[phpMyAdmin Git] [phpmyadmin/phpmyadmin] c1ecaf: Fix security issue, escape database name when saving page on designer

William Desportes williamdes at wdes.fr
Tue Jun 4 18:23:41 CEST 2019


Branch: refs/heads/master
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: c1ecafc38319e8f768c9259d4d580e42acd5ee86
https://github.com/phpmyadmin/phpmyadmin/commit/c1ecafc38319e8f768c9259d4d580e42acd5ee86
Author: William Desportes <williamdes at wdes.fr>
Date: 2019-03-30 (Sat, 03 March 2019) +01:00

Changed paths: 
M js/designer/move.js

Log Message:
-----------
Fix security issue, escape database name when saving page on designer

Signed-off-by: William Desportes <williamdes at wdes.fr>

Commit: 015c404038c44279d95b6430ee5a0dddc97691ec
https://github.com/phpmyadmin/phpmyadmin/commit/015c404038c44279d95b6430ee5a0dddc97691ec
Author: MaurĂ­cio Meneghini Fauth <mauricio at fauth.dev>
Date: 2019-06-01 (Sat, 06 June 2019) -03:00

Changed paths: 
M libraries/classes/Plugins/Auth/AuthenticationCookie.php
M libraries/common.inc.php
M test/classes/Plugins/Auth/AuthenticationCookieTest.php

Log Message:
-----------
Retrieve parameters from $_POST in AuthenticationCookie plugin

Retrieves pma_username and pma_password parameters from $_POST instead of $_REQUEST

Signed-off-by: MaurĂ­cio Meneghini Fauth <mauricio at fauth.dev>

Commit: 034538e0c6fe52bbd55a4f14c7e2ccbd3aad7efa
https://github.com/phpmyadmin/phpmyadmin/commit/034538e0c6fe52bbd55a4f14c7e2ccbd3aad7efa
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-03 (Mon, 06 June 2019) -04:00

Changed paths: 
M doc/faq.rst

Log Message:
-----------
Update FAQ 4.8 to reflect removing pma_username and pma_password due to the security flaw reported in PMASA-2019-4

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: 4b5e04d0a1ab0956d21ede85b6c1faf517b555b3
https://github.com/phpmyadmin/phpmyadmin/commit/4b5e04d0a1ab0956d21ede85b6c1faf517b555b3
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
M doc/faq.rst
M libraries/classes/Plugins/Auth/AuthenticationCookie.php
M libraries/common.inc.php
M test/classes/Plugins/Auth/AuthenticationCookieTest.php

Log Message:
-----------
Merge pull request #277 from phpmyadmin/security/issue-276

Fix CSRF Vulnerability in login form

Commit: 8108eb7ded1b60863d5fa2d4125fcb805f6e0ae6
https://github.com/phpmyadmin/phpmyadmin/commit/8108eb7ded1b60863d5fa2d4125fcb805f6e0ae6
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
M doc/faq.rst
M libraries/classes/Plugins/Auth/AuthenticationCookie.php
M libraries/common.inc.php
M test/classes/Plugins/Auth/AuthenticationCookieTest.php

Log Message:
-----------
Merge remote-tracking branch 'security/QA_4_8-security' into QA_4_8

Commit: 5fba0171273317ca7ba3a19bfd0afac38b815ab2
https://github.com/phpmyadmin/phpmyadmin/commit/5fba0171273317ca7ba3a19bfd0afac38b815ab2
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
M ChangeLog

Log Message:
-----------
ChangeLog for security issues

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: 519c32bc08f2d8fb15b38044920a5e13cc82b0ab
https://github.com/phpmyadmin/phpmyadmin/commit/519c32bc08f2d8fb15b38044920a5e13cc82b0ab
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
M ChangeLog
M README
M doc/conf.py
M libraries/classes/Config.php
M package.json

