[phpMyAdmin Git] [phpmyadmin/phpmyadmin] bf7379: Use javascript for redirection to https
Isaac Bennetch
bennetch at gmail.com
Thu Jun 23 08:38:18 CEST 2016
Branch: refs/heads/MAINT_4_0_10
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: bf7379771f4b32e01f4af3b36f8ec6900288688e
https://github.com/phpmyadmin/phpmyadmin/commit/bf7379771f4b32e01f4af3b36f8ec6900288688e
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-15 (Wed, 15 Jun 2016)
Changed paths:
M setup/frames/index.inc.php
Log Message:
-----------
Use javascript for redirection to https
The current approach is broken since whitelisting is active in url.php
and also allows potential bbcode injection.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 75724a361bc1873525245e8ff0889cc21456fe38
https://github.com/phpmyadmin/phpmyadmin/commit/75724a361bc1873525245e8ff0889cc21456fe38
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2016-06-15 (Wed, 15 Jun 2016)
Changed paths:
M libraries/Scripts.class.php
Log Message:
-----------
Fix #11457 414 Request-URI Too Large
Signed-off-by: Madhura Jayaratne <madhura.cj at gmail.com>
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 805225a28c1428d7809e613c731c2126960e98df
https://github.com/phpmyadmin/phpmyadmin/commit/805225a28c1428d7809e613c731c2126960e98df
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-15 (Wed, 15 Jun 2016)
Changed paths:
M js/get_scripts.js.php
Log Message:
-----------
Limit number of included scripts in get_scripts.js.php
This avoids potential DOS, the limit is same as we use for generating
the URLs.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 6b52ae4d190716bedf76c530ca6b561c9f9c4a44
https://github.com/phpmyadmin/phpmyadmin/commit/6b52ae4d190716bedf76c530ca6b561c9f9c4a44
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-16 (Thu, 16 Jun 2016)
Changed paths:
M test/classes/PMA_Scripts_test.php
Log Message:
-----------
Adjust test expectations to match new code
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: c9faf855a0b9d494015d1e2a2c121b75be90d176
https://github.com/phpmyadmin/phpmyadmin/commit/c9faf855a0b9d494015d1e2a2c121b75be90d176
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M libraries/config/FormDisplay.class.php
Log Message:
-----------
Properly convert POST parameters
We can get array instead of single parameter, so handle this gracefully.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 8451a7a5d26f30692c5be7e7cc1175996a31c007
https://github.com/phpmyadmin/phpmyadmin/commit/8451a7a5d26f30692c5be7e7cc1175996a31c007
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M libraries/Util.class.php
M libraries/config/FormDisplay.class.php
Log Message:
-----------
Move request conversion to generic code
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: e1eb5e8e8939c80309382738f6c5c300969cccec
https://github.com/phpmyadmin/phpmyadmin/commit/e1eb5e8e8939c80309382738f6c5c300969cccec
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M setup/validate.php
Log Message:
-----------
Fix error reporting on invalid request data
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 96c6a7c0a2d7a473f414dde22efed4c024083f64
https://github.com/phpmyadmin/phpmyadmin/commit/96c6a7c0a2d7a473f414dde22efed4c024083f64
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M libraries/config/validate.lib.php
Log Message:
-----------
Validate input of validator
We can not trust the input here, so we can expect anything and deal with
missing parameters or invalid values.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: fa7a9b787b394c086a5e7c5e7eaa2eacacddbd01
https://github.com/phpmyadmin/phpmyadmin/commit/fa7a9b787b394c086a5e7c5e7eaa2eacacddbd01
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M setup/config.php
M setup/frames/index.inc.php
Log Message:
-----------
Improve error handling in setup in case config dir is not present
We do not show these options in UI, but the scripts should handle it
gracefully.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: c93c82ee9c21f9e4e539749188f99d0b6fc148dc
https://github.com/phpmyadmin/phpmyadmin/commit/c93c82ee9c21f9e4e539749188f99d0b6fc148dc
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M libraries/config/validate.lib.php
Log Message:
-----------
Fix typo in validator
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: c795a395ba74d29a584abfe48d8a5139df92f0fd
https://github.com/phpmyadmin/phpmyadmin/commit/c795a395ba74d29a584abfe48d8a5139df92f0fd
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M examples/openid.php
Log Message:
-----------
Improve error handling in OpenID example
- properly check parameter types
- catch all exceptions (eg. network error)
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 5fefa5113948044983d8341f272950ace7bbf1e8
https://github.com/phpmyadmin/phpmyadmin/commit/5fefa5113948044983d8341f272950ace7bbf1e8
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M examples/openid.php
Log Message:
-----------
Escape error messages from OpenID
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 78f6c54f1b404c639277d98123429b90d43fb088
https://github.com/phpmyadmin/phpmyadmin/commit/78f6c54f1b404c639277d98123429b90d43fb088
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M examples/openid.php
Log Message:
-----------
Add error handling to constructing openid message
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 975089b8c346a2c2aa75889f42f5a1729ae79497
https://github.com/phpmyadmin/phpmyadmin/commit/975089b8c346a2c2aa75889f42f5a1729ae79497
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M libraries/build_html_for_db.lib.php
Log Message:
-----------
Properly escape translated string
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: f662d591c506346ac7b1804d5b8ec2754885feb9
https://github.com/phpmyadmin/phpmyadmin/commit/f662d591c506346ac7b1804d5b8ec2754885feb9
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M server_binlog.php
Log Message:
-----------
Escape binary log name
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 288efea5b42b1514ada0f22c84049067281b3eca
https://github.com/phpmyadmin/phpmyadmin/commit/288efea5b42b1514ada0f22c84049067281b3eca
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-17 (Fri, 17 Jun 2016)
Changed paths:
M libraries/plugins/transformations/abstract/AppendTransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/DateFormatTransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/DownloadTransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/ImageLinkTransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/LongToIPv4TransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/SubstringTransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
M libraries/transformations.lib.php
Log Message:
-----------
Simplify and cleanup transformation plugins
Remove PMA_transformation_global_html_replace which makes the code only
more confusing.
