[phpMyAdmin Git] [phpmyadmin/phpmyadmin] d929c8: Sent CSP headers for phpinfo
Isaac Bennetch
bennetch at gmail.com
Wed Aug 17 03:07:57 CEST 2016
Branch: refs/heads/MAINT_4_4_15
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: d929c8962a047d439f7d066caaf815e1dd4112ba
https://github.com/phpmyadmin/phpmyadmin/commit/d929c8962a047d439f7d066caaf815e1dd4112ba
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths:
M phpinfo.php
Log Message:
-----------
Sent CSP headers for phpinfo
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 2989e4943b85e08e8a2e284e597e62ab7c823c0d
https://github.com/phpmyadmin/phpmyadmin/commit/2989e4943b85e08e8a2e284e597e62ab7c823c0d
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths:
M libraries/Util.class.php
Log Message:
-----------
Avoid possible path traversal using MySQL username
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 6b310f055e109de21af3ec9cda6ae4ff0f5f6f7e
https://github.com/phpmyadmin/phpmyadmin/commit/6b310f055e109de21af3ec9cda6ae4ff0f5f6f7e
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths:
M libraries/plugins/export/ExportPhparray.class.php
Log Message:
-----------
Generate valid PHP code even when table/database name contains PHP markup
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: e47a77db5d5a322e9beca989b71bcf53f48c6570
https://github.com/phpmyadmin/phpmyadmin/commit/e47a77db5d5a322e9beca989b71bcf53f48c6570
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths:
M test/classes/plugin/export/PMA_ExportPhparray_test.php
Log Message:
-----------
Fix PHP export tests
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: fac2bb1f7050c44af405b23b2cbab9822857914e
https://github.com/phpmyadmin/phpmyadmin/commit/fac2bb1f7050c44af405b23b2cbab9822857914e
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths:
M libraries/plugins/export/ExportXml.class.php
M test/classes/plugin/export/PMA_ExportXml_test.php
Log Message:
-----------
Properly escape generated XML export
Many fields could contain XML markup, so we need to ensure the generated
XML is valid.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: cd682a6ab8e31f22bbd13a26d0b71bfd601c9f5c
https://github.com/phpmyadmin/phpmyadmin/commit/cd682a6ab8e31f22bbd13a26d0b71bfd601c9f5c
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-08 (Fri, 08 Jul 2016)
Changed paths:
M libraries/plugins/auth/AuthenticationCookie.class.php
M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php
Log Message:
-----------
Improve cookie encryption
- use MAC to validate content before decryption
- create unique IV for every cookie
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: ab0f14901fcaab649213fa6fd42832b52b34c4de
https://github.com/phpmyadmin/phpmyadmin/commit/ab0f14901fcaab649213fa6fd42832b52b34c4de
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-09 (Sat, 09 Jul 2016)
Changed paths:
M composer.json
M doc/other.rst
M index.php
M libraries/config/messages.inc.php
M libraries/import.lib.php
M libraries/plugins/import/README
M po/af.po
M po/ar.po
M po/az.po
M po/be.po
M po/be at latin.po
M po/bg.po
M po/bn.po
M po/br.po
M po/bs.po
M po/ca.po
M po/ckb.po
M po/cs.po
M po/cy.po
M po/da.po
M po/de.po
M po/el.po
M po/en_GB.po
M po/eo.po
M po/es.po
M po/et.po
M po/eu.po
M po/fa.po
M po/fi.po
M po/fr.po
M po/fy.po
M po/gl.po
M po/he.po
M po/hi.po
M po/hr.po
M po/hu.po
M po/hy.po
M po/ia.po
M po/id.po
M po/it.po
M po/ja.po
M po/ka.po
M po/kk.po
M po/km.po
M po/kn.po
M po/ko.po
M po/ksh.po
M po/ky.po
M po/li.po
M po/lt.po
M po/lv.po
M po/mk.po
M po/ml.po
M po/mn.po
M po/ms.po
M po/nb.po
M po/ne.po
M po/nl.po
M po/pa.po
M po/phpmyadmin.pot
M po/pl.po
M po/pt.po
M po/pt_BR.po
M po/ro.po
M po/ru.po
M po/si.po
M po/sk.po
M po/sl.po
M po/sq.po
M po/sr.po
M po/sr at latin.po
M po/sv.po
M po/ta.po
M po/te.po
M po/th.po
M po/tk.po
M po/tr.po
M po/tt.po
M po/ug.po
M po/uk.po
M po/ur.po
M po/uz.po
M po/uz at latin.po
M po/vi.po
M po/vls.po
M po/zh_CN.po
M po/zh_TW.po
M scripts/create-release.sh
