[phpMyAdmin Git] [phpmyadmin/phpmyadmin] 3a6a9a: Escape query when displaying

Isaac Bennetch bennetch at gmail.com
Mon Feb 29 21:36:40 CET 2016


  Branch: refs/heads/QA_4_6
  Home:   https://github.com/phpmyadmin/phpmyadmin
  Commit: 3a6a9a807d99371ee126635e1a505fc1fe0df32c
      https://github.com/phpmyadmin/phpmyadmin/commit/3a6a9a807d99371ee126635e1a505fc1fe0df32c
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M libraries/sql-parser/src/Utils/Error.php

  Log Message:
  -----------
  Escape query when displaying

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 7877a9c0084bf8ae15cbd8d2729b126271f682cc
      https://github.com/phpmyadmin/phpmyadmin/commit/7877a9c0084bf8ae15cbd8d2729b126271f682cc
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M js/functions.js

  Log Message:
  -----------
  Escape SQL query for inline editing

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 16a6a02fca663264de9b034f4acad9c92295586f
      https://github.com/phpmyadmin/phpmyadmin/commit/16a6a02fca663264de9b034f4acad9c92295586f
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M libraries/tcpdf/include/tcpdf_static.php

  Log Message:
  -----------
  Avoid skipping the SSL certificate check in TCPDF

This code is never used in phpMyAdmin, but we fix it just to avoid
potential security reports.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976
      https://github.com/phpmyadmin/phpmyadmin/commit/e42b7e3aedd29dd0f7a48575f20bfc5aca0ff976
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M libraries/Config.class.php
    M test/classes/PMA_Config_test.php

  Log Message:
  -----------
  Bring back SSL certificate validation

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 983faa94f161df3623ecd371d3696a1b3f91c15f
      https://github.com/phpmyadmin/phpmyadmin/commit/983faa94f161df3623ecd371d3696a1b3f91c15f
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M templates/database/structure/sortable_header.phtml

  Log Message:
  -----------
  Fix XSS in database structure page

Forward ported commit 90df124797175688a63be0d0a311210e92f09895

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 38fa1191049ac0c626a6684eea52068dfbbb5078
      https://github.com/phpmyadmin/phpmyadmin/commit/38fa1191049ac0c626a6684eea52068dfbbb5078
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M libraries/Config.class.php

  Log Message:
  -----------
  Urlencode hostname

This can come from the HTTP header, so we need to be sure to sanitize
it.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 746240bd13b62b5956fc34389cfbdc09e1e67775
      https://github.com/phpmyadmin/phpmyadmin/commit/746240bd13b62b5956fc34389cfbdc09e1e67775
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M normalization.php

  Log Message:
  -----------
  Fix XSS in normalization

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: e65f375918a1eef5b1289d890ced645d3925464a
      https://github.com/phpmyadmin/phpmyadmin/commit/e65f375918a1eef5b1289d890ced645d3925464a
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M ChangeLog
    M libraries/plugins/export/ExportSql.class.php

  Log Message:
  -----------
  Merge branch 'MAINT_4_5_5' into MAINT_4_5_5-security


  Commit: c842a0de9288033d25404d1d6eb22dd83033675f
      https://github.com/phpmyadmin/phpmyadmin/commit/c842a0de9288033d25404d1d6eb22dd83033675f
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M file_echo.php

  Log Message:
  -----------
  Use correct headers for json data

It was previously not marked as such what could potentially lead to
browsers doing some autodetection.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: b3d36dc836df31a7d1b1c4f61f578a9b42bd1f98
      https://github.com/phpmyadmin/phpmyadmin/commit/b3d36dc836df31a7d1b1c4f61f578a9b42bd1f98
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M libraries/Config.class.php
    M test/classes/PMA_Config_test.php

  Log Message:
  -----------
  Merge pull request #23 from phpmyadmin/ssl-cert

Bring back SSL certificate validation


  Commit: f33a42f1da9db943a67bda7d29f7dd91957a8e7e
      https://github.com/phpmyadmin/phpmyadmin/commit/f33a42f1da9db943a67bda7d29f7dd91957a8e7e
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M js/functions.js
    M js/normalization.js

  Log Message:
  -----------
  Fix XSS in normalization.js

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 37c34d089aa19f30d11203bb0c7f85b486424372
      https://github.com/phpmyadmin/phpmyadmin/commit/37c34d089aa19f30d11203bb0c7f85b486424372
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M js/normalization.js

