[Phpmyadmin-git] [phpmyadmin/phpmyadmin] 01d35b: fix self-XSS, thanks to Michał Bentkowski for repo...
Marc Delisle
marc at infomarc.info
Sun Jul 28 11:48:42 CEST 2013
Branch: refs/heads/MAINT_3_5_8
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: 01d35b3558e47fba947719857bd71f6fd9e5dce8
https://github.com/phpmyadmin/phpmyadmin/commit/01d35b3558e47fba947719857bd71f6fd9e5dce8
Author: Dieter Adriaenssens <ruleant at users.sourceforge.net>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M libraries/display_tbl.lib.php
Log Message:
-----------
fix self-XSS, thanks to Michał Bentkowski for reporting, see PMASA-2013-8
Commit: 99e97594258a10c55fb825de6a8031356d24dbe2
https://github.com/phpmyadmin/phpmyadmin/commit/99e97594258a10c55fb825de6a8031356d24dbe2
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M ChangeLog
Log Message:
-----------
ChangeLog entry for PMASA-2013-8
Commit: 7f9d762e89157144fbcc01167a3141e39ac25da1
https://github.com/phpmyadmin/phpmyadmin/commit/7f9d762e89157144fbcc01167a3141e39ac25da1
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M ChangeLog
M js/tbl_chart.js
Log Message:
-----------
Fix self-XSS in Display chart, see PMASA-2013-9
Commit: 6f003b0ccb1293e5ff5be41bd25582485f480743
https://github.com/phpmyadmin/phpmyadmin/commit/6f003b0ccb1293e5ff5be41bd25582485f480743
Author: J.M <me at mynetx.net>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M ChangeLog
M server_status.php
Log Message:
-----------
Fix stored XSS in Server status monitor, see PMASA-2013-9
Commit: 7c58ed002f570c3793df0a77a625d3177ee9a12e
https://github.com/phpmyadmin/phpmyadmin/commit/7c58ed002f570c3793df0a77a625d3177ee9a12e
Author: J.M <me at mynetx.net>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M ChangeLog
M libraries/navigation_header.inc.php
Log Message:
-----------
Fix stored XSS in navigation panel logo link, see PMASA-2013-9
Commit: 845dae144f4ed665a14bf4912046d5d3d220ef96
https://github.com/phpmyadmin/phpmyadmin/commit/845dae144f4ed665a14bf4912046d5d3d220ef96
Author: J.M <me at mynetx.net>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M ChangeLog
M libraries/config/validate.lib.php
Log Message:
-----------
Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
Commit: 9d3941059a7e6a9c12f27c837ea3886b98ac653c
https://github.com/phpmyadmin/phpmyadmin/commit/9d3941059a7e6a9c12f27c837ea3886b98ac653c
Author: J.M <me at mynetx.net>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M ChangeLog
M version_check.php
Log Message:
-----------
JSON content type header for version_check.php, see PMASA-2013-9
Commit: f8754f0c63b858a8338cb2e22003477b58a882d2
https://github.com/phpmyadmin/phpmyadmin/commit/f8754f0c63b858a8338cb2e22003477b58a882d2
Author: J.M <me at mynetx.net>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
A js/jquery/jquery-1.6.2+fix-9521.js
R js/jquery/jquery-1.6.2.js
Log Message:
-----------
Rename jQuery file
Commit: adb2ed34dd40996b5bd269fed43c9c9904e563e5
https://github.com/phpmyadmin/phpmyadmin/commit/adb2ed34dd40996b5bd269fed43c9c9904e563e5
Author: Dave Methvin <dave.methvin at gmail.com>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M js/jquery/jquery-1.6.2+fix-9521.js
Log Message:
-----------
Prioritize #id over <tag> to avoid XSS via location.hash (#9521)
Signed-off-by: J.M. <me at mynetx.net>
Commit: 2fd460fa60022206a14bd3ac3966c324ca93c3b1
https://github.com/phpmyadmin/phpmyadmin/commit/2fd460fa60022206a14bd3ac3966c324ca93c3b1
Author: J.M <me at mynetx.net>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M js/jquery/jquery-1.6.2+fix-9521.js
Log Message:
-----------
Add comment about included fix in jQuery file header
Commit: 045a82e133ced81acf37b159c4a7270b0175070b