M test/libraries/core/PMA_getLinks_test.php
Log Message:
-----------
Use https for wiki links
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: fd8cdd79333e5ab47d395f5f5178faaaf795d39e
https://github.com/phpmyadmin/phpmyadmin/commit/fd8cdd79333e5ab47d395f5f5178faaaf795d39e
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-10 (Sun, 10 Jul 2016)
Changed paths:
M libraries/replication_gui.lib.php
M libraries/server_status_variables.lib.php
Log Message:
-----------
Properly escape MySQL status variables
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: bec52644f1faf641bf11b8bc365a21a8f84a639d
https://github.com/phpmyadmin/phpmyadmin/commit/bec52644f1faf641bf11b8bc365a21a8f84a639d
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2016-07-10 (Sun, 10 Jul 2016)
Changed paths:
M examples/openid.php
M examples/signon.php
Log Message:
-----------
Add Secure and HttpOnly flags for session cookie setup in examples
Signed-off-by: Isaac Bennetch <bennetch at gmail.com>
Commit: e291300af3cd3686c438ba36d9cd94c80353a820
https://github.com/phpmyadmin/phpmyadmin/commit/e291300af3cd3686c438ba36d9cd94c80353a820
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Make proxy IP parsing aware of multiple proxies
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 2257e60f78cf9d813f33b613524fd01e7be302eb
https://github.com/phpmyadmin/phpmyadmin/commit/2257e60f78cf9d813f33b613524fd01e7be302eb
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths:
M .scrutinizer.yml
M build.xml
M config.sample.inc.php
M doc/config.rst
M doc/setup.rst
R examples/swekey.sample.conf
M libraries/config.default.php
M libraries/config/messages.inc.php
M libraries/config/setup.forms.php
M libraries/plugins/auth/AuthenticationCookie.class.php
R libraries/plugins/auth/swekey/authentication.inc.php
R libraries/plugins/auth/swekey/musbe-ca.crt
R libraries/plugins/auth/swekey/swekey.auth.lib.php
R libraries/plugins/auth/swekey/swekey.php
M phpunit.xml.dist
M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php
Log Message:
-----------
Remove Swekey support
It is buggy and their servers are no longer working.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 3d47645c55d6c18e4e140ebc4bbde746e7456959
https://github.com/phpmyadmin/phpmyadmin/commit/3d47645c55d6c18e4e140ebc4bbde746e7456959
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths:
M libraries/core.lib.php
Log Message:
-----------
Remove debugging code
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: de89b270f23c5210646d6d0867b5de34972befc9
https://github.com/phpmyadmin/phpmyadmin/commit/de89b270f23c5210646d6d0867b5de34972befc9
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Fix syntax error in older PHP versions
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: d0b6abf5eb78ce7a175515165cd39e18bdb5836f
https://github.com/phpmyadmin/phpmyadmin/commit/d0b6abf5eb78ce7a175515165cd39e18bdb5836f
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/tbl_gis_visualization.lib.php
Log Message:
-----------
Fix XSS in tbl_gis_visualization.php
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 1dc9c7d1fca15c3f6170729429912b88e513e970
https://github.com/phpmyadmin/phpmyadmin/commit/1dc9c7d1fca15c3f6170729429912b88e513e970
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/replication_gui.lib.php
Log Message:
-----------
Fix XSS in server_replication.php
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Commit: 63af274953f7047bae39bc4d2aa59bd450cf9f05
https://github.com/phpmyadmin/phpmyadmin/commit/63af274953f7047bae39bc4d2aa59bd450cf9f05
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
Log Message:
-----------
Use whitelist rather than blacklist for URL filtering
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: cee1a8d3f5de1ebe21df0b484c16822293b94130
https://github.com/phpmyadmin/phpmyadmin/commit/cee1a8d3f5de1ebe21df0b484c16822293b94130
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M changelog.php
M index.php
M libraries/display_git_revision.lib.php
