUploadTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal@cihar.com> Commit: f6af4f32cd4112d774d823e236982a218569d13c https://github.com/phpmyadmin/phpmyadmin/commit/f6af4f32cd4112d774d823e23698... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 5ea073c2a3b07e4d58dc4d9be3106526f1edf6c3 https://github.com/phpmyadmin/phpmyadmin/commit/5ea073c2a3b07e4d58dc4d9be310... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php Log Message: ----------- Ensure widht and height are integers Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 6f3cd526e3e6acd655899c6edccb92cdcb62a493 https://github.com/phpmyadmin/phpmyadmin/commit/6f3cd526e3e6acd655899c6edccb... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M js/tbl_relation.js Log Message: ----------- Properly escape foreign key selection Signed-off-by: Michal Čihař <michal@cihar.com> Commit: b8c216c81910f77dffaae6dba49631324d9afbbc https://github.com/phpmyadmin/phpmyadmin/commit/b8c216c81910f77dffaae6dba496... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/TableSearch.class.php Log Message: ----------- HML encode embedded JSON data Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 2ac1359292f8ae081a7f9565a70ecb6afbd1f78b https://github.com/phpmyadmin/phpmyadmin/commit/2ac1359292f8ae081a7f9565a70e... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/plugins/export/ExportSql.class.php Log Message: ----------- Fix exporting multiline comments Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 3b885af874762abb1b0b28c7fa8ca3406115abfc https://github.com/phpmyadmin/phpmyadmin/commit/3b885af874762abb1b0b28c7fa8c... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M test/classes/plugin/transformations/Transformation_Plugins_test.php Log Message: ----------- Fix tests for transformations Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 91336e1d5c556b5f4d6a6a8fa79ad12369fa5412 https://github.com/phpmyadmin/phpmyadmin/commit/91336e1d5c556b5f4d6a6a8fa79a... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M test/classes/PMA_TableSearch_test.php Log Message: ----------- Fix test for table search Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 20db714269a65b4a6e893e9ae8b52be53cb378e7 https://github.com/phpmyadmin/phpmyadmin/commit/20db714269a65b4a6e893e9ae8b5... Author: Isaac Bennetch <bennetch@gmail.com> Date: 2016-07-13 (Wed, 13 Jul 2016) Changed paths: M libraries/navigation/Nodes/Node_Database.class.php Log Message: ----------- Add missing escaping in navigation pane Signed-off-by: Isaac Bennetch <bennetch@gmail.com> Commit: bf9ad3a8eb4e66892d394f7073af669d483d4e31 https://github.com/phpmyadmin/phpmyadmin/commit/bf9ad3a8eb4e66892d394f7073af... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M ChangeLog M README M README.rst M changelog.php M config.sample.inc.php M doc/config.rst M doc/transformations.rst M index.php M libraries/Util.class.php M libraries/error_report.lib.php M libraries/plugins/export/ExportLatex.class.php M libraries/plugins/export/ExportSql.class.php M libraries/plugins/export/ExportXml.class.php M po/es.po M test/classes/PMA_Config_test.php M test/classes/PMA_Message_test.php M test/classes/config/PMA_FormDisplay_test.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php M test/classes/plugin/export/PMA_ExportXml_test.php M test/classes/plugin/transformations/Transformation_Plugins_test.php M test/libraries/PMA_FormDisplay_tpl_test.php M test/libraries/PMA_sanitize_test.php M test/libraries/PMA_user_preferences_test.php M test/libraries/common/PMA_showDocu_test.php M test/test_data/exploit_test.sql M test/test_data/phpmyadmin_importXML_For_Testing.xml M test/test_data/pma_bookmark.sql Log Message: ----------- Use https to access phpmyadmin.net Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 88c72dc8dfc7033453cdc0f266b9c472e11db07c https://github.com/phpmyadmin/phpmyadmin/commit/88c72dc8dfc7033453cdc0f266b9... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-18 (Mon, 18 Jul 2016) Changed paths: M libraries/core.lib.php Log Message: ----------- Improve URL filtering in url.php Signed-off-by: Michal Čihař <michal@cihar.com> Commit: e31ac0b6832a594a0344ddeb0b7d4516516454bf https://github.com/phpmyadmin/phpmyadmin/commit/e31ac0b6832a594a0344ddeb0b7d... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php Log Message: ----------- Delete temporary file before reporting error Signed-off-by: Michal Čihař <michal@cihar.com> Commit: f80a250873210f7c98b5dc5a7131adeaa057486e https://github.com/phpmyadmin/phpmyadmin/commit/f80a250873210f7c98b5dc5a7131... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/plugins/import/ImportShp.class.php M libraries/zip_extension.lib.php M test/libraries/PMA_zip_extension_test.php Log Message: ----------- Sanitize filename on SHP import Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 06a1677fef6e89ecad1df455f5af77a3457d3805 https://github.com/phpmyadmin/phpmyadmin/commit/06a1677fef6e89ecad1df455f5af... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/navigation/NavigationTree.class.php M libraries/navigation/Nodes/Node.class.php Log Message: ----------- Properly escape NavigationTreeDbSeparator in queries Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 5c9f25db4648fa81a2e0b7375a61495b60313394 https://github.com/phpmyadmin/phpmyadmin/commit/5c9f25db4648fa81a2e0b7375a61... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M url.php Log Message: ----------- Send standard set of HTTP headers on redirect Signed-off-by: Michal Čihař <michal@cihar.com> Commit: ec62a6d7d9fbbaf9ecf41477eaca7a52e0aade74 https://github.com/phpmyadmin/phpmyadmin/commit/ec62a6d7d9fbbaf9ecf41477eaca... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M config.sample.inc.php M doc/config.rst M doc/setup.rst M index.php M libraries/config/ServerConfigChecks.class.php M libraries/core.lib.php M libraries/plugins/auth/AuthenticationCookie.class.php M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Backport cookie encryption from 4.6 branch - Use hash_hmac for MAC rather than plain SHA1 - Use different secret for MAC than encryption - Merge pmaServer and pmaPass cookies - Document 32 chars length for blowfish_secret Signed-off-by: Michal Čihař <michal@cihar.com> Commit: d5570787a79ac1fe503bca6b340e860f7dcaf9d8 https://github.com/phpmyadmin/phpmyadmin/commit/d5570787a79ac1fe503bca6b340e... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.class.php Log Message: ----------- Move return to correct place Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 1586714fe94098ea2bd7d4b57c9bd6e0b921322a https://github.com/phpmyadmin/phpmyadmin/commit/1586714fe94098ea2bd7d4b57c9b... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/config/ServerConfigChecks.class.php Log Message: ----------- Revert "Move return to correct place" This reverts commit d5570787a79ac1fe503bca6b340e860f7dcaf9d8. Commit: 62ae47c0bc83ba53e4c200fba1fb832f765fb5f0 https://github.com/phpmyadmin/phpmyadmin/commit/62ae47c0bc83ba53e4c200fba1fb... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M libraries/create_addfield.lib.php M normalization.php M tbl_addfield.php Log Message: ----------- Limit maximal numver of fields to 4096 Signed-off-by: Michal Čihař <michal@cihar.com> Commit: a553a11764292dd96815ef60486cac93f55ed08b https://github.com/phpmyadmin/phpmyadmin/commit/a553a11764292dd96815ef60486c... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-22 (Fri, 22 Jul 2016) Changed paths: M file_echo.php Log Message: ----------- Remove no longer used code It was used by old charts code to download charts. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: d02d61ada7c8e29753fd37440b511a1088efb060 https://github.com/phpmyadmin/phpmyadmin/commit/d02d61ada7c8e29753fd37440b51... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M import.php M libraries/dbi/DBIMysql.class.php M libraries/dbi/DBIMysqli.class.php Log Message: ----------- Enable LOAD DATA LOCAL INFILE only when needed There is no need to have this feature allowed for normal SQL queries, it can lead to leaking sensitive files from the web server. It's enough to enable it only in LDI import plugin, where we control what queries are executed. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 2cfe5137695df8c917a7d50fdbe3afbbd22c66da https://github.com/phpmyadmin/phpmyadmin/commit/2cfe5137695df8c917a7d50fdbe3... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php Log Message: ----------- Adjust cookie tests to match current code Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 3ded2394686bbdbee13caa13c5f59e424712482d https://github.com/phpmyadmin/phpmyadmin/commit/3ded2394686bbdbee13caa13c5f5... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-23 (Sat, 23 Jul 2016) Changed paths: M libraries/gis/GIS_Geometry.class.php Log Message: ----------- Ensure GIS point coordinates are numeric Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 61591c4438ff1ab25c0d5a5fb3f0f363a627fe2c https://github.com/phpmyadmin/phpmyadmin/commit/61591c4438ff1ab25c0d5a5fb3f0... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M doc/config.rst M index.php M libraries/common.inc.php M libraries/config.default.php M libraries/config/messages.inc.php M libraries/config/setup.forms.php R phpinfo.php Log Message: ----------- Remove option to show phpinfo() ($cfg['ShowPhpInfo']) This is really more a PHP debugging feature than anything related to phpMyAdmin. If user wants to debug, it's as simple a creating file with one line of php code. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 0a3c6d3ddc1bdebf3d4cd12bae0f23c42b1b3915 https://github.com/phpmyadmin/phpmyadmin/commit/0a3c6d3ddc1bdebf3d4cd12bae0f... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: R libraries/plugins/transformations/generator_main_class.sh R libraries/plugins/transformations/generator_plugin.sh A scripts/transformations_generator_main_class.sh A scripts/transformations_generator_plugin.sh Log Message: ----------- Move generator scripts out of the code Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 0cbf74792ff0344389dd0be2d6eb226b9b2c23e4 https://github.com/phpmyadmin/phpmyadmin/commit/0cbf74792ff0344389dd0be2d6eb... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-26 (Tue, 26 Jul 2016) Changed paths: M user_password.php Log Message: ----------- Do not allow to set too long password We do not accept password longer than 256 chars, so do not accept it on password change as well. Signed-off-by: Michal Čihař <michal@cihar.com> Commit: c3f6c8e5c834bef2d6d0577fe7251969e423639c https://github.com/phpmyadmin/phpmyadmin/commit/c3f6c8e5c834bef2d6d0577fe725... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/DbSearch.class.php Log Message: ----------- Escape string when showing confirmation message Signed-off-by: Michal Čihař <michal@cihar.com> Commit: a1d29fabf8ee96b50f084887342d526bbf375c69 https://github.com/phpmyadmin/phpmyadmin/commit/a1d29fabf8ee96b50f084887342d... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M libraries/Response.class.php Log Message: ----------- Do not try to wrap output in case response handling is disabled Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 4ef7964f60d6e998ef5f656542e751158aa98a3f https://github.com/phpmyadmin/phpmyadmin/commit/4ef7964f60d6e998ef5f656542e7... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-28 (Thu, 28 Jul 2016) Changed paths: M js/functions.js M version_check.php Log Message: ----------- Add login and token validation to version_check Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 4dcdf5fc845261bd3de136ca71818dc4b482ac1d https://github.com/phpmyadmin/phpmyadmin/commit/4dcdf5fc845261bd3de136ca7181... Author: Michal Čihař <michal@cihar.com> Date: 2016-07-29 (Fri, 29 Jul 2016) Changed paths: M libraries/replication.inc.php Log Message: ----------- Move hostname sanitization to correct place Signed-off-by: Michal Čihař <michal@cihar.com> Commit: 39864227e7c33f9a6ef29890017e48164df54858 https://github.com/phpmyadmin/phpmyadmin/commit/39864227e7c33f9a6ef29890017e... Author: Isaac Bennetch <bennetch@gmail.com> Date: 2016-08-16 (Tue, 16 Aug 2016) Changed paths: M ChangeLog M README M doc/conf.py M libraries/Config.class.php Log Message: ----------- Release 4.4.15.8 Signed-off-by: Isaac Bennetch <bennetch@gmail.com> Compare: https://github.com/phpmyadmin/phpmyadmin/compare/d929c8962a04^...39864227e7c3