[Phpmyadmin-git] [phpmyadmin/phpmyadmin] 56e9ed: fix unescaped parameter, see PMASA-2013-8 for deta...

Marc Delisle marc at infomarc.info
Sun Jul 28 13:16:48 CEST 2013


  Branch: refs/heads/STABLE
  Home:   https://github.com/phpmyadmin/phpmyadmin
  Commit: 56e9ede5223219cef2187ced385924ef2e0ae21d
      https://github.com/phpmyadmin/phpmyadmin/commit/56e9ede5223219cef2187ced385924ef2e0ae21d
  Author: Dieter Adriaenssens <ruleant at users.sourceforge.net>
  Date:   2013-07-07 (Sun, 07 Jul 2013)

  Changed paths:
    M libraries/DisplayResults.class.php

  Log Message:
  -----------
  fix unescaped parameter, see PMASA-2013-8 for details


  Commit: ff27a2c5e0c706f401b7ee8677cbd46568a4eca2
      https://github.com/phpmyadmin/phpmyadmin/commit/ff27a2c5e0c706f401b7ee8677cbd46568a4eca2
  Author: Dieter Adriaenssens <ruleant at users.sourceforge.net>
  Date:   2013-07-07 (Sun, 07 Jul 2013)

  Changed paths:
    M libraries/DisplayResults.class.php

  Log Message:
  -----------
  add total as parameter to message


  Commit: 2005c4b7c15afa61a41e1087464fe12645f535e1
      https://github.com/phpmyadmin/phpmyadmin/commit/2005c4b7c15afa61a41e1087464fe12645f535e1
  Author: J.M <me at mynetx.net>
  Date:   2013-07-07 (Sun, 07 Jul 2013)

  Changed paths:
    M ChangeLog
    M server_status.php

  Log Message:
  -----------
  [security] Fix stored XSS in Server status monitor, see PMASA-2013-9


  Commit: d096a0fc46ef4708f3f4a440a8aba40163e3b72a
      https://github.com/phpmyadmin/phpmyadmin/commit/d096a0fc46ef4708f3f4a440a8aba40163e3b72a
  Author: J.M <me at mynetx.net>
  Date:   2013-07-07 (Sun, 07 Jul 2013)

  Changed paths:
    M ChangeLog
    M libraries/navigation/NavigationHeader.class.php

  Log Message:
  -----------
  [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9


  Commit: e0d8568ac681073b09f10ad1c4d801df36290036
      https://github.com/phpmyadmin/phpmyadmin/commit/e0d8568ac681073b09f10ad1c4d801df36290036
  Author: J.M <me at mynetx.net>
  Date:   2013-07-07 (Sun, 07 Jul 2013)

  Changed paths:
    M ChangeLog
    M libraries/config/validate.lib.php

  Log Message:
  -----------
  [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9


  Commit: 0fea53b7b82134ce0e1979a71b7ce080b5b6ff9a
      https://github.com/phpmyadmin/phpmyadmin/commit/0fea53b7b82134ce0e1979a71b7ce080b5b6ff9a
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-17 (Wed, 17 Jul 2013)

  Changed paths:
    M libraries/Error.class.php
    M libraries/Error_Handler.class.php
    M libraries/common.inc.php

  Log Message:
  -----------
  [security] Avoid full path disclosure from some libraries script, see
PMASA-2013-12

Move the PHPMYADMIN constant definition earlier


  Commit: 45d3f4326cad32b09b8d3a07382faf1eeda30dba
      https://github.com/phpmyadmin/phpmyadmin/commit/45d3f4326cad32b09b8d3a07382faf1eeda30dba
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-17 (Wed, 17 Jul 2013)

  Changed paths:
    M libraries/Config.class.php
    M libraries/List_Database.class.php
    M libraries/PMA.php
    M libraries/RecentTable.class.php
    M libraries/bookmark.lib.php

  Log Message:
  -----------
  Fix merge conflicts


  Commit: 8e4fe7c57a976f2ce9a6931687f4697d519111ec
      https://github.com/phpmyadmin/phpmyadmin/commit/8e4fe7c57a976f2ce9a6931687f4697d519111ec
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-17 (Wed, 17 Jul 2013)