M libraries/engines/pbxt.lib.php
M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
M libraries/sanitizing.lib.php
M themes.php
Log Message:
-----------
Add rel="noopener noreferrer" to all target="_blank" links
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 37a1f4f4995a918af9e060813eb2a86cf211d0b7
https://github.com/phpmyadmin/phpmyadmin/commit/37a1f4f4995a918af9e060813eb2a86cf211d0b7
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M test/classes/PMA_DisplayResults_test.php
M test/classes/plugin/transformations/Transformation_Plugins_test.php
M test/engines/PMA_StorageEngine_pbxt_test.php
Log Message:
-----------
Adjust tests to recent changes
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: bf322fdea3ec06275e2588d1d879b410e2c8d2d9
https://github.com/phpmyadmin/phpmyadmin/commit/bf322fdea3ec06275e2588d1d879b410e2c8d2d9
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/plugins/transformations/abstract/ImageLinkTransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
M test/classes/plugin/transformations/Transformation_Plugins_test.php
Log Message:
-----------
Use _blank target instead of invalid _new
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 76b5dd2948bd114e2468afd375b3e9a6bbc30059
https://github.com/phpmyadmin/phpmyadmin/commit/76b5dd2948bd114e2468afd375b3e9a6bbc30059
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/plugins/export/ExportMediawiki.class.php
Log Message:
-----------
Escape HTML in Mediawiki comments
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 6e8a1c03d2fc31714ef35a0ea24277cf863b44a2
https://github.com/phpmyadmin/phpmyadmin/commit/6e8a1c03d2fc31714ef35a0ea24277cf863b44a2
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/tracking.lib.php
Log Message:
-----------
Ensure last version is numeric
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: b758a9e36705932f0fe35b33a9faca354ed62a3a
https://github.com/phpmyadmin/phpmyadmin/commit/b758a9e36705932f0fe35b33a9faca354ed62a3a
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M examples/openid.php
M examples/signon.php
Log Message:
-----------
Hide session error messages to avoid FPD
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: c976baa8f6606cf4f127bcd44bf8a2b79459c550
https://github.com/phpmyadmin/phpmyadmin/commit/c976baa8f6606cf4f127bcd44bf8a2b79459c550
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M import.php
M libraries/File.class.php
M libraries/file_listing.lib.php
Log Message:
-----------
Do not allow symlinks in UploadDir
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 698ef5155a1220d4d1392ebe37c21132115e32ce
https://github.com/phpmyadmin/phpmyadmin/commit/698ef5155a1220d4d1392ebe37c21132115e32ce
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/config/ServerConfigChecks.class.php
Log Message:
-----------
Use phpseclib's Crypt module to generate encryption keys
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 2cd97c646650e6554b9a519606dd213b78546b64
https://github.com/phpmyadmin/phpmyadmin/commit/2cd97c646650e6554b9a519606dd213b78546b64
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php
M test/classes/plugin/transformations/Transformation_Plugins_test.php
Log Message:
-----------
Use iframe sandbox for rendering HTML in transformation
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: beaaaa9efd7f3e6e61aa038edfede98632599fe6
https://github.com/phpmyadmin/phpmyadmin/commit/beaaaa9efd7f3e6e61aa038edfede98632599fe6
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/VersionInformation.php
M libraries/error_report.lib.php
Log Message:
-----------
Prefer curl over file_get_contents
Curl is better in SSL certificate verification.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 10bdb0df4a73013112d146a0c046c903d1e2b3e3
https://github.com/phpmyadmin/phpmyadmin/commit/10bdb0df4a73013112d146a0c046c903d1e2b3e3
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/config/Validator.class.php
M libraries/core.lib.php
M libraries/plugins/auth/AuthenticationCookie.class.php
