[phpMyAdmin Git] [phpmyadmin/phpmyadmin] e46fdb: Sent CSP headers for phpinfo

Isaac Bennetch bennetch at gmail.com
Wed Aug 17 03:07:41 CEST 2016


  Branch: refs/heads/MAINT_4_0_10
  Home:   https://github.com/phpmyadmin/phpmyadmin
  Commit: e46fdb8e5e5fab4df762d0af54e328f290f442a8
      https://github.com/phpmyadmin/phpmyadmin/commit/e46fdb8e5e5fab4df762d0af54e328f290f442a8
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-06-30 (Thu, 30 Jun 2016)

  Changed paths:
    M phpinfo.php

  Log Message:
  -----------
  Sent CSP headers for phpinfo

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: c6cfb58834267c36169d045bc42ebbcacfa7f1c2
      https://github.com/phpmyadmin/phpmyadmin/commit/c6cfb58834267c36169d045bc42ebbcacfa7f1c2
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-06-30 (Thu, 30 Jun 2016)

  Changed paths:
    M libraries/Util.class.php

  Log Message:
  -----------
  Avoid possible path traversal using MySQL username

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 34a1cebf762af07ba80e9d3aa05ffcd20b4025c7
      https://github.com/phpmyadmin/phpmyadmin/commit/34a1cebf762af07ba80e9d3aa05ffcd20b4025c7
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-06-30 (Thu, 30 Jun 2016)

  Changed paths:
    M libraries/plugins/export/ExportPhparray.class.php

  Log Message:
  -----------
  Generate valid PHP code even when table/database name contains PHP markup

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 59e0f3dee4b7cfe05375f8b0e90adb19e1af6377
      https://github.com/phpmyadmin/phpmyadmin/commit/59e0f3dee4b7cfe05375f8b0e90adb19e1af6377
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-06-30 (Thu, 30 Jun 2016)

  Changed paths:
    M libraries/plugins/export/ExportXml.class.php

  Log Message:
  -----------
  Properly escape generated XML export

Many fields could contain XML markup, so we need to ensure the generated
XML is valid.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 95b7b7d6dd1402aba6a0d9ccc8683b7ef53602b4
      https://github.com/phpmyadmin/phpmyadmin/commit/95b7b7d6dd1402aba6a0d9ccc8683b7ef53602b4
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-08 (Fri, 08 Jul 2016)

  Changed paths:
    M libraries/plugins/auth/AuthenticationCookie.class.php

  Log Message:
  -----------
  Improve cookie encryption

- use MAC to validate content before decryption
- create unique IV for every cookie

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: cf2e0afdb7b247a54192e85b298ec89adaecebca
      https://github.com/phpmyadmin/phpmyadmin/commit/cf2e0afdb7b247a54192e85b298ec89adaecebca
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-09 (Sat, 09 Jul 2016)

  Changed paths:
    M composer.json
    M doc/other.rst
    M index.php
    M libraries/config/FormDisplay.class.php
    M libraries/config/messages.inc.php
    M libraries/import.lib.php
    M po/af.po
    M po/ar.po
    M po/az.po
    M po/be.po
    M po/be at latin.po
    M po/bg.po
    M po/bn.po
    M po/br.po
    M po/bs.po
    M po/ca.po
    M po/ckb.po
    M po/cs.po
    M po/cy.po
    M po/da.po
    M po/de.po
    M po/el.po
    M po/en_GB.po
    M po/es.po
    M po/et.po
    M po/eu.po
    M po/fa.po
    M po/fi.po
    M po/fr.po
    M po/gl.po
    M po/he.po
    M po/hi.po
    M po/hr.po
    M po/hu.po
    M po/hy.po
    M po/id.po
    M po/it.po
    M po/ja.po
    M po/ka.po
    M po/kk.po
    M po/ko.po
    M po/lt.po
    M po/lv.po
    M po/mk.po
    M po/ml.po
    M po/mn.po
    M po/ms.po
    M po/nb.po
    M po/nl.po
    M po/pa.po
    M po/phpmyadmin.pot
    M po/pl.po
    M po/pt.po
    M po/pt_BR.po
    M po/ro.po
    M po/ru.po
    M po/si.po
    M po/sk.po
    M po/sl.po
    M po/sq.po
    M po/sr.po
    M po/sr at latin.po
    M po/sv.po
    M po/ta.po
    M po/te.po
    M po/th.po
    M po/tk.po
    M po/tr.po
    M po/tt.po
    M po/ug.po
    M po/uk.po
    M po/ur.po
    M po/uz.po
    M po/uz at latin.po
    M po/zh_CN.po
    M po/zh_TW.po
    M scripts/create-release.sh
    M test/libraries/core/PMA_getLinks_test.php