  Changed paths:
    M libraries/common.inc.php

  Log Message:
  -----------
  [security] Avoid full path disclosure from libraries/common.inc.php, see PMASA-2013-12


  Commit: 90d968b447729405ee8b6cc5bb406b832ec3c99f
      https://github.com/phpmyadmin/phpmyadmin/commit/90d968b447729405ee8b6cc5bb406b832ec3c99f
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-17 (Wed, 17 Jul 2013)

  Changed paths:
    M libraries/config.default.php
    M libraries/plugins/auth/swekey/swekey.auth.lib.php

  Log Message:
  -----------
  Fix merge conflicts


  Commit: 7992beb8e42f2a4a3dab275b119d1ebd58e3b164
      https://github.com/phpmyadmin/phpmyadmin/commit/7992beb8e42f2a4a3dab275b119d1ebd58e3b164
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-17 (Wed, 17 Jul 2013)

  Changed paths:
    M libraries/common.inc.php

  Log Message:
  -----------
  Move protection statement at beginning of script


  Commit: 7bfe445f9919716460e006faf7aa226279944e23
      https://github.com/phpmyadmin/phpmyadmin/commit/7bfe445f9919716460e006faf7aa226279944e23
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-17 (Wed, 17 Jul 2013)

  Changed paths:
    M libraries/engines/bdb.lib.php
    M libraries/engines/berkeleydb.lib.php
    M libraries/engines/binlog.lib.php
    M libraries/engines/innobase.lib.php
    M libraries/engines/innodb.lib.php
    M libraries/engines/memory.lib.php
    M libraries/engines/merge.lib.php
    M libraries/engines/mrg_myisam.lib.php
    M libraries/engines/myisam.lib.php
    M libraries/engines/ndbcluster.lib.php
    M libraries/engines/pbxt.lib.php

  Log Message:
  -----------
  Fix merge conflicts


  Commit: 142e465c80a1fb3d71e214d29c566c15a416518d
      https://github.com/phpmyadmin/phpmyadmin/commit/142e465c80a1fb3d71e214d29c566c15a416518d
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-17 (Wed, 17 Jul 2013)

  Changed paths:
    M libraries/pmd_common.php
    M libraries/schema/Pdf_Relation_Schema.class.php

  Log Message:
  -----------
  [security] Avoid full path disclosure from some libraries scripts, see PMASA-2013-12


  Commit: f7065ee2a828368f4037dbaba5aeb69803094eea
      https://github.com/phpmyadmin/phpmyadmin/commit/f7065ee2a828368f4037dbaba5aeb69803094eea
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-17 (Wed, 17 Jul 2013)

  Changed paths:
    R libraries/.htaccess

  Log Message:
  -----------
  Delete .htaccess which does not work on all web servers


  Commit: 14292721367bafa8778b436063e0fb893364e709
      https://github.com/phpmyadmin/phpmyadmin/commit/14292721367bafa8778b436063e0fb893364e709
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-17 (Wed, 17 Jul 2013)

  Changed paths:
    R setup/frames/.htaccess
    R setup/lib/.htaccess

  Log Message:
  -----------
  Remove other .htaccess for directories which are not at risk


  Commit: 257bd7349c312a05bde28732d8b8a72d0191cdad
      https://github.com/phpmyadmin/phpmyadmin/commit/257bd7349c312a05bde28732d8b8a72d0191cdad
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-17 (Wed, 17 Jul 2013)

  Changed paths:
    M ChangeLog

  Log Message:
  -----------
  ChangeLog entry for full path disclosure fixes


  Commit: 974d0dedeea7c79ac4533e614d9c0c3abd97e8f9
      https://github.com/phpmyadmin/phpmyadmin/commit/974d0dedeea7c79ac4533e614d9c0c3abd97e8f9
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-23 (Tue, 23 Jul 2013)

  Changed paths:
    M ChangeLog
    M pmd_pdf.php

  Log Message:
  -----------
  [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15


  Commit: 8ef025ef3d05c164654fee7001517626cf604bb1
      https://github.com/phpmyadmin/phpmyadmin/commit/8ef025ef3d05c164654fee7001517626cf604bb1
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-23 (Tue, 23 Jul 2013)