M libraries/replication.inc.php
A test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message:
-----------
Sanitize MySQL host name before connecting
It can contain p: prefix which we don't want to honor.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 2104fb66eb2b0194dabd96c0685b874db2de9af2
https://github.com/phpmyadmin/phpmyadmin/commit/2104fb66eb2b0194dabd96c0685b874db2de9af2
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/core.lib.php
M libraries/tracking.lib.php
A test/libraries/core/PMA_safeUnserialize_test.php
Log Message:
-----------
Validate serialized data before unserializing
We need only strings, integers or arrays, so there is no need to
unserialize strings containing any complex types.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: b1801af0c118e4a47a54968c7e1236cd39c670af
https://github.com/phpmyadmin/phpmyadmin/commit/b1801af0c118e4a47a54968c7e1236cd39c670af
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/display_create_database.lib.php
Log Message:
-----------
Escape suggested database name
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 5d427d65089af5106ae0e306379d99b6d3c51764
https://github.com/phpmyadmin/phpmyadmin/commit/5d427d65089af5106ae0e306379d99b6d3c51764
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/db_designer.lib.php
M libraries/plugins/schema/Export_Relation_Schema.class.php
M libraries/pmd_common.php
M libraries/relation.lib.php
Log Message:
-----------
Ensure page number is integer
Even if somebody decides to change configuration storage structure.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: b49dba4bdcb58a8717c42e351a6cce462efd2599
https://github.com/phpmyadmin/phpmyadmin/commit/b49dba4bdcb58a8717c42e351a6cce462efd2599
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/RecentFavoriteTable.class.php
M libraries/Table.class.php
Log Message:
-----------
Correctly escape MySQL username in queries
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 2582fa1018e19f2b58b541bbe466a20f2cbd88d4
https://github.com/phpmyadmin/phpmyadmin/commit/2582fa1018e19f2b58b541bbe466a20f2cbd88d4
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M transformation_wrapper.php
Log Message:
-----------
Validate image scaling dimensions
Ensure we pass only integers and they are not too big.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 5b7da187d0bfc3de3ff8a15767f88556363281d7
https://github.com/phpmyadmin/phpmyadmin/commit/5b7da187d0bfc3de3ff8a15767f88556363281d7
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/plugin_interface.lib.php
Log Message:
-----------
Do not try to create non existing classes
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 4f8a16cc008ebf81a06eef0656d3f46f5380ffe9
https://github.com/phpmyadmin/phpmyadmin/commit/4f8a16cc008ebf81a06eef0656d3f46f5380ffe9
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/plugins/export/ExportSql.class.php
Log Message:
-----------
Properly handle newlines in SQL comments
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 566a6885e82aa54f25843664443b11ca45c106bc
https://github.com/phpmyadmin/phpmyadmin/commit/566a6885e82aa54f25843664443b11ca45c106bc
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M transformation_wrapper.php
Log Message:
-----------
Do not use empty MIME type
This will turn on content sniffing in browser leading to unwanted
results.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: fb0e7ea4b4f795946f6b723dd8086594aed49d5e
https://github.com/phpmyadmin/phpmyadmin/commit/fb0e7ea4b4f795946f6b723dd8086594aed49d5e
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M transformation_wrapper.php
Log Message:
-----------
Escape HTML markup in transformation wrapper
...in case content type is html.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 93a6913196e60d87772e795b1374fab894475f84
https://github.com/phpmyadmin/phpmyadmin/commit/93a6913196e60d87772e795b1374fab894475f84
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/server_user_groups.lib.php
