[phpMyAdmin Git] [phpmyadmin/phpmyadmin] edd929: Bring back token validation to GET requests
Isaac Bennetch
bennetch at gmail.com
Sat Dec 23 15:36:38 CET 2017
Branch: refs/heads/QA_4_7
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: edd929216ade9f7c150a262ba3db44db0fed0e1b
https://github.com/phpmyadmin/phpmyadmin/commit/edd929216ade9f7c150a262ba3db44db0fed0e1b
Author: Michal Čihař <michal at cihar.com>
Date: 2017-12-14 (Thu, 14 Dec 2017)
Changed paths:
M libraries/URL.php
M libraries/common.inc.php
M libraries/navigation/NavigationTree.php
M libraries/navigation/nodes/NodeColumn.php
M libraries/navigation/nodes/NodeColumnContainer.php
M libraries/navigation/nodes/NodeDatabase.php
M libraries/navigation/nodes/NodeDatabaseContainer.php
M libraries/navigation/nodes/NodeEvent.php
M libraries/navigation/nodes/NodeEventContainer.php
M libraries/navigation/nodes/NodeFunction.php
M libraries/navigation/nodes/NodeFunctionContainer.php
M libraries/navigation/nodes/NodeIndex.php
M libraries/navigation/nodes/NodeIndexContainer.php
M libraries/navigation/nodes/NodeProcedure.php
M libraries/navigation/nodes/NodeProcedureContainer.php
M libraries/navigation/nodes/NodeTable.php
M libraries/navigation/nodes/NodeTableContainer.php
M libraries/navigation/nodes/NodeTrigger.php
M libraries/navigation/nodes/NodeTriggerContainer.php
M libraries/navigation/nodes/NodeView.php
M libraries/navigation/nodes/NodeViewContainer.php
M test/classes/AdvisorTest.php
M test/classes/DbSearchTest.php
M test/classes/DisplayResultsTest.php
M test/classes/FooterTest.php
M test/classes/ThemeTest.php
M test/classes/URLTest.php
M test/classes/config/PageSettingsTest.php
M test/classes/navigation/NavigationTest.php
M test/classes/navigation/NodeDatabaseChildTest.php
M test/classes/plugin/auth/AuthenticationConfigTest.php
M test/classes/plugin/auth/AuthenticationCookieTest.php
M test/libraries/PMA_Form_Processing_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_getDbLink_test.php
Log Message:
-----------
Bring back token validation to GET requests
This is necessary to avoid CSRF on SQL queries. This is really more a
short term fix, proper fix (to be implemented in master) is to avoid
accepting SQL queries from GET requests.
This reverts commits:
* dae3390a02ca6687fd31ca784474d56240c6c538
* ea73fded7138038aa5a415c7081d838fc094eff7
* 90433788d6f319cd112f0962ba9b3d1c22b5f2c7
* f797a8d87d8bf3cab3380747194ddd3c5db195e1
* 9c1cfc855318d12f7c0a1c4fbe8f35564aa72769
Signed-off-by: Michal Čihař <michal at cihar.com>
Commit: 5d71c3972f8feb7d2ed9ee6ac82596a4d6bdbe36
https://github.com/phpmyadmin/phpmyadmin/commit/5d71c3972f8feb7d2ed9ee6ac82596a4d6bdbe36
Author: Madhura Jayaratne <madhura.cj at gmail.com>
Date: 2017-12-16 (Sat, 16 Dec 2017)
Changed paths:
M libraries/URL.php
M libraries/common.inc.php
M libraries/navigation/NavigationTree.php
M libraries/navigation/nodes/NodeColumn.php
M libraries/navigation/nodes/NodeColumnContainer.php
M libraries/navigation/nodes/NodeDatabase.php
M libraries/navigation/nodes/NodeDatabaseContainer.php
M libraries/navigation/nodes/NodeEvent.php
M libraries/navigation/nodes/NodeEventContainer.php
M libraries/navigation/nodes/NodeFunction.php
M libraries/navigation/nodes/NodeFunctionContainer.php
M libraries/navigation/nodes/NodeIndex.php