  Log Message:
  -----------
  Use https for wiki links

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: a9005b20bcb81b1e2007ab69c6bd67a3679d56b3
      https://github.com/phpmyadmin/phpmyadmin/commit/a9005b20bcb81b1e2007ab69c6bd67a3679d56b3
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-10 (Sun, 10 Jul 2016)

  Changed paths:
    M libraries/replication_gui.lib.php
    M server_status_variables.php

  Log Message:
  -----------
  Properly escape MySQL status variables

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: eb2c702ab22e58cb6e719f6c8a0e0c9816e3e1a1
      https://github.com/phpmyadmin/phpmyadmin/commit/eb2c702ab22e58cb6e719f6c8a0e0c9816e3e1a1
  Author: Isaac Bennetch <bennetch at gmail.com>
  Date:   2016-07-10 (Sun, 10 Jul 2016)

  Changed paths:
    M examples/openid.php
    M examples/signon.php

  Log Message:
  -----------
  Add Secure and HttpOnly flags for session cookie setup in examples

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>


  Commit: 4440790902618c98f81f23a28747ccc117bfe53b
      https://github.com/phpmyadmin/phpmyadmin/commit/4440790902618c98f81f23a28747ccc117bfe53b
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-11 (Mon, 11 Jul 2016)

  Changed paths:
    M libraries/ip_allow_deny.lib.php

  Log Message:
  -----------
  Make proxy IP parsing aware of multiple proxies

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: ec2bd5d84c4583a38f0086bac207e88f27d77749
      https://github.com/phpmyadmin/phpmyadmin/commit/ec2bd5d84c4583a38f0086bac207e88f27d77749
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-11 (Mon, 11 Jul 2016)

  Changed paths:
    M config.sample.inc.php
    M doc/config.rst
    M doc/setup.rst
    R examples/swekey.sample.conf
    M libraries/config.default.php
    M libraries/config/messages.inc.php
    M libraries/config/setup.forms.php
    M libraries/plugins/auth/AuthenticationCookie.class.php
    R libraries/plugins/auth/swekey/authentication.inc.php
    R libraries/plugins/auth/swekey/musbe-ca.crt
    R libraries/plugins/auth/swekey/swekey.auth.lib.php
    R libraries/plugins/auth/swekey/swekey.php

  Log Message:
  -----------
  Remove Swekey support

It is buggy and their servers are no longer working.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: ee6557a689a73b21449ba3ad29c7317aeb06011e
      https://github.com/phpmyadmin/phpmyadmin/commit/ee6557a689a73b21449ba3ad29c7317aeb06011e
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-11 (Mon, 11 Jul 2016)

  Changed paths:
    M libraries/core.lib.php

  Log Message:
  -----------
  Remove debugging code

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: dc2518974124b98a57107e9486084df76a655227
      https://github.com/phpmyadmin/phpmyadmin/commit/dc2518974124b98a57107e9486084df76a655227
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-11 (Mon, 11 Jul 2016)