Log Message:
-----------
Add missing escaping in user group queries
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 4062df92df1ef0f3c548807da3b6c7b63d2f74d6
https://github.com/phpmyadmin/phpmyadmin/commit/4062df92df1ef0f3c548807da3b6c7b63d2f74d6
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/plugins/transformations/abstract/RegexValidationTransformationsPlugin.class.php
Log Message:
-----------
Properly escape error input in the message
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 1c62be26242489ca30357a8fe423b708c5659059
https://github.com/phpmyadmin/phpmyadmin/commit/1c62be26242489ca30357a8fe423b708c5659059
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/plugins/transformations/abstract/ImageUploadTransformationsPlugin.class.php
Log Message:
-----------
Ensure widht and height are integers
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: f6af4f32cd4112d774d823e236982a218569d13c
https://github.com/phpmyadmin/phpmyadmin/commit/f6af4f32cd4112d774d823e236982a218569d13c
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
Log Message:
-----------
Ensure widht and height are integers
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 5ea073c2a3b07e4d58dc4d9be3106526f1edf6c3
https://github.com/phpmyadmin/phpmyadmin/commit/5ea073c2a3b07e4d58dc4d9be3106526f1edf6c3
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php
Log Message:
-----------
Ensure widht and height are integers
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 6f3cd526e3e6acd655899c6edccb92cdcb62a493
https://github.com/phpmyadmin/phpmyadmin/commit/6f3cd526e3e6acd655899c6edccb92cdcb62a493
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M js/tbl_relation.js
Log Message:
-----------
Properly escape foreign key selection
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: b8c216c81910f77dffaae6dba49631324d9afbbc
https://github.com/phpmyadmin/phpmyadmin/commit/b8c216c81910f77dffaae6dba49631324d9afbbc
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/TableSearch.class.php
Log Message:
-----------
HML encode embedded JSON data
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 2ac1359292f8ae081a7f9565a70ecb6afbd1f78b
https://github.com/phpmyadmin/phpmyadmin/commit/2ac1359292f8ae081a7f9565a70ecb6afbd1f78b
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/plugins/export/ExportSql.class.php
Log Message:
-----------
Fix exporting multiline comments
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 3b885af874762abb1b0b28c7fa8ca3406115abfc
https://github.com/phpmyadmin/phpmyadmin/commit/3b885af874762abb1b0b28c7fa8ca3406115abfc
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M test/classes/plugin/transformations/Transformation_Plugins_test.php
Log Message:
-----------
Fix tests for transformations
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 91336e1d5c556b5f4d6a6a8fa79ad12369fa5412
https://github.com/phpmyadmin/phpmyadmin/commit/91336e1d5c556b5f4d6a6a8fa79ad12369fa5412
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M test/classes/PMA_TableSearch_test.php
Log Message:
-----------
Fix test for table search
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 20db714269a65b4a6e893e9ae8b52be53cb378e7
https://github.com/phpmyadmin/phpmyadmin/commit/20db714269a65b4a6e893e9ae8b52be53cb378e7
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/navigation/Nodes/Node_Database.class.php
Log Message:
-----------
Add missing escaping in navigation pane
Signed-off-by: Isaac Bennetch <bennetch at gmail.com>
Commit: bf9ad3a8eb4e66892d394f7073af669d483d4e31
https://github.com/phpmyadmin/phpmyadmin/commit/bf9ad3a8eb4e66892d394f7073af669d483d4e31
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M ChangeLog
M README
M README.rst
M changelog.php
M config.sample.inc.php
M doc/config.rst
M doc/transformations.rst
M index.php
M libraries/Util.class.php
M libraries/error_report.lib.php
M libraries/plugins/export/ExportLatex.class.php
M libraries/plugins/export/ExportSql.class.php
