[phpMyAdmin Git] [phpmyadmin/phpmyadmin] 3a6a9a: Escape query when displaying

Isaac Bennetch bennetch at gmail.com
Mon Feb 29 21:33:57 CET 2016


  Branch: refs/heads/MAINT_4_5_5
  Home:   https://github.com/phpmyadmin/phpmyadmin
  Commit: 3a6a9a807d99371ee126635e1a505fc1fe0df32c
      https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a505fc1fe0df32c
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M libraries/sql-parser/src/Utils/Error.php

  Log Message:
  -----------
  Escape query when displaying

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 7877a9c0084bf8ae15cbd8d2729b126271f682cc
      https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M js/functions.js

  Log Message:
  -----------
  Escape SQL query for inline editing

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 16a6a02fca663264de9b034f4acad9c92295586f
      https://github.com/phpmyadmin/phpmyadmin/commit/16a6a02fca663264de9b034f4acad9c92295586f
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M libraries/tcpdf/include/tcpdf_static.php

  Log Message:
  -----------
  Avoid skipping the SSL certificate check in TCPDF

This code is never used in phpMyAdmin, but we fix it just to avoid
potential security reports.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976
      https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M libraries/Config.class.php
    M test/classes/PMA_Config_test.php

  Log Message:
  -----------
  Bring back SSL certificate validation

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 983faa94f161df3623ecd371d3696a1b3f91c15f
      https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M templates/database/structure/sortable_header.phtml

  Log Message:
  -----------
  Fix XSS in database structure page

Forward ported commit 90df124797175688a63be0d0a311210e92f09895

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 38fa1191049ac0c626a6684eea52068dfbbb5078
      https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M libraries/Config.class.php

  Log Message:
  -----------
  Urlencode hostname

This can come from the HTTP header, so we need to be sure to sanitize
it.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 746240bd13b62b5956fc34389cfbdc09e1e67775
      https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M normalization.php

  Log Message:
  -----------
  Fix XSS in normalization

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: e65f375918a1eef5b1289d890ced645d3925464a
      https://github.com/phpmyadmin/phpmyadmin/commit/e65f375918a1eef5b1289d890ced645d3925464a
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M ChangeLog
    M libraries/plugins/export/ExportSql.class.php

  Log Message:
  -----------
  Merge branch 'MAINT_4_5_5' into MAINT_4_5_5-security


  Commit: c842a0de9288033d25404d1d6eb22dd83033675f
      https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M file_echo.php

  Log Message:
  -----------
  Use correct headers for json data

It was previously not marked as such what could potentially lead to
browsers doing some autodetection.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: b3d36dc836df31a7d1b1c4f61f578a9b42bd1f98
      https://github.com/phpmyadmin/phpmyadmin/commit/b3d36dc836df31a7d1b1c4f61f578a9b42bd1f98
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M libraries/Config.class.php
    M test/classes/PMA_Config_test.php

  Log Message:
  -----------
  Merge pull request #23 from phpmyadmin/ssl-cert

Bring back SSL certificate validation


  Commit: f33a42f1da9db943a67bda7d29f7dd91957a8e7e
      https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M js/functions.js
    M js/normalization.js

  Log Message:
  -----------
  Fix XSS in normalization.js

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 37c34d089aa19f30d11203bb0c7f85b486424372
      https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M js/normalization.js

  Log Message:
  -----------
  Escape selectors

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 9bce7dafaf746559c617f674e27b9c0f75ae97a2
      https://github.com/phpmyadmin/phpmyadmin/commit/9bce7dafaf746559c617f674e27b9c0f75ae97a2
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M ChangeLog

  Log Message:
  -----------
  Add changes for security issues

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
      https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-27 (Sat, 27 Feb 2016)

  Changed paths:
    M js/normalization.js

  Log Message:
  -----------
  Fix XSS in normalization.js

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: ab1283e8366c97a155d4e9ae58628a248458ea32
      https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M libraries/server_privileges.lib.php

  Log Message:
  -----------
  Fix XSS in User accounts page

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: cc55f44a4a90147a007dee1aefa1cb529e23798b
      https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M db_central_columns.php

  Log Message:
  -----------
  Fix XSS in Central columns page

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 4650ad7fbde189678d180b8f294af3591f50b829
      https://github.com/phpmyadmin/phpmyadmin/commit/4650ad7fbde189678d180b8f294af3591f50b829
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M templates/table/search/input_box.phtml
    M templates/table/search/rows_zoom.phtml

  Log Message:
  -----------
  A better way of escaping

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 41c4e0214c286f28830cca54423b5db57e7c0ce4
      https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M libraries/controllers/TableSearchController.class.php

  Log Message:
  -----------
  Fix XSS in zoom search

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 2925d6468b60363669a08cfd8e689c1a05191744
      https://github.com/phpmyadmin/phpmyadmin/commit/2925d6468b60363669a08cfd8e689c1a05191744
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M templates/table/search/input_box.phtml
    M templates/table/search/rows_zoom.phtml

  Log Message:
  -----------
  Merge pull request #29 from phpmyadmin/escape

A better way of escaping


  Commit: 3c583b86d46f72f3ac331fea64fa02c3fbf38561
      https://github.com/phpmyadmin/phpmyadmin/commit/3c583b86d46f72f3ac331fea64fa02c3fbf38561
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M ChangeLog
    M libraries/sql-parser/autoload.php

  Log Message:
  -----------
  Merge branch 'MAINT_4_5_5' into MAINT_4_5_5-security


  Commit: 51a0d2f25a71432570f59dd9053b9dbbc93733b3
      https://github.com/phpmyadmin/phpmyadmin/commit/51a0d2f25a71432570f59dd9053b9dbbc93733b3
  Author: Isaac Bennetch <bennetch at gmail.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M ChangeLog
    M README
    M doc/conf.py
    M libraries/Config.class.php

  Log Message:
  -----------
  4.5.5.1 release

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>


Compare: https://github.com/phpmyadmin/phpmyadmin/compare/88e0944cfd6c...51a0d2f25a71


More information about the Git mailing list