  Changed paths:
    M libraries/ip_allow_deny.lib.php

  Log Message:
  -----------
  Fix syntax error in older PHP versions

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 6cbbcdb719829075aaa2d5a91828831dbf1d74e1
      https://github.com/phpmyadmin/phpmyadmin/commit/6cbbcdb719829075aaa2d5a91828831dbf1d74e1
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M libraries/replication_gui.lib.php

  Log Message:
  -----------
  Fix XSS in server_replication.php

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: a416cbe6c7dd14b843f4ceed6d17be112ad4aad6
      https://github.com/phpmyadmin/phpmyadmin/commit/a416cbe6c7dd14b843f4ceed6d17be112ad4aad6
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
    M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php

  Log Message:
  -----------
  Use whitelist rather than blacklist for URL filtering

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 63a5fdaa21ed2f755b164376aeb661425e8a1ba7
      https://github.com/phpmyadmin/phpmyadmin/commit/63a5fdaa21ed2f755b164376aeb661425e8a1ba7
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M changelog.php
    M index.php
    M libraries/display_git_revision.lib.php
    M libraries/engines/pbxt.lib.php
    M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php
    M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
    M libraries/sanitizing.lib.php
    M themes.php

  Log Message:
  -----------
  Add rel="noopener noreferrer" to all target="_blank" links

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 0a4cdc25f1b30db18186726d9122e68b4cba120a
      https://github.com/phpmyadmin/phpmyadmin/commit/0a4cdc25f1b30db18186726d9122e68b4cba120a
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php

  Log Message:
  -----------
  Use _blank target instead of invalid _new

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: e9a4de70a769312d3dce61b69f65015cdd2c4681
      https://github.com/phpmyadmin/phpmyadmin/commit/e9a4de70a769312d3dce61b69f65015cdd2c4681
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M libraries/plugins/export/ExportMediawiki.class.php

  Log Message:
  -----------
  Escape HTML in Mediawiki comments

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 41684ff1a1fe2380c93fc3a0bf2d68ceb81b55e5
      https://github.com/phpmyadmin/phpmyadmin/commit/41684ff1a1fe2380c93fc3a0bf2d68ceb81b55e5
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M examples/openid.php
    M examples/signon.php

  Log Message:
  -----------
  Hide session error messages to avoid FPD

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: ab05803a4257c12ee75c3cf1cbc941b3ab1dcf7e
      https://github.com/phpmyadmin/phpmyadmin/commit/ab05803a4257c12ee75c3cf1cbc941b3ab1dcf7e
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M import.php
    M libraries/File.class.php
    M libraries/file_listing.lib.php

  Log Message:
  -----------
  Do not allow symlinks in UploadDir

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: c8297b4718d46f1d78ec7405cdbeb3b3f937001f
      https://github.com/phpmyadmin/phpmyadmin/commit/c8297b4718d46f1d78ec7405cdbeb3b3f937001f
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M libraries/plugins/auth/AuthenticationCookie.class.php
    M setup/lib/index.lib.php

  Log Message:
  -----------
  Use phpseclib's Crypt module to generate encryption keys

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 14fd2758114040d4aa2d49c50f425f1e5a046a7f
      https://github.com/phpmyadmin/phpmyadmin/commit/14fd2758114040d4aa2d49c50f425f1e5a046a7f
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php

  Log Message:
  -----------
  Use iframe sandbox for rendering HTML in transformation

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: bdc7436c7796c7500a53d84bf44c6e24bf96fa74
      https://github.com/phpmyadmin/phpmyadmin/commit/bdc7436c7796c7500a53d84bf44c6e24bf96fa74
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M version_check.php

  Log Message:
  -----------
  Prefer curl over file_get_contents

Curl is better in SSL certificate verification.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 8e0918cc410fea4bb58a26caa0bb07b65c8da77c
      https://github.com/phpmyadmin/phpmyadmin/commit/8e0918cc410fea4bb58a26caa0bb07b65c8da77c
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M libraries/config/validate.lib.php
    M libraries/core.lib.php
    M libraries/plugins/auth/AuthenticationCookie.class.php
    M libraries/replication.inc.php
    A test/libraries/core/PMA_sanitizeMySQLHost_test.php