M libraries/plugins/export/ExportXml.class.php
M po/es.po
M test/classes/PMA_Config_test.php
M test/classes/PMA_Message_test.php
M test/classes/config/PMA_FormDisplay_test.php
M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php
M test/classes/plugin/export/PMA_ExportXml_test.php
M test/classes/plugin/transformations/Transformation_Plugins_test.php
M test/libraries/PMA_FormDisplay_tpl_test.php
M test/libraries/PMA_sanitize_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_showDocu_test.php
M test/test_data/exploit_test.sql
M test/test_data/phpmyadmin_importXML_For_Testing.xml
M test/test_data/pma_bookmark.sql
Log Message:
-----------
Use https to access phpmyadmin.net
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 88c72dc8dfc7033453cdc0f266b9c472e11db07c
https://github.com/phpmyadmin/phpmyadmin/commit/88c72dc8dfc7033453cdc0f266b9c472e11db07c
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M libraries/core.lib.php
Log Message:
-----------
Improve URL filtering in url.php
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: e31ac0b6832a594a0344ddeb0b7d4516516454bf
https://github.com/phpmyadmin/phpmyadmin/commit/e31ac0b6832a594a0344ddeb0b7d4516516454bf
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M libraries/plugins/import/ImportShp.class.php
Log Message:
-----------
Delete temporary file before reporting error
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: f80a250873210f7c98b5dc5a7131adeaa057486e
https://github.com/phpmyadmin/phpmyadmin/commit/f80a250873210f7c98b5dc5a7131adeaa057486e
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M libraries/plugins/import/ImportShp.class.php
M libraries/zip_extension.lib.php
M test/libraries/PMA_zip_extension_test.php
Log Message:
-----------
Sanitize filename on SHP import
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 06a1677fef6e89ecad1df455f5af77a3457d3805
https://github.com/phpmyadmin/phpmyadmin/commit/06a1677fef6e89ecad1df455f5af77a3457d3805
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M libraries/navigation/NavigationTree.class.php
M libraries/navigation/Nodes/Node.class.php
Log Message:
-----------
Properly escape NavigationTreeDbSeparator in queries
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 5c9f25db4648fa81a2e0b7375a61495b60313394
https://github.com/phpmyadmin/phpmyadmin/commit/5c9f25db4648fa81a2e0b7375a61495b60313394
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M url.php
Log Message:
-----------
Send standard set of HTTP headers on redirect
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: ec62a6d7d9fbbaf9ecf41477eaca7a52e0aade74
https://github.com/phpmyadmin/phpmyadmin/commit/ec62a6d7d9fbbaf9ecf41477eaca7a52e0aade74
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M config.sample.inc.php
M doc/config.rst
M doc/setup.rst
M index.php
M libraries/config/ServerConfigChecks.class.php
M libraries/core.lib.php
M libraries/plugins/auth/AuthenticationCookie.class.php
M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php
Log Message:
-----------
Backport cookie encryption from 4.6 branch
- Use hash_hmac for MAC rather than plain SHA1
- Use different secret for MAC than encryption
- Merge pmaServer and pmaPass cookies
- Document 32 chars length for blowfish_secret
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: d5570787a79ac1fe503bca6b340e860f7dcaf9d8
https://github.com/phpmyadmin/phpmyadmin/commit/d5570787a79ac1fe503bca6b340e860f7dcaf9d8
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M libraries/config/ServerConfigChecks.class.php
Log Message:
-----------
Move return to correct place
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 1586714fe94098ea2bd7d4b57c9bd6e0b921322a
https://github.com/phpmyadmin/phpmyadmin/commit/1586714fe94098ea2bd7d4b57c9bd6e0b921322a
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M libraries/config/ServerConfigChecks.class.php
Log Message:
-----------
Revert "Move return to correct place"
This reverts commit d5570787a79ac1fe503bca6b340e860f7dcaf9d8.