https://github.com/phpmyadmin/phpmyadmin/commit/045a82e133ced81acf37b159c4a7270b0175070b
Author: J.M <me at mynetx.net>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M index.php
M libraries/common.inc.php
M navigation.php
M setup/index.php
Log Message:
-----------
Update jQuery references to jQuery-1.6.2+fix-9521.js
Commit: d92ab0e10ad5ecc18db40412c54e354e2627e1ca
https://github.com/phpmyadmin/phpmyadmin/commit/d92ab0e10ad5ecc18db40412c54e354e2627e1ca
Author: J.M <me at mynetx.net>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M ChangeLog
Log Message:
-----------
Add ChangeLog entry for jQuery 1.6.3 fix backport
Commit: 299c481a58386a846884720d90682ad4079edf3a
https://github.com/phpmyadmin/phpmyadmin/commit/299c481a58386a846884720d90682ad4079edf3a
Author: J.M <me at mynetx.net>
Date: 2013-07-08 (Mon, 08 Jul 2013)
Changed paths:
M ChangeLog
M index.php
A js/jquery/jquery-1.6.2+fix-9521.js
R js/jquery/jquery-1.6.2.js
M libraries/common.inc.php
M navigation.php
M setup/index.php
Log Message:
-----------
Merge branch 'mynetx/patch-jquery-1-6-2'
[security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMASA-2013-9
Commit: 0440926bcdf98cda6f9096b7988bd8e01bf6711d
https://github.com/phpmyadmin/phpmyadmin/commit/0440926bcdf98cda6f9096b7988bd8e01bf6711d
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-11 (Thu, 11 Jul 2013)
Changed paths:
M libraries/Error.class.php
M libraries/Error_Handler.class.php
M libraries/common.inc.php
Log Message:
-----------
[security] Avoid full path disclosure from some libraries script, see
PMASA-2013-12
Move the PHPMYADMIN constant definition earlier
Commit: 63848b24389dfabda8306112e20742b3ff7b8b12
https://github.com/phpmyadmin/phpmyadmin/commit/63848b24389dfabda8306112e20742b3ff7b8b12
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-11 (Thu, 11 Jul 2013)
Changed paths:
M libraries/Config.class.php
M libraries/List_Database.class.php
M libraries/PDF.class.php
M libraries/PMA.php
M libraries/RecentTable.class.php
M libraries/bookmark.lib.php
Log Message:
-----------
[security] Avoid full path disclosure from some libraries scripts, see PMASA-2013-12
Commit: 4cc91616057d7517df306fe27b291c9639493d88
https://github.com/phpmyadmin/phpmyadmin/commit/4cc91616057d7517df306fe27b291c9639493d88
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-12 (Fri, 12 Jul 2013)
Changed paths:
M libraries/common.inc.php
Log Message:
-----------
[security] Avoid full path disclosure from libraries/common.inc.php, see PMASA-2013-12
Commit: 5d49c44fb862bfdfb8205ff15e8469cfb1b1c5d9
https://github.com/phpmyadmin/phpmyadmin/commit/5d49c44fb862bfdfb8205ff15e8469cfb1b1c5d9
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-13 (Sat, 13 Jul 2013)
Changed paths:
M libraries/auth/swekey/swekey.auth.lib.php
M libraries/config.default.php
M libraries/data_drizzle.inc.php
M libraries/data_mysql.inc.php
Log Message:
-----------
[security] Avoid full path disclosure from some libraries scripts, see PMASA-2013-12
Commit: 2f93578e20fd422f922183254dd50318d03a3e24
https://github.com/phpmyadmin/phpmyadmin/commit/2f93578e20fd422f922183254dd50318d03a3e24
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-15 (Mon, 15 Jul 2013)
Changed paths:
M libraries/common.inc.php
Log Message:
-----------
Move protection statement at beginning of script
Commit: 8559162ebc8ce822fa01ac429a6aab08cfa4ceda
https://github.com/phpmyadmin/phpmyadmin/commit/8559162ebc8ce822fa01ac429a6aab08cfa4ceda
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-15 (Mon, 15 Jul 2013)
Changed paths:
M libraries/dbi/drizzle-wrappers.lib.php
M libraries/display_tbl.lib.php
M libraries/engines/bdb.lib.php
M libraries/engines/berkeleydb.lib.php