  Log Message:
  -----------
  Sanitize MySQL host name before connecting

It can contain p: prefix which we don't want to honor.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 80c93025a7523da0fd7ba25c11d10adbe425d439
      https://github.com/phpmyadmin/phpmyadmin/commit/80c93025a7523da0fd7ba25c11d10adbe425d439
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M libraries/core.lib.php
    M tbl_tracking.php
    A test/libraries/core/PMA_safeUnserialize_test.php

  Log Message:
  -----------
  Validate serialized data before unserializing

We need only strings, integers or arrays, so there is no need to
unserialize strings containing any complex types.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: a3953f88ef5ab287718bf73c454733947ce52128
      https://github.com/phpmyadmin/phpmyadmin/commit/a3953f88ef5ab287718bf73c454733947ce52128
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M libraries/display_create_database.lib.php

  Log Message:
  -----------
  Escape suggested database name

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: fec9b98a22afd6e484e584c71990cc1325e96f2c
      https://github.com/phpmyadmin/phpmyadmin/commit/fec9b98a22afd6e484e584c71990cc1325e96f2c
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M libraries/schema/Export_Relation_Schema.class.php
    M libraries/schema/User_Schema.class.php
    M pmd_pdf.php

  Log Message:
  -----------
  Ensure page number is integer

Even if somebody decides to change configuration storage structure.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 8ac57b1281250cbf3f0eee3db23fed281ad2ba3d
      https://github.com/phpmyadmin/phpmyadmin/commit/8ac57b1281250cbf3f0eee3db23fed281ad2ba3d
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-12 (Tue, 12 Jul 2016)

  Changed paths:
    M libraries/RecentTable.class.php
    M libraries/Table.class.php

  Log Message:
  -----------
  Correctly escape MySQL username in queries

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: ff88cdbed224273b65e3df3a584c16e8b893cbbf
      https://github.com/phpmyadmin/phpmyadmin/commit/ff88cdbed224273b65e3df3a584c16e8b893cbbf
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-13 (Wed, 13 Jul 2016)

  Changed paths:
    M transformation_wrapper.php

  Log Message:
  -----------
  Validate image scaling dimensions

Ensure we pass only integers and they are not too big.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 7f7a8ac4678d8488759ee68ff751f45821546dd3
      https://github.com/phpmyadmin/phpmyadmin/commit/7f7a8ac4678d8488759ee68ff751f45821546dd3
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-13 (Wed, 13 Jul 2016)

  Changed paths:
    M libraries/plugin_interface.lib.php

  Log Message:
  -----------
  Do not try to create non existing classes

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 56e13501184d1354b84b63dce7c00deae5066e9b
      https://github.com/phpmyadmin/phpmyadmin/commit/56e13501184d1354b84b63dce7c00deae5066e9b
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-13 (Wed, 13 Jul 2016)

  Changed paths:
    M libraries/plugins/export/ExportSql.class.php

  Log Message:
  -----------
  Properly handle newlines in SQL comments

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 8f3ee9f9dbcbaddebcdd95f4cbd7c7ea00ab17da
      https://github.com/phpmyadmin/phpmyadmin/commit/8f3ee9f9dbcbaddebcdd95f4cbd7c7ea00ab17da
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-13 (Wed, 13 Jul 2016)

  Changed paths:
    M transformation_wrapper.php

  Log Message:
  -----------
  Do not use empty MIME type

This will turn on content sniffing in browser leading to unwanted
results.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 09a427b288cbbd1508a055a5594f906c22a60dec
      https://github.com/phpmyadmin/phpmyadmin/commit/09a427b288cbbd1508a055a5594f906c22a60dec
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-13 (Wed, 13 Jul 2016)