Commit: 62ae47c0bc83ba53e4c200fba1fb832f765fb5f0
https://github.com/phpmyadmin/phpmyadmin/commit/62ae47c0bc83ba53e4c200fba1fb832f765fb5f0
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M libraries/create_addfield.lib.php
M normalization.php
M tbl_addfield.php
Log Message:
-----------
Limit maximal numver of fields to 4096
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: a553a11764292dd96815ef60486cac93f55ed08b
https://github.com/phpmyadmin/phpmyadmin/commit/a553a11764292dd96815ef60486cac93f55ed08b
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M file_echo.php
Log Message:
-----------
Remove no longer used code
It was used by old charts code to download charts.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: d02d61ada7c8e29753fd37440b511a1088efb060
https://github.com/phpmyadmin/phpmyadmin/commit/d02d61ada7c8e29753fd37440b511a1088efb060
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths:
M import.php
M libraries/dbi/DBIMysql.class.php
M libraries/dbi/DBIMysqli.class.php
Log Message:
-----------
Enable LOAD DATA LOCAL INFILE only when needed
There is no need to have this feature allowed for normal SQL queries, it
can lead to leaking sensitive files from the web server. It's enough to
enable it only in LDI import plugin, where we control what queries are
executed.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 2cfe5137695df8c917a7d50fdbe3afbbd22c66da
https://github.com/phpmyadmin/phpmyadmin/commit/2cfe5137695df8c917a7d50fdbe3afbbd22c66da
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths:
M test/classes/plugin/auth/PMA_AuthenticationCookie_test.php
Log Message:
-----------
Adjust cookie tests to match current code
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 3ded2394686bbdbee13caa13c5f59e424712482d
https://github.com/phpmyadmin/phpmyadmin/commit/3ded2394686bbdbee13caa13c5f59e424712482d
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths:
M libraries/gis/GIS_Geometry.class.php
Log Message:
-----------
Ensure GIS point coordinates are numeric
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 61591c4438ff1ab25c0d5a5fb3f0f363a627fe2c
https://github.com/phpmyadmin/phpmyadmin/commit/61591c4438ff1ab25c0d5a5fb3f0f363a627fe2c
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths:
M doc/config.rst
M index.php
M libraries/common.inc.php
M libraries/config.default.php
M libraries/config/messages.inc.php
M libraries/config/setup.forms.php
R phpinfo.php
Log Message:
-----------
Remove option to show phpinfo() ($cfg['ShowPhpInfo'])
This is really more a PHP debugging feature than anything related to
phpMyAdmin. If user wants to debug, it's as simple a creating file with
one line of php code.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 0a3c6d3ddc1bdebf3d4cd12bae0f23c42b1b3915
https://github.com/phpmyadmin/phpmyadmin/commit/0a3c6d3ddc1bdebf3d4cd12bae0f23c42b1b3915
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths:
R libraries/plugins/transformations/generator_main_class.sh
R libraries/plugins/transformations/generator_plugin.sh
A scripts/transformations_generator_main_class.sh
A scripts/transformations_generator_plugin.sh
Log Message:
-----------
Move generator scripts out of the code
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 0cbf74792ff0344389dd0be2d6eb226b9b2c23e4
https://github.com/phpmyadmin/phpmyadmin/commit/0cbf74792ff0344389dd0be2d6eb226b9b2c23e4
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths:
M user_password.php
Log Message:
-----------
Do not allow to set too long password
We do not accept password longer than 256 chars, so do not accept it on
password change as well.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: c3f6c8e5c834bef2d6d0577fe7251969e423639c
https://github.com/phpmyadmin/phpmyadmin/commit/c3f6c8e5c834bef2d6d0577fe7251969e423639c
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths:
M libraries/DbSearch.class.php
Log Message:
-----------
Escape string when showing confirmation message
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: a1d29fabf8ee96b50f084887342d526bbf375c69
https://github.com/phpmyadmin/phpmyadmin/commit/a1d29fabf8ee96b50f084887342d526bbf375c69
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths:
M libraries/Response.class.php
Log Message:
-----------
Do not try to wrap output in case response handling is disabled
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 4ef7964f60d6e998ef5f656542e751158aa98a3f
https://github.com/phpmyadmin/phpmyadmin/commit/4ef7964f60d6e998ef5f656542e751158aa98a3f
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths:
M js/functions.js
M version_check.php
Log Message:
-----------
Add login and token validation to version_check
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 4dcdf5fc845261bd3de136ca71818dc4b482ac1d
https://github.com/phpmyadmin/phpmyadmin/commit/4dcdf5fc845261bd3de136ca71818dc4b482ac1d
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-29 (Fri, 29 Jul 2016)
Changed paths:
M libraries/replication.inc.php
Log Message:
-----------
Move hostname sanitization to correct place
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 39864227e7c33f9a6ef29890017e48164df54858
https://github.com/phpmyadmin/phpmyadmin/commit/39864227e7c33f9a6ef29890017e48164df54858
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2016-08-16 (Tue, 16 Aug 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.class.php
Log Message:
-----------
Release 4.4.15.8
Signed-off-by: Isaac Bennetch <bennetch at gmail.com>
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/9cb8b301194b...39864227e7c3
More information about the Git
mailing list