Also add escaping to browse transformations.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 32875196f971dc41f98a265808f1f8b4bd3ee5da
https://github.com/phpmyadmin/phpmyadmin/commit/32875196f971dc41f98a265808f1f8b4bd3ee5da
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M libraries/Header.class.php
Log Message:
-----------
Add referrer CSP and <meta> tag
This avoids leaking Referer header in modern browsers.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: e13f9862ef4406d0f10580a0305d4a99a5716dac
https://github.com/phpmyadmin/phpmyadmin/commit/e13f9862ef4406d0f10580a0305d4a99a5716dac
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M libraries/Header.class.php
Log Message:
-----------
Backport Content-Security-Policy from latest release
This way it will work well on current browsers.
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: abfd97983a01556dccf92bbeb932a543ef8c6b80
https://github.com/phpmyadmin/phpmyadmin/commit/abfd97983a01556dccf92bbeb932a543ef8c6b80
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M js/get_image.js.php
Log Message:
-----------
Escape attributes when showing images in javascript
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 02971f754fc4623ce3a4edaf25b9dcb0ce2af271
https://github.com/phpmyadmin/phpmyadmin/commit/02971f754fc4623ce3a4edaf25b9dcb0ce2af271
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M js/ajax.js
Log Message:
-----------
Escape HTML when rendering AJAX error
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 8c336ba285f3789c9afc15195f1f3e7b65fe2689
https://github.com/phpmyadmin/phpmyadmin/commit/8c336ba285f3789c9afc15195f1f3e7b65fe2689
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M libraries/Header.class.php
Log Message:
-----------
Update referrer <meta> to match current standards
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 351019c07429d2d6498e9abaa693ce8d88eadb5f
https://github.com/phpmyadmin/phpmyadmin/commit/351019c07429d2d6498e9abaa693ce8d88eadb5f
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-20 (Mon, 20 Jun 2016)
Changed paths:
M libraries/tbl_columns_definition_form.inc.php
Log Message:
-----------
Quote delimiter before using preg_replace
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 9b6f64b8b972f97711463a3c60c6a0f0c247a1b9
https://github.com/phpmyadmin/phpmyadmin/commit/9b6f64b8b972f97711463a3c60c6a0f0c247a1b9
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths:
M libraries/TableSearch.class.php
Log Message:
-----------
Properly escape zoom search column type
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: b974b567811db3461b7a0c8eb1bae1024904277d
https://github.com/phpmyadmin/phpmyadmin/commit/b974b567811db3461b7a0c8eb1bae1024904277d
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths:
M js/tbl_chart.js
Log Message:
-----------
Fixed rendering of chart of columns with HTML inside
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: b04150e30ee5614ded9e072e4823fa6e3d1b15e6
https://github.com/phpmyadmin/phpmyadmin/commit/b04150e30ee5614ded9e072e4823fa6e3d1b15e6
Author: Michal Čihař <michal at cihar.com>
Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths:
M libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
M libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
Log Message:
-----------
Do not allow javascript: links in transformation
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: c3d22bee082e8fb8e86492647255a0406ef68a68
https://github.com/phpmyadmin/phpmyadmin/commit/c3d22bee082e8fb8e86492647255a0406ef68a68
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2016-06-22 (Wed, 22 Jun 2016)
Changed paths:
M ChangeLog
Log Message:
-----------
Changelog entries for security release
Signed-off-by: Isaac Bennetch <bennetch at gmail.com>
Commit: 83416df64f2277d8853fcdd048df7bb154514d03
https://github.com/phpmyadmin/phpmyadmin/commit/83416df64f2277d8853fcdd048df7bb154514d03
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2016-06-23 (Thu, 23 Jun 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.class.php
Log Message:
-----------
Release 4.0.10.16
Signed-off-by: Isaac Bennetch <bennetch at gmail.com>
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/ee10ed130626...83416df64f22
More information about the Git
mailing list