  Changed paths:
    M transformation_wrapper.php

  Log Message:
  -----------
  Escape HTML markup in transformation wrapper

...in case content type is html.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 31546255f3ba8c8f2fc1e001aabff2da4054d293
      https://github.com/phpmyadmin/phpmyadmin/commit/31546255f3ba8c8f2fc1e001aabff2da4054d293
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-13 (Wed, 13 Jul 2016)

  Changed paths:
    M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php

  Log Message:
  -----------
  Ensure widht and height are integers

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 04156efeb02ade052e46e09c93c74b95e2da9175
      https://github.com/phpmyadmin/phpmyadmin/commit/04156efeb02ade052e46e09c93c74b95e2da9175
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-13 (Wed, 13 Jul 2016)

  Changed paths:
    M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php

  Log Message:
  -----------
  Ensure widht and height are integers

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 0f87b73ae203d79f74765c97f637a51b87205515
      https://github.com/phpmyadmin/phpmyadmin/commit/0f87b73ae203d79f74765c97f637a51b87205515
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-13 (Wed, 13 Jul 2016)

  Changed paths:
    M libraries/TableSearch.class.php

  Log Message:
  -----------
  HML encode embedded JSON data

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: ab26a8fe97be18f854c12ffda704f253c7706dfd
      https://github.com/phpmyadmin/phpmyadmin/commit/ab26a8fe97be18f854c12ffda704f253c7706dfd
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-13 (Wed, 13 Jul 2016)

  Changed paths:
    M libraries/plugins/export/ExportSql.class.php

  Log Message:
  -----------
  Fix exporting multiline comments

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 714818f3ad21aa44ed2017ede8009cbc30d4816d
      https://github.com/phpmyadmin/phpmyadmin/commit/714818f3ad21aa44ed2017ede8009cbc30d4816d
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-18 (Mon, 18 Jul 2016)

  Changed paths:
    M ChangeLog
    M README
    M README.rst
    M changelog.php
    M composer.json
    M config.sample.inc.php
    M doc/developers.rst
    M doc/faq.rst
    M doc/intro.rst
    M doc/other.rst
    M doc/transformations.rst
    M index.php
    M libraries/Util.class.php
    M libraries/plugins/auth/AuthenticationCookie.class.php
    M libraries/plugins/export/ExportLatex.class.php
    M libraries/plugins/export/ExportSql.class.php
    M libraries/plugins/export/ExportXml.class.php
    M po/es.po
    M test/classes/PMA_Message_test.php
    M test/libraries/PMA_sanitize_test.php
    M test/libraries/common/PMA_showDocu_test.php
    M test/test_data/exploit_test.sql
    M themes.php
    M version_check.php

  Log Message:
  -----------
  Use https to access phpmyadmin.net

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: e8c5cab3c117e68a0d837319e0e83bdfc50be1fb
      https://github.com/phpmyadmin/phpmyadmin/commit/e8c5cab3c117e68a0d837319e0e83bdfc50be1fb
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-18 (Mon, 18 Jul 2016)

  Changed paths:
    M libraries/core.lib.php

  Log Message:
  -----------
  Improve URL filtering in url.php

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 6f8eb0993d1a37f14608b90e433791b723c51085
      https://github.com/phpmyadmin/phpmyadmin/commit/6f8eb0993d1a37f14608b90e433791b723c51085
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-22 (Fri, 22 Jul 2016)

  Changed paths:
    M libraries/plugins/import/ImportShp.class.php

  Log Message:
  -----------
  Delete temporary file before reporting error

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 378c3820bf1a3c184640cd8bbe95a3b1f30ff747
      https://github.com/phpmyadmin/phpmyadmin/commit/378c3820bf1a3c184640cd8bbe95a3b1f30ff747
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-22 (Fri, 22 Jul 2016)

  Changed paths:
    M libraries/plugins/import/ImportShp.class.php
    M libraries/zip_extension.lib.php
    M test/libraries/PMA_zip_extension_test.php