M libraries/navigation/nodes/NodeIndexContainer.php
M libraries/navigation/nodes/NodeProcedure.php
M libraries/navigation/nodes/NodeProcedureContainer.php
M libraries/navigation/nodes/NodeTable.php
M libraries/navigation/nodes/NodeTableContainer.php
M libraries/navigation/nodes/NodeTrigger.php
M libraries/navigation/nodes/NodeTriggerContainer.php
M libraries/navigation/nodes/NodeView.php
M libraries/navigation/nodes/NodeViewContainer.php
M test/classes/AdvisorTest.php
M test/classes/DbSearchTest.php
M test/classes/DisplayResultsTest.php
M test/classes/FooterTest.php
M test/classes/ThemeTest.php
M test/classes/URLTest.php
M test/classes/config/PageSettingsTest.php
M test/classes/navigation/NavigationTest.php
M test/classes/navigation/NodeDatabaseChildTest.php
M test/classes/plugin/auth/AuthenticationConfigTest.php
M test/classes/plugin/auth/AuthenticationCookieTest.php
M test/libraries/PMA_Form_Processing_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_getDbLink_test.php
Log Message:
-----------
Merge pull request #235 from phpmyadmin/token-get
Bring back token validation to GET requests
Commit: 5503abe53a4ee1d8481c2c4283cb7341e1bff03e
https://github.com/phpmyadmin/phpmyadmin/commit/5503abe53a4ee1d8481c2c4283cb7341e1bff03e
Author: Michal Čihař <michal at cihar.com>
Date: 2017-12-18 (Mon, 18 Dec 2017)
Changed paths:
M libraries/URL.php
M libraries/common.inc.php
M libraries/navigation/NavigationTree.php
M libraries/navigation/nodes/NodeColumn.php
M libraries/navigation/nodes/NodeColumnContainer.php
M libraries/navigation/nodes/NodeDatabase.php
M libraries/navigation/nodes/NodeDatabaseContainer.php
M libraries/navigation/nodes/NodeEvent.php
M libraries/navigation/nodes/NodeEventContainer.php
M libraries/navigation/nodes/NodeFunction.php
M libraries/navigation/nodes/NodeFunctionContainer.php
M libraries/navigation/nodes/NodeIndex.php
M libraries/navigation/nodes/NodeIndexContainer.php
M libraries/navigation/nodes/NodeProcedure.php
M libraries/navigation/nodes/NodeProcedureContainer.php
M libraries/navigation/nodes/NodeTable.php
M libraries/navigation/nodes/NodeTableContainer.php
M libraries/navigation/nodes/NodeTrigger.php
M libraries/navigation/nodes/NodeTriggerContainer.php
M libraries/navigation/nodes/NodeView.php
M libraries/navigation/nodes/NodeViewContainer.php
M test/classes/AdvisorTest.php
M test/classes/DbSearchTest.php
M test/classes/DisplayResultsTest.php
M test/classes/FooterTest.php
M test/classes/ThemeTest.php
M test/classes/URLTest.php
M test/classes/config/PageSettingsTest.php
M test/classes/navigation/NavigationTest.php
M test/classes/navigation/NodeDatabaseChildTest.php
M test/classes/plugin/auth/AuthenticationConfigTest.php
M test/classes/plugin/auth/AuthenticationCookieTest.php
M test/libraries/PMA_Form_Processing_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_getDbLink_test.php
Log Message:
-----------
Merge remote-tracking branch 'security/QA_4_7-security' into QA_4_7-security
Commit: 203148dd486058a45505646b86290e46e262cf3d
https://github.com/phpmyadmin/phpmyadmin/commit/203148dd486058a45505646b86290e46e262cf3d
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2017-12-23 (Sat, 23 Dec 2017)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.php
Log Message:
-----------
Prepare for release 4.7.7
Signed-off-by: Isaac Bennetch <bennetch at gmail.com>
Commit: c178ff69111311f568b72345a591e84cc09153fa
https://github.com/phpmyadmin/phpmyadmin/commit/c178ff69111311f568b72345a591e84cc09153fa
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2017-12-23 (Sat, 23 Dec 2017)
Changed paths:
M libraries/URL.php
M libraries/common.inc.php
M libraries/navigation/NavigationTree.php
M libraries/navigation/nodes/NodeColumn.php
M libraries/navigation/nodes/NodeColumnContainer.php
M libraries/navigation/nodes/NodeDatabase.php
M libraries/navigation/nodes/NodeDatabaseContainer.php
M libraries/navigation/nodes/NodeEvent.php
M libraries/navigation/nodes/NodeEventContainer.php
M libraries/navigation/nodes/NodeFunction.php
M libraries/navigation/nodes/NodeFunctionContainer.php
M libraries/navigation/nodes/NodeIndex.php
M libraries/navigation/nodes/NodeIndexContainer.php
M libraries/navigation/nodes/NodeProcedure.php
M libraries/navigation/nodes/NodeProcedureContainer.php
M libraries/navigation/nodes/NodeTable.php
M libraries/navigation/nodes/NodeTableContainer.php
M libraries/navigation/nodes/NodeTrigger.php
M libraries/navigation/nodes/NodeTriggerContainer.php
M libraries/navigation/nodes/NodeView.php
M libraries/navigation/nodes/NodeViewContainer.php
M test/classes/AdvisorTest.php
M test/classes/DbSearchTest.php
M test/classes/DisplayResultsTest.php
M test/classes/FooterTest.php
M test/classes/ThemeTest.php
M test/classes/URLTest.php
M test/classes/config/PageSettingsTest.php
M test/classes/navigation/NavigationTest.php
M test/classes/navigation/NodeDatabaseChildTest.php
M test/classes/plugin/auth/AuthenticationConfigTest.php
M test/classes/plugin/auth/AuthenticationCookieTest.php
M test/libraries/PMA_Form_Processing_test.php
M test/libraries/PMA_insert_edit_test.php
M test/libraries/PMA_server_privileges_test.php
M test/libraries/PMA_user_preferences_test.php
M test/libraries/common/PMA_getDbLink_test.php
Log Message:
-----------
Merge remote-tracking branch 'security/QA_4_7-security' into QA_4_7
Commit: 1bb2e7f5e2781f5fbc6c67fa6204b930cb4e84ff
https://github.com/phpmyadmin/phpmyadmin/commit/1bb2e7f5e2781f5fbc6c67fa6204b930cb4e84ff
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2017-12-23 (Sat, 23 Dec 2017)
Changed paths:
M ChangeLog
Log Message:
-----------
Changelog for security issue
Signed-off-by: Isaac Bennetch <bennetch at gmail.com>
Commit: 6ba68edd4c94a4d9ca7ff3a4679862a01aae3740
https://github.com/phpmyadmin/phpmyadmin/commit/6ba68edd4c94a4d9ca7ff3a4679862a01aae3740
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2017-12-23 (Sat, 23 Dec 2017)
Changed paths:
A composer.lock
Log Message:
-----------
Adding composer lock for 4.7.7
Signed-off-by: Isaac Bennetch <bennetch at gmail.com>
Commit: 88df9e56bf341eaf2c5f7128492cb78e6fba374d
https://github.com/phpmyadmin/phpmyadmin/commit/88df9e56bf341eaf2c5f7128492cb78e6fba374d
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2017-12-23 (Sat, 23 Dec 2017)
Changed paths:
R composer.lock
Log Message:
-----------
Removing composer.lock
Signed-off-by: Isaac Bennetch <bennetch at gmail.com>
Compare: https://github.com/phpmyadmin/phpmyadmin/compare/923ac4d5e955...88df9e56bf34
More information about the Git
mailing list