  Log Message:
  -----------
  Escape selectors

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 9bce7dafaf746559c617f674e27b9c0f75ae97a2
      https://github.com/phpmyadmin/phpmyadmin/commit/9bce7dafaf746559c617f674e27b9c0f75ae97a2
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-25 (Thu, 25 Feb 2016)

  Changed paths:
    M ChangeLog

  Log Message:
  -----------
  Add changes for security issues

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
      https://github.com/phpmyadmin/phpmyadmin/commit/bcd4ce8cba1272fca52f2331c08f2e3ac19cbbef
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-27 (Sat, 27 Feb 2016)

  Changed paths:
    M js/normalization.js

  Log Message:
  -----------
  Fix XSS in normalization.js

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: ab1283e8366c97a155d4e9ae58628a248458ea32
      https://github.com/phpmyadmin/phpmyadmin/commit/ab1283e8366c97a155d4e9ae58628a248458ea32
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M libraries/server_privileges.lib.php

  Log Message:
  -----------
  Fix XSS in User accounts page

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: cc55f44a4a90147a007dee1aefa1cb529e23798b
      https://github.com/phpmyadmin/phpmyadmin/commit/cc55f44a4a90147a007dee1aefa1cb529e23798b
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M db_central_columns.php

  Log Message:
  -----------
  Fix XSS in Central columns page

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 4650ad7fbde189678d180b8f294af3591f50b829
      https://github.com/phpmyadmin/phpmyadmin/commit/4650ad7fbde189678d180b8f294af3591f50b829
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M templates/table/search/input_box.phtml
    M templates/table/search/rows_zoom.phtml

  Log Message:
  -----------
  A better way of escaping

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 41c4e0214c286f28830cca54423b5db57e7c0ce4
      https://github.com/phpmyadmin/phpmyadmin/commit/41c4e0214c286f28830cca54423b5db57e7c0ce4
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M libraries/controllers/TableSearchController.class.php

  Log Message:
  -----------
  Fix XSS in zoom search

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 2925d6468b60363669a08cfd8e689c1a05191744
      https://github.com/phpmyadmin/phpmyadmin/commit/2925d6468b60363669a08cfd8e689c1a05191744
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M templates/table/search/input_box.phtml
    M templates/table/search/rows_zoom.phtml

  Log Message:
  -----------
  Merge pull request #29 from phpmyadmin/escape

A better way of escaping


  Commit: a29f154f37400264e8b7fbbbf4cf3bf1d046f127
      https://github.com/phpmyadmin/phpmyadmin/commit/a29f154f37400264e8b7fbbbf4cf3bf1d046f127
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M ChangeLog
    M db_central_columns.php
    M file_echo.php
    M js/functions.js
    M js/normalization.js
    M libraries/Config.php
    M libraries/controllers/table/TableSearchController.php
    M libraries/server_privileges.lib.php
    M libraries/sql-parser/src/Utils/Error.php
    M libraries/tcpdf/include/tcpdf_static.php
    M normalization.php
    M templates/database/structure/sortable_header.phtml
    M templates/table/search/input_box.phtml
    M templates/table/search/rows_zoom.phtml
    M test/classes/ConfigTest.php

  Log Message:
  -----------
  Merge branch 'MAINT_4_5_5-security' into QA_4_6-security


  Commit: ed17d3c450fb9c9d399cadd9415c14baaaf20117
      https://github.com/phpmyadmin/phpmyadmin/commit/ed17d3c450fb9c9d399cadd9415c14baaaf20117
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M ChangeLog
    M libraries/sql-parser/autoload.php

  Log Message:
  -----------
  Merge branch 'QA_4_6' into QA_4_6-security


  Commit: 73fd0dc2a8f5471c717a887aae22bde97bc5498f
      https://github.com/phpmyadmin/phpmyadmin/commit/73fd0dc2a8f5471c717a887aae22bde97bc5498f
  Author: Isaac Bennetch <bennetch at gmail.com>
  Date:   2016-02-29 (Mon, 29 Feb 2016)

  Changed paths:
    M README
    M doc/conf.py
    M libraries/Config.php

  Log Message:
  -----------
  4.6.0-rc1 pre-release

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>


Compare: https://github.com/phpmyadmin/phpmyadmin/compare/2ebabd11fd37...73fd0dc2a8f5


More information about the Git mailing list