  Log Message:
  -----------
  Sanitize filename on SHP import

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 85e1d6ec808634834927ef33e1bc77f617a67ca1
      https://github.com/phpmyadmin/phpmyadmin/commit/85e1d6ec808634834927ef33e1bc77f617a67ca1
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-22 (Fri, 22 Jul 2016)

  Changed paths:
    M libraries/OutputBuffering.class.php
    M url.php

  Log Message:
  -----------
  Send standard set of HTTP headers on redirect

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: ae8693db68581d4d0d3a25e317f4ca7cf55b128f
      https://github.com/phpmyadmin/phpmyadmin/commit/ae8693db68581d4d0d3a25e317f4ca7cf55b128f
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-22 (Fri, 22 Jul 2016)

  Changed paths:
    M config.sample.inc.php
    M doc/config.rst
    M doc/setup.rst
    M index.php
    M libraries/core.lib.php
    M libraries/plugins/auth/AuthenticationCookie.class.php
    M setup/lib/index.lib.php

  Log Message:
  -----------
  Backport cookie encryption from 4.6 branch

- Use hash_hmac for MAC rather than plain SHA1
- Use different secret for MAC than encryption
- Merge pmaServer and pmaPass cookies
- Document 32 chars length for blowfish_secret

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 5a28b63f9c3f96e0510740625cade52ea32dc392
      https://github.com/phpmyadmin/phpmyadmin/commit/5a28b63f9c3f96e0510740625cade52ea32dc392
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-22 (Fri, 22 Jul 2016)

  Changed paths:
    M tbl_addfield.php
    M tbl_create.php

  Log Message:
  -----------
  Limit maximal numver of fields to 4096

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: f261abbdf9fa7f96e30e8e040866a326f5e9b95d
      https://github.com/phpmyadmin/phpmyadmin/commit/f261abbdf9fa7f96e30e8e040866a326f5e9b95d
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-22 (Fri, 22 Jul 2016)

  Changed paths:
    M file_echo.php

  Log Message:
  -----------
  Remove no longer used code

It was used by old charts code to download charts.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: d03954bf9ca3b1cc4037214e7983617732282872
      https://github.com/phpmyadmin/phpmyadmin/commit/d03954bf9ca3b1cc4037214e7983617732282872
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-23 (Sat, 23 Jul 2016)

  Changed paths:
    M import.php
    M libraries/dbi/mysql.dbi.lib.php
    M libraries/dbi/mysqli.dbi.lib.php

  Log Message:
  -----------
  Enable LOAD DATA LOCAL INFILE only when needed

There is no need to have this feature allowed for normal SQL queries, it
can lead to leaking sensitive files from the web server. It's enough to
enable it only in LDI import plugin, where we control what queries are
executed.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 4d15f6b131a7ffc107714d9503f8a93e4c7461af
      https://github.com/phpmyadmin/phpmyadmin/commit/4d15f6b131a7ffc107714d9503f8a93e4c7461af
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-23 (Sat, 23 Jul 2016)

  Changed paths:
    M libraries/plugins/auth/AuthenticationCookie.class.php

  Log Message:
  -----------
  Fix random invocation

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: ac703223e97398d1d3ad902afd036e303dc3de9b
      https://github.com/phpmyadmin/phpmyadmin/commit/ac703223e97398d1d3ad902afd036e303dc3de9b
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-23 (Sat, 23 Jul 2016)

  Changed paths:
    M libraries/gis/pma_gis_geometry.php

  Log Message:
  -----------
  Ensure GIS point coordinates are numeric

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: eec14404a738b1259ee7dfc4fbdf17b47e497f1d
      https://github.com/phpmyadmin/phpmyadmin/commit/eec14404a738b1259ee7dfc4fbdf17b47e497f1d
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-26 (Tue, 26 Jul 2016)