Log Message:
-----------
Prepare for release 4.9.0

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: 10a2b2e01f80a0d18a408a7662217d0e6055482e
https://github.com/phpmyadmin/phpmyadmin/commit/10a2b2e01f80a0d18a408a7662217d0e6055482e
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
M themes/original/theme.json
M themes/pmahomme/theme.json

Log Message:
-----------
Make themes compatible with 4.9

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: 4ab33481be875d188d5e5c0860dd1499cd92e9d3
https://github.com/phpmyadmin/phpmyadmin/commit/4ab33481be875d188d5e5c0860dd1499cd92e9d3
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
A composer.lock

Log Message:
-----------
Adding composer lock for 4.9.0

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: 114bc0f0bf31b4af82c36056190f879473f1125a
https://github.com/phpmyadmin/phpmyadmin/commit/114bc0f0bf31b4af82c36056190f879473f1125a
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
D composer.lock

Log Message:
-----------
Removing composer.lock

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: 712e4a2d98113a4eee08cc9d41939735bd91b1d4
https://github.com/phpmyadmin/phpmyadmin/commit/712e4a2d98113a4eee08cc9d41939735bd91b1d4
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
M ChangeLog
M README
M doc/conf.py
M libraries/classes/Config.php

Log Message:
-----------
Prepare for 4.9.1-dev

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: e73c92d92d84f717d6d9983f45f743430b3f1611
https://github.com/phpmyadmin/phpmyadmin/commit/e73c92d92d84f717d6d9983f45f743430b3f1611
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
M ChangeLog
M doc/faq.rst
M libraries/classes/Plugins/Auth/AuthenticationCookie.php
M libraries/common.inc.php
M test/classes/Plugins/Auth/AuthenticationCookieTest.php

Log Message:
-----------
Fix merge conflicts

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: 7cb6e69186bee275a449b29f56ce241aebfdbfa2
https://github.com/phpmyadmin/phpmyadmin/commit/7cb6e69186bee275a449b29f56ce241aebfdbfa2
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
M js/designer/move.js

Log Message:
-----------
Merge remote-tracking branch 'security/security/designer/save-page' into QA_4_8

Commit: 004848d93f974236ed6d8d58f5fc18d006a6e53c
https://github.com/phpmyadmin/phpmyadmin/commit/004848d93f974236ed6d8d58f5fc18d006a6e53c
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
M ChangeLog
M README
M doc/conf.py
M libraries/classes/Config.php

Log Message:
-----------
Prepare version 4.9.0.1

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: c60a750764b8a4b927b15e03640908ef751089d7
https://github.com/phpmyadmin/phpmyadmin/commit/c60a750764b8a4b927b15e03640908ef751089d7
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
A composer.lock

Log Message:
-----------
Adding composer lock for 4.9.0.1

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: a5f19ea80d0ceefbdca241664cb8b90a62e16890
https://github.com/phpmyadmin/phpmyadmin/commit/a5f19ea80d0ceefbdca241664cb8b90a62e16890
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
D composer.lock

Log Message:
-----------
Removing composer.lock

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: e7b73831e5b0a896d2dbd27f66b4ed7d5b4d1130
https://github.com/phpmyadmin/phpmyadmin/commit/e7b73831e5b0a896d2dbd27f66b4ed7d5b4d1130
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
M README
M doc/conf.py
M libraries/classes/Config.php

Log Message:
-----------
Prepare for version 4.9.1

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>

Commit: 465005fe75180a380e325506a12986ecb2451cb5
https://github.com/phpmyadmin/phpmyadmin/commit/465005fe75180a380e325506a12986ecb2451cb5
Author: Isaac Bennetch <bennetch at gmail.com>
Date: 2019-06-04 (Tue, 06 June 2019) -04:00

Changed paths: 
M ChangeLog
M js/designer/move.js

Log Message:
-----------
Fix merge conflicts

Signed-off-by: Isaac Bennetch <bennetch at gmail.com>



More information about the Git mailing list