[phpMyAdmin Git] [phpmyadmin/phpmyadmin] ac8159: [Security] Fix path disclosure, items 1.4.x, 1.5 a...

Isaac Bennetch bennetch at gmail.com
Thu Jan 28 07:04:41 CET 2016


  Branch: refs/heads/MAINT_4_0_10
  Home:   https://github.com/phpmyadmin/phpmyadmin
  Commit: ac81596bfcf0b3cae9f6bc821efa4aa1c7f0c81d
      https://github.com/phpmyadmin/phpmyadmin/commit/ac81596bfcf0b3cae9f6bc821efa4aa1c7f0c81d
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-01-15 (Fri, 15 Jan 2016)

  Changed paths:
    M setup/frames/form.inc.php
    M setup/index.php
    M setup/validate.php

  Log Message:
  -----------
  [Security] Fix path disclosure, items 1.4.x, 1.5 and 1.6

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 9f3488fc3ab6b83618dbb4bebbea4b973764e2ac
      https://github.com/phpmyadmin/phpmyadmin/commit/9f3488fc3ab6b83618dbb4bebbea4b973764e2ac
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-01-19 (Tue, 19 Jan 2016)

  Changed paths:
    M libraries/TableSearch.class.php

  Log Message:
  -----------
  Fix XSS in zoom search

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 0ce4fd2750491a54d27f94cc1403f9da21738aa6
      https://github.com/phpmyadmin/phpmyadmin/commit/0ce4fd2750491a54d27f94cc1403f9da21738aa6
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-01-19 (Tue, 19 Jan 2016)

  Changed paths:
    M libraries/DbSearch.class.php

  Log Message:
  -----------
  Fix XSS in DB_search.php

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: 6a96e67487f2faecb4de4204fee9b96b94020720
      https://github.com/phpmyadmin/phpmyadmin/commit/6a96e67487f2faecb4de4204fee9b96b94020720
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-01-26 (Tue, 26 Jan 2016)

  Changed paths:
    M js/functions.js

  Log Message:
  -----------
  Use secure RNG if available

Recent browsers come with better RNG, so let's use it for generating
password instead of Math.random if available.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 2369daa7f5f550797f560e6b46a021e4558c2d72
      https://github.com/phpmyadmin/phpmyadmin/commit/2369daa7f5f550797f560e6b46a021e4558c2d72
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-01-26 (Tue, 26 Jan 2016)

  Changed paths:
    M js/functions.js

  Log Message:
  -----------
  Use full alphabet to generate random passwords

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 6fe54dfa000dd6f43f237e859781fad7111ac1bd
      https://github.com/phpmyadmin/phpmyadmin/commit/6fe54dfa000dd6f43f237e859781fad7111ac1bd
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-01-26 (Tue, 26 Jan 2016)

  Changed paths:
    A libraries/phpseclib/Crypt/Random.php
    M libraries/session.inc.php

  Log Message:
  -----------
  Use phpseclib's Crypt::Random to generate CSRF token

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 27eb98faedcdcd0b856577fcbdfe3e87b2445345
      https://github.com/phpmyadmin/phpmyadmin/commit/27eb98faedcdcd0b856577fcbdfe3e87b2445345
  Author: Madhura Jayaratne <madhura.cj at gmail.com>
  Date:   2016-01-26 (Tue, 26 Jan 2016)

  Changed paths:
    M libraries/core.lib.php

  Log Message:
  -----------
  Escape javascript variable content

Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>


  Commit: fe62b69a5b032de8e1d9d0a04456c1cecf46428c
      https://github.com/phpmyadmin/phpmyadmin/commit/fe62b69a5b032de8e1d9d0a04456c1cecf46428c
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-01-26 (Tue, 26 Jan 2016)

  Changed paths:
    M libraries/common.inc.php
    M libraries/core.lib.php

  Log Message:
  -----------
  Use hash_equals for comparing token

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 8023340a259ecae6a3bd9268f4e39d097bdf0146
      https://github.com/phpmyadmin/phpmyadmin/commit/8023340a259ecae6a3bd9268f4e39d097bdf0146
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-01-26 (Tue, 26 Jan 2016)

  Changed paths:
    M libraries/common.inc.php

  Log Message:
  -----------
  Include common libraries in setup

We use PMA_fatalError which in turn needs Response and related objects.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 215f4a8ebe717ba646be00fca8519cf768a902f5
      https://github.com/phpmyadmin/phpmyadmin/commit/215f4a8ebe717ba646be00fca8519cf768a902f5
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-01-26 (Tue, 26 Jan 2016)

  Changed paths:
    M setup/lib/common.inc.php

  Log Message:
  -----------
  Can not use PMA_fatalError when including fails

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 7056ca9458d26b24a6b1d9255073237c1636ca33
      https://github.com/phpmyadmin/phpmyadmin/commit/7056ca9458d26b24a6b1d9255073237c1636ca33
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-01-26 (Tue, 26 Jan 2016)

  Changed paths:
    M libraries/common.inc.php

  Log Message:
  -----------
  Do not process subforms with PMA_MINIMUM_COMMON

In such case needed infrastructure is not loaded, so related code won't
work anyway.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 25738352df8057b542eeac3237eb6fd1d3ba4289
      https://github.com/phpmyadmin/phpmyadmin/commit/25738352df8057b542eeac3237eb6fd1d3ba4289
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-01-26 (Tue, 26 Jan 2016)

  Changed paths:
    M libraries/database_interface.lib.php

  Log Message:
  -----------
  Fallback to default collation connection

If user supplied wrong string we should gracefully fallback.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 5b79467245b6e0a476775e2958b42088794f8e02
      https://github.com/phpmyadmin/phpmyadmin/commit/5b79467245b6e0a476775e2958b42088794f8e02
  Author: Michal Čihař <michal at cihar.com>
  Date:   2016-01-27 (Wed, 27 Jan 2016)

  Changed paths:
    M libraries/common.inc.php

  Log Message:
  -----------
  Enable localization before redirect

This is needed in case of IIS which needs full HTML response.

Signed-off-by: Michal Čihař <michal at cihar.com>


  Commit: 16136ea0ef224ed22c3dffd629e3e147579f5f38
      https://github.com/phpmyadmin/phpmyadmin/commit/16136ea0ef224ed22c3dffd629e3e147579f5f38
  Author: Isaac Bennetch <bennetch at gmail.com>
  Date:   2016-01-27 (Wed, 27 Jan 2016)

  Changed paths:
    M README
    M doc/conf.py
    M libraries/Config.class.php

  Log Message:
  -----------
  Increment version for 4.0.10.13 release

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>


Compare: https://github.com/phpmyadmin/phpmyadmin/compare/66149607b1b5...16136ea0ef22


More information about the Git mailing list