[phpMyAdmin Git] [phpmyadmin/phpmyadmin] edd929: Bring back token validation to GET requests
Isaac Bennetch
bennetch at gmail.com
Sat Dec 23 15:35:35 CET 2017
Branch: refs/heads/master
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: edd929216ade9f7c150a262ba3db44db0fed0e1b
https://github.com/phpmyadmin/phpmyadmin/commit/edd929216ade9f7c150a262ba3db44db0fed0e1b
Author: Michal Čihař <michal at cihar.com>
Date: 2017-12-14 (Thu, 14 Dec 2017)
Changed paths:
M libraries/URL.php
M libraries/common.inc.php
M libraries/navigation/NavigationTree.php
M libraries/navigation/nodes/NodeColumn.php
M libraries/navigation/nodes/NodeColumnContainer.php
M libraries/navigation/nodes/NodeDatabase.php
M libraries/navigation/nodes/NodeDatabaseContainer.php
M libraries/navigation/nodes/NodeEvent.php
M libraries/navigation/nodes/NodeEventContainer.php
M libraries/navigation/nodes/NodeFunction.php
M libraries/navigation/nodes/NodeFunctionContainer.php
M libraries/navigation/nodes/NodeIndex.php
M libraries/navigation/nodes/NodeIndexContainer.php
M libraries/navigation/nodes/NodeProcedure.php
M libraries/navigation/nodes/NodeProcedureContainer.php
M libraries/navigation/nodes/NodeTable.php
M libraries/navigation/nodes/NodeTableContainer.php
M libraries/navigation/nodes/NodeTrigger.php
M libraries/navigation/nodes/NodeTriggerContainer.php
M libraries/navigation/nodes/NodeView.php
M libraries/navigation/nodes/NodeViewContainer.php
M test/classes/AdvisorTest.php
M test/classes/DbSearchTest.php
M test/classes/DisplayResultsTest.php
M test/classes/FooterTest.php
M test/classes/ThemeTest.php
M test/classes/URLTest.php
M test/classes/config/PageSettingsTest.php
M test/classes/navigation/NavigationTest.php
M test/classes/navigation/NodeDatabaseChildTest.php
M test/classes/plugin/auth/AuthenticationConfigTest.php
M test/classes/plugin/auth/AuthenticationCookieTest.php
M test/libraries/PMA_Form_Processing_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_getDbLink_test.php
Log Message:
-----------
Bring back token validation to GET requests
This is necessary to avoid CSRF on SQL queries. This is really more a
short term fix, proper fix (to be implemented in master) is to avoid
accepting SQL queries from GET requests.
This reverts commits:
* dae3390a02ca6687fd31ca784474d56240c6c538
* ea73fded7138038aa5a415c7081d838fc094eff7
* 90433788d6f319cd112f0962ba9b3d1c22b5f2c7
* f797a8d87d8bf3cab3380747194ddd3c5db195e1
* 9c1cfc855318d12f7c0a1c4fbe8f35564aa72769
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 5d71c3972f8feb7d2ed9ee6ac82596a4d6bdbe36
https://github.com/phpmyadmin/phpmyadmin/commit/5d71c3972f8feb7d2ed9ee6ac82596a4d6bdbe36
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2017-12-16 (Sat, 16 Dec 2017)
Changed paths:
M libraries/URL.php
M libraries/common.inc.php
M libraries/navigation/NavigationTree.php
M libraries/navigation/nodes/NodeColumn.php
M libraries/navigation/nodes/NodeColumnContainer.php
M libraries/navigation/nodes/NodeDatabase.php
M libraries/navigation/nodes/NodeDatabaseContainer.php
M libraries/navigation/nodes/NodeEvent.php
M libraries/navigation/nodes/NodeEventContainer.php
M libraries/navigation/nodes/NodeFunction.php
M libraries/navigation/nodes/NodeFunctionContainer.php
M libraries/navigation/nodes/NodeIndex.php
M libraries/navigation/nodes/NodeIndexContainer.php
M libraries/navigation/nodes/NodeProcedure.php
M libraries/navigation/nodes/NodeProcedureContainer.php
M libraries/navigation/nodes/NodeTable.php
