[phpMyAdmin Git] [phpmyadmin/phpmyadmin] dae339: Remove token from GET requests
Madhura Jayaratne
madhura.cj at gmail.com
Sun Jul 31 23:50:37 CEST 2016
Branch: refs/heads/master
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: dae3390a02ca6687fd31ca784474d56240c6c538
https://github.com/phpmyadmin/phpmyadmin/commit/dae3390a02ca6687fd31ca784474d56240c6c538
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths:
M libraries/URL.php
Log Message:
-----------
Remove token from GET requests
The CSRF token really should be used only in POST requests. The reason
for that is that it's a bit harder to get to if it is in request body
(with POST) compared to GET request, where it is in the URL (being
easily available in server logs).
Also this will make the URLs look nicer ;-).
This change will definite break some functionality, but since #6297 most
of the code should be safe and remaining bugs can be fixed for upcoming
release.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: ea73fded7138038aa5a415c7081d838fc094eff7
https://github.com/phpmyadmin/phpmyadmin/commit/ea73fded7138038aa5a415c7081d838fc094eff7
Author: Michal Čihař <michal at cihar.com>
Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths:
M test/classes/AdvisorTest.php
M test/classes/DbSearchTest.php
M test/classes/DisplayResultsTest.php
M test/classes/FooterTest.php
M test/classes/ThemeManagerTest.php
M test/classes/ThemeTest.php
M test/classes/URLTest.php
M test/classes/config/PageSettingsTest.php
M test/classes/plugin/auth/AuthenticationConfigTest.php
M test/classes/plugin/auth/AuthenticationCookieTest.php
M test/libraries/PMA_Form_Processing_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_getDbLink_test.php
M test/libraries/common/PMA_showMessage_test_disabled.php
Log Message:
-----------
Adjust tests to token removal from GET
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 7f43348e6b77f12fc4669f7e5defb582bde49911
https://github.com/phpmyadmin/phpmyadmin/commit/7f43348e6b77f12fc4669f7e5defb582bde49911
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-08-01 (Mon, 01 Aug 2016)
Changed paths:
M libraries/URL.php
M test/classes/AdvisorTest.php
M test/classes/DbSearchTest.php
M test/classes/DisplayResultsTest.php
M test/classes/FooterTest.php
M test/classes/ThemeManagerTest.php
M test/classes/ThemeTest.php
M test/classes/URLTest.php
M test/classes/config/PageSettingsTest.php
M test/classes/plugin/auth/AuthenticationConfigTest.php
M test/classes/plugin/auth/AuthenticationCookieTest.php
M test/libraries/PMA_Form_Processing_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_getDbLink_test.php
M test/libraries/common/PMA_showMessage_test_disabled.php
Log Message:
-----------
Merge pull request #12415 from nijel/remove-token-get
Remove token from GET requests
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/dc41f51bf4d2...7f43348e6b77
More information about the Git
mailing list