  Changed paths:
    M ChangeLog
    M schema_export.php

  Log Message:
  -----------
  [security] Fix control user SQL injection in schema_export.php, see PMASA-2015


  Commit: 1293e9b6e9eb7a831c5738f346ea44dee6d1bf0f
      https://github.com/phpmyadmin/phpmyadmin/commit/1293e9b6e9eb7a831c5738f346ea44dee6d1bf0f
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-23 (Tue, 23 Jul 2013)

  Changed paths:
    M ChangeLog
    M libraries/schema/Export_Relation_Schema.class.php

  Log Message:
  -----------
  [security] Fix self-XSS in schema export, see PMASA-2013-14


  Commit: b9c814ed6d59733c54965e01e90ffd5d3348fd2c
      https://github.com/phpmyadmin/phpmyadmin/commit/b9c814ed6d59733c54965e01e90ffd5d3348fd2c
  Author: Dieter Adriaenssens <ruleant at users.sourceforge.net>
  Date:   2013-07-27 (Sat, 27 Jul 2013)

  Changed paths:
    M ChangeLog
    M version_check.php

  Log Message:
  -----------
  [security] Fix unencoded json object, see PMASA-2013-11


  Commit: e0c8704f725c56c87b644676ded94dba695de39f
      https://github.com/phpmyadmin/phpmyadmin/commit/e0c8704f725c56c87b644676ded94dba695de39f
  Author: Dieter Adriaenssens <ruleant at users.sourceforge.net>
  Date:   2013-07-27 (Sat, 27 Jul 2013)

  Changed paths:
    M ChangeLog
    M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php

  Log Message:
  -----------
  [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13


  Commit: ad54449d105365dbbd39ae879306f1037fe238cd
      https://github.com/phpmyadmin/phpmyadmin/commit/ad54449d105365dbbd39ae879306f1037fe238cd
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-28 (Sun, 28 Jul 2013)

  Changed paths:
    M ChangeLog
    M README
    M doc/conf.py
    M libraries/Config.class.php

  Log Message:
  -----------
  4.0.4.2 release


  Commit: 1c5fc019bb03e95c287f94d39acfb31c36db642b
      https://github.com/phpmyadmin/phpmyadmin/commit/1c5fc019bb03e95c287f94d39acfb31c36db642b
  Author: Marc Delisle <marc at infomarc.info>
  Date:   2013-07-28 (Sun, 28 Jul 2013)

  Changed paths:
    M ChangeLog
    M README
    M doc/conf.py
    R libraries/.htaccess
    M libraries/Config.class.php
    M libraries/DisplayResults.class.php
    M libraries/Error.class.php
    M libraries/Error_Handler.class.php
    M libraries/List_Database.class.php
    M libraries/PMA.php
    M libraries/RecentTable.class.php
    M libraries/bookmark.lib.php
    M libraries/common.inc.php
    M libraries/config.default.php
    M libraries/config/validate.lib.php
    M libraries/engines/bdb.lib.php
    M libraries/engines/berkeleydb.lib.php
    M libraries/engines/binlog.lib.php
    M libraries/engines/innobase.lib.php
    M libraries/engines/innodb.lib.php
    M libraries/engines/memory.lib.php
    M libraries/engines/merge.lib.php
    M libraries/engines/mrg_myisam.lib.php
    M libraries/engines/myisam.lib.php
    M libraries/engines/ndbcluster.lib.php
    M libraries/engines/pbxt.lib.php
    M libraries/navigation/NavigationHeader.class.php
    M libraries/plugins/auth/swekey/swekey.auth.lib.php
    M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
    M libraries/pmd_common.php
    M libraries/schema/Export_Relation_Schema.class.php
    M libraries/schema/Pdf_Relation_Schema.class.php
    M pmd_pdf.php
    M schema_export.php
    M server_status.php
    R setup/frames/.htaccess
    R setup/lib/.htaccess
    M version_check.php

  Log Message:
  -----------
  Merge branch 'MAINT_4_0_4' into STABLE


Compare: https://github.com/phpmyadmin/phpmyadmin/compare/a20e99adb55b...1c5fc019bb03


More information about the Git mailing list