M libraries/navigation/nodes/NodeTableContainer.php
M libraries/navigation/nodes/NodeTrigger.php
M libraries/navigation/nodes/NodeTriggerContainer.php
M libraries/navigation/nodes/NodeView.php
M libraries/navigation/nodes/NodeViewContainer.php
M test/classes/AdvisorTest.php
M test/classes/DbSearchTest.php
M test/classes/DisplayResultsTest.php
M test/classes/FooterTest.php
M test/classes/ThemeTest.php
M test/classes/URLTest.php
M test/classes/config/PageSettingsTest.php
M test/classes/navigation/NavigationTest.php
M test/classes/navigation/NodeDatabaseChildTest.php
M test/classes/plugin/auth/AuthenticationConfigTest.php
M test/classes/plugin/auth/AuthenticationCookieTest.php
M test/libraries/PMA_Form_Processing_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_getDbLink_test.php
Log Message:
-----------
Merge pull request #235 from phpmyadmin/token-get
Bring back token validation to GET requests
Commit: 5503abe53a4ee1d8481c2c4283cb7341e1bff03e
https://github.com/phpmyadmin/phpmyadmin/commit/5503abe53a4ee1d8481c2c4283cb7341e1bff03e
Author: Michal Čihař <michal at cihar.com>
Date: 2017-12-18 (Mon, 18 Dec 2017)
Changed paths:
M libraries/URL.php
M libraries/common.inc.php
M libraries/navigation/NavigationTree.php
M libraries/navigation/nodes/NodeColumn.php
M libraries/navigation/nodes/NodeColumnContainer.php
M libraries/navigation/nodes/NodeDatabase.php
M libraries/navigation/nodes/NodeDatabaseContainer.php
M libraries/navigation/nodes/NodeEvent.php
M libraries/navigation/nodes/NodeEventContainer.php
M libraries/navigation/nodes/NodeFunction.php
M libraries/navigation/nodes/NodeFunctionContainer.php
M libraries/navigation/nodes/NodeIndex.php
M libraries/navigation/nodes/NodeIndexContainer.php
M libraries/navigation/nodes/NodeProcedure.php
M libraries/navigation/nodes/NodeProcedureContainer.php
M libraries/navigation/nodes/NodeTable.php
M libraries/navigation/nodes/NodeTableContainer.php
M libraries/navigation/nodes/NodeTrigger.php
M libraries/navigation/nodes/NodeTriggerContainer.php
M libraries/navigation/nodes/NodeView.php
M libraries/navigation/nodes/NodeViewContainer.php
M test/classes/AdvisorTest.php
M test/classes/DbSearchTest.php
M test/classes/DisplayResultsTest.php
M test/classes/FooterTest.php
M test/classes/ThemeTest.php
M test/classes/URLTest.php
M test/classes/config/PageSettingsTest.php
M test/classes/navigation/NavigationTest.php
M test/classes/navigation/NodeDatabaseChildTest.php
M test/classes/plugin/auth/AuthenticationConfigTest.php
M test/classes/plugin/auth/AuthenticationCookieTest.php
M test/libraries/PMA_Form_Processing_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_getDbLink_test.php
Log Message:
-----------
Merge remote-tracking branch 'security/QA_4_7-security' into QA_4_7-security
Commit: 771715a57f339d8caa46c1f8931a7b15ae35e609
https://github.com/phpmyadmin/phpmyadmin/commit/771715a57f339d8caa46c1f8931a7b15ae35e609
Author: Michal Čihař <michal at cihar.com>
Date: 2017-12-18 (Mon, 18 Dec 2017)
Log Message:
-----------
Merge branch 'QA_4_7-security' into master-security
Commit: d12bf0fe0150ec8e517af9f9525046fc9c74452e
https://github.com/phpmyadmin/phpmyadmin/commit/d12bf0fe0150ec8e517af9f9525046fc9c74452e
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2017-12-23 (Sat, 23 Dec 2017)
Log Message:
-----------
Merge remote-tracking branch 'security/master-security'
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/dd3a40384f51...d12bf0fe0150
More information about the Git
mailing list