  Changed paths:
    M doc/config.rst
    M index.php
    M libraries/common.inc.php
    M libraries/config.default.php
    M libraries/config/messages.inc.php
    M libraries/config/setup.forms.php
    R phpinfo.php

  Log Message:
  -----------
  Remove option to show phpinfo() ($cfg['ShowPhpInfo'])

This is really more a PHP debugging feature than anything related to
phpMyAdmin. If user wants to debug, it's as simple a creating file with
one line of php code.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 47d00af08a90c5aa47c23f5eaa7b31818bffe9d6
      https://github.com/phpmyadmin/phpmyadmin/commit/47d00af08a90c5aa47c23f5eaa7b31818bffe9d6
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-26 (Tue, 26 Jul 2016)

  Changed paths:
    R libraries/plugins/transformations/generator_main_class.sh
    R libraries/plugins/transformations/generator_plugin.sh
    A scripts/transformations_generator_main_class.sh
    A scripts/transformations_generator_plugin.sh

  Log Message:
  -----------
  Move generator scripts out of the code

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 262aa8ec73641a9cba264711575c04424757d655
      https://github.com/phpmyadmin/phpmyadmin/commit/262aa8ec73641a9cba264711575c04424757d655
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-26 (Tue, 26 Jul 2016)

  Changed paths:
    M user_password.php

  Log Message:
  -----------
  Fix password change with cookie auth

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: b0e66715ba77d2171458c2a0ef5e2673e9f7ff76
      https://github.com/phpmyadmin/phpmyadmin/commit/b0e66715ba77d2171458c2a0ef5e2673e9f7ff76
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-26 (Tue, 26 Jul 2016)

  Changed paths:
    M user_password.php

  Log Message:
  -----------
  Do not allow to set too long password

We do not accept password longer than 256 chars, so do not accept it on
password change as well.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 126321da378cf14165f845309446be410470229b
      https://github.com/phpmyadmin/phpmyadmin/commit/126321da378cf14165f845309446be410470229b
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-28 (Thu, 28 Jul 2016)

  Changed paths:
    M libraries/DbSearch.class.php

  Log Message:
  -----------
  Escape string when showing confirmation message

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 533ffa49427c2c5e9a1a7a332df54a8b7f7e57f5
      https://github.com/phpmyadmin/phpmyadmin/commit/533ffa49427c2c5e9a1a7a332df54a8b7f7e57f5
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-28 (Thu, 28 Jul 2016)

  Changed paths:
    M js/functions.js
    M version_check.php

  Log Message:
  -----------
  Add login and token validation to version_check

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 2922cb7c70300e76cbaa7509c007f48615ac879d
      https://github.com/phpmyadmin/phpmyadmin/commit/2922cb7c70300e76cbaa7509c007f48615ac879d
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-28 (Thu, 28 Jul 2016)

  Changed paths:
    M libraries/Response.class.php

  Log Message:
  -----------
  Do not try to wrap output in case response handling is disabled

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 12db0baeaee530007fe7b1915faf3e9867356f7b
      https://github.com/phpmyadmin/phpmyadmin/commit/12db0baeaee530007fe7b1915faf3e9867356f7b
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-07-29 (Fri, 29 Jul 2016)

  Changed paths:
    M libraries/replication.inc.php

  Log Message:
  -----------
  Move hostname sanitization to correct place

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 5ba96c8804d9dd18ad380e9c5cb713201ab3cb89
      https://github.com/phpmyadmin/phpmyadmin/commit/5ba96c8804d9dd18ad380e9c5cb713201ab3cb89
  Author: Isaac Bennetch <bennetch at gmail.com>
  Date:   2016-08-16 (Tue, 16 Aug 2016)

  Changed paths:
    M ChangeLog
    M README
    M doc/conf.py
    M libraries/Config.class.php

  Log Message:
  -----------
  Release 4.0.10.17

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>


Compare: https://github.com/phpmyadmin/phpmyadmin/compare/01673e94ddc4...5ba96c8804d9


More information about the Git mailing list