M libraries/engines/binlog.lib.php
M libraries/engines/innobase.lib.php
M libraries/engines/innodb.lib.php
M libraries/engines/memory.lib.php
M libraries/engines/merge.lib.php
M libraries/engines/mrg_myisam.lib.php
M libraries/engines/myisam.lib.php
M libraries/engines/ndbcluster.lib.php
M libraries/engines/pbms.lib.php
M libraries/engines/pbxt.lib.php
Log Message:
-----------
[security] Avoid full path disclosure from some libraries scripts, see PMASA-2013-12
Commit: 1c1e3dca2b0cdfe10615f51a73b7d00718ad8d4b
https://github.com/phpmyadmin/phpmyadmin/commit/1c1e3dca2b0cdfe10615f51a73b7d00718ad8d4b
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths:
M libraries/pmd_common.php
M libraries/schema/Pdf_Relation_Schema.class.php
Log Message:
-----------
[security] Avoid full path disclosure from some libraries scripts, see PMASA-2013-12
Commit: cd587e6fbce2a85fd6c435fec4ee9449b4c5c5df
https://github.com/phpmyadmin/phpmyadmin/commit/cd587e6fbce2a85fd6c435fec4ee9449b4c5c5df
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths:
R libraries/.htaccess
Log Message:
-----------
Delete .htaccess which does not work on all web servers
Commit: 8e488a61de87c122d7ee28f03a3b31242d43fb18
https://github.com/phpmyadmin/phpmyadmin/commit/8e488a61de87c122d7ee28f03a3b31242d43fb18
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths:
R setup/frames/.htaccess
R setup/lib/.htaccess
Log Message:
-----------
Remove other .htaccess for directories which are not at risk
Commit: 3b723eba5b192804ab2476ceba7ecd3b471913c6
https://github.com/phpmyadmin/phpmyadmin/commit/3b723eba5b192804ab2476ceba7ecd3b471913c6
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-17 (Wed, 17 Jul 2013)
Changed paths:
M ChangeLog
Log Message:
-----------
ChangeLog entry for full path disclosure fixes
Commit: 4cbeef599cda87c6d2b1d7ef5542fe1ff316f706
https://github.com/phpmyadmin/phpmyadmin/commit/4cbeef599cda87c6d2b1d7ef5542fe1ff316f706
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-23 (Tue, 23 Jul 2013)
Changed paths:
M ChangeLog
M pmd_pdf.php
Log Message:
-----------
Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
Commit: 20f71e767bcd037178cb5455543071323bc7ffd9
https://github.com/phpmyadmin/phpmyadmin/commit/20f71e767bcd037178cb5455543071323bc7ffd9
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-23 (Tue, 23 Jul 2013)
Changed paths:
M ChangeLog
M schema_export.php
Log Message:
-----------
[security] Fix control user SQL injection in schema_export.php, see PMASA-2015
Commit: dede065d7ad59fb7c31ae384961564b7f7a7c005
https://github.com/phpmyadmin/phpmyadmin/commit/dede065d7ad59fb7c31ae384961564b7f7a7c005
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-23 (Tue, 23 Jul 2013)
Changed paths:
M ChangeLog
M libraries/schema/Export_Relation_Schema.class.php
Log Message:
-----------
[security] Fix self-XSS in schema export, see PMASA-2013-14
Commit: 333d82d3271b2a1b445134bb6bbb15ae8c9ba8a6
https://github.com/phpmyadmin/phpmyadmin/commit/333d82d3271b2a1b445134bb6bbb15ae8c9ba8a6
Author: Dieter Adriaenssens <ruleant at users.sourceforge.net>
Date: 2013-07-27 (Sat, 27 Jul 2013)
Changed paths:
M ChangeLog
M version_check.php
Log Message:
-----------
[security] Fix unencoded json object, see PMASA-2013-11
Commit: 633c628e5cd8dcbbf17ad79d26b17a8b31ee9b7b
https://github.com/phpmyadmin/phpmyadmin/commit/633c628e5cd8dcbbf17ad79d26b17a8b31ee9b7b
Author: Marc Delisle <marc at infomarc.info>
Date: 2013-07-28 (Sun, 28 Jul 2013)
Changed paths:
M ChangeLog
M Documentation.html
M README
M libraries/Config.class.php
Log Message:
-----------
3.5.8.2 release
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/ddada9fb9599...633c628e5cd8
More information about the Git
mailing list