Branch: refs/heads/MAINT_4_0_10
Home: https://github.com/phpmyadmin/phpmyadmin
Commit: e46fdb8e5e5fab4df762d0af54e328f290f442a8
https://github.com/phpmyadmin/phpmyadmin/commit/e46fdb8e5e5fab4df762d0af54e328f290f442a8
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths:
M phpinfo.php
Log Message:
-----------
Sent CSP headers for phpinfo
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: c6cfb58834267c36169d045bc42ebbcacfa7f1c2
https://github.com/phpmyadmin/phpmyadmin/commit/c6cfb58834267c36169d045bc42ebbcacfa7f1c2
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths:
M libraries/Util.class.php
Log Message:
-----------
Avoid possible path traversal using MySQL username
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 34a1cebf762af07ba80e9d3aa05ffcd20b4025c7
https://github.com/phpmyadmin/phpmyadmin/commit/34a1cebf762af07ba80e9d3aa05ffcd20b4025c7
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths:
M libraries/plugins/export/ExportPhparray.class.php
Log Message:
-----------
Generate valid PHP code even when table/database name contains PHP markup
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 59e0f3dee4b7cfe05375f8b0e90adb19e1af6377
https://github.com/phpmyadmin/phpmyadmin/commit/59e0f3dee4b7cfe05375f8b0e90adb19e1af6377
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-06-30 (Thu, 30 Jun 2016)
Changed paths:
M libraries/plugins/export/ExportXml.class.php
Log Message:
-----------
Properly escape generated XML export
Many fields could contain XML markup, so we need to ensure the generated
XML is valid.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 95b7b7d6dd1402aba6a0d9ccc8683b7ef53602b4
https://github.com/phpmyadmin/phpmyadmin/commit/95b7b7d6dd1402aba6a0d9ccc8683b7ef53602b4
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-08 (Fri, 08 Jul 2016)
Changed paths:
M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message:
-----------
Improve cookie encryption
- use MAC to validate content before decryption
- create unique IV for every cookie
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: cf2e0afdb7b247a54192e85b298ec89adaecebca
https://github.com/phpmyadmin/phpmyadmin/commit/cf2e0afdb7b247a54192e85b298ec89adaecebca
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-09 (Sat, 09 Jul 2016)
Changed paths:
M composer.json
M doc/other.rst
M index.php
M libraries/config/FormDisplay.class.php
M libraries/config/messages.inc.php
M libraries/import.lib.php
M po/af.po
M po/ar.po
M po/az.po
M po/be.po
M po/b...@latin.po
M po/bg.po
M po/bn.po
M po/br.po
M po/bs.po
M po/ca.po
M po/ckb.po
M po/cs.po
M po/cy.po
M po/da.po
M po/de.po
M po/el.po
M po/en_GB.po
M po/es.po
M po/et.po
M po/eu.po
M po/fa.po
M po/fi.po
M po/fr.po
M po/gl.po
M po/he.po
M po/hi.po
M po/hr.po
M po/hu.po
M po/hy.po
M po/id.po
M po/it.po
M po/ja.po
M po/ka.po
M po/kk.po
M po/ko.po
M po/lt.po
M po/lv.po
M po/mk.po
M po/ml.po
M po/mn.po
M po/ms.po
M po/nb.po
M po/nl.po
M po/pa.po
M po/phpmyadmin.pot
M po/pl.po
M po/pt.po
M po/pt_BR.po
M po/ro.po
M po/ru.po
M po/si.po
M po/sk.po
M po/sl.po
M po/sq.po
M po/sr.po
M po/s...@latin.po
M po/sv.po
M po/ta.po
M po/te.po
M po/th.po
M po/tk.po
M po/tr.po
M po/tt.po
M po/ug.po
M po/uk.po
M po/ur.po
M po/uz.po
M po/u...@latin.po
M po/zh_CN.po
M po/zh_TW.po
M scripts/create-release.sh
M test/libraries/core/PMA_getLinks_test.php
Log Message:
-----------
Use https for wiki links
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: a9005b20bcb81b1e2007ab69c6bd67a3679d56b3
https://github.com/phpmyadmin/phpmyadmin/commit/a9005b20bcb81b1e2007ab69c6bd67a3679d56b3
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-10 (Sun, 10 Jul 2016)
Changed paths:
M libraries/replication_gui.lib.php
M server_status_variables.php
Log Message:
-----------
Properly escape MySQL status variables
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: eb2c702ab22e58cb6e719f6c8a0e0c9816e3e1a1
https://github.com/phpmyadmin/phpmyadmin/commit/eb2c702ab22e58cb6e719f6c8a0e0c9816e3e1a1
Author: Isaac Bennetch <benne...@gmail.com>
Date: 2016-07-10 (Sun, 10 Jul 2016)
Changed paths:
M examples/openid.php
M examples/signon.php
Log Message:
-----------
Add Secure and HttpOnly flags for session cookie setup in examples
Signed-off-by: Isaac Bennetch <benne...@gmail.com>
Commit: 4440790902618c98f81f23a28747ccc117bfe53b
https://github.com/phpmyadmin/phpmyadmin/commit/4440790902618c98f81f23a28747ccc117bfe53b
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Make proxy IP parsing aware of multiple proxies
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: ec2bd5d84c4583a38f0086bac207e88f27d77749
https://github.com/phpmyadmin/phpmyadmin/commit/ec2bd5d84c4583a38f0086bac207e88f27d77749
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths:
M config.sample.inc.php
M doc/config.rst
M doc/setup.rst
R examples/swekey.sample.conf
M libraries/config.default.php
M libraries/config/messages.inc.php
M libraries/config/setup.forms.php
M libraries/plugins/auth/AuthenticationCookie.class.php
R libraries/plugins/auth/swekey/authentication.inc.php
R libraries/plugins/auth/swekey/musbe-ca.crt
R libraries/plugins/auth/swekey/swekey.auth.lib.php
R libraries/plugins/auth/swekey/swekey.php
Log Message:
-----------
Remove Swekey support
It is buggy and their servers are no longer working.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: ee6557a689a73b21449ba3ad29c7317aeb06011e
https://github.com/phpmyadmin/phpmyadmin/commit/ee6557a689a73b21449ba3ad29c7317aeb06011e
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths:
M libraries/core.lib.php
Log Message:
-----------
Remove debugging code
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: dc2518974124b98a57107e9486084df76a655227
https://github.com/phpmyadmin/phpmyadmin/commit/dc2518974124b98a57107e9486084df76a655227
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-11 (Mon, 11 Jul 2016)
Changed paths:
M libraries/ip_allow_deny.lib.php
Log Message:
-----------
Fix syntax error in older PHP versions
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 6cbbcdb719829075aaa2d5a91828831dbf1d74e1
https://github.com/phpmyadmin/phpmyadmin/commit/6cbbcdb719829075aaa2d5a91828831dbf1d74e1
Author: Madhura Jayaratne <madhura...@gmail.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/replication_gui.lib.php
Log Message:
-----------
Fix XSS in server_replication.php
Signed-off-by: Madhura Jayaratne <madhura...@gmail.com>
Commit: a416cbe6c7dd14b843f4ceed6d17be112ad4aad6
https://github.com/phpmyadmin/phpmyadmin/commit/a416cbe6c7dd14b843f4ceed6d17be112ad4aad6
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M
libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
M
libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
Log Message:
-----------
Use whitelist rather than blacklist for URL filtering
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 63a5fdaa21ed2f755b164376aeb661425e8a1ba7
https://github.com/phpmyadmin/phpmyadmin/commit/63a5fdaa21ed2f755b164376aeb661425e8a1ba7
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M changelog.php
M index.php
M libraries/display_git_revision.lib.php
M libraries/engines/pbxt.lib.php
M
libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php
M
libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
M libraries/sanitizing.lib.php
M themes.php
Log Message:
-----------
Add rel="noopener noreferrer" to all target="_blank" links
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 0a4cdc25f1b30db18186726d9122e68b4cba120a
https://github.com/phpmyadmin/phpmyadmin/commit/0a4cdc25f1b30db18186726d9122e68b4cba120a
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M
libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php
Log Message:
-----------
Use _blank target instead of invalid _new
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: e9a4de70a769312d3dce61b69f65015cdd2c4681
https://github.com/phpmyadmin/phpmyadmin/commit/e9a4de70a769312d3dce61b69f65015cdd2c4681
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/plugins/export/ExportMediawiki.class.php
Log Message:
-----------
Escape HTML in Mediawiki comments
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 41684ff1a1fe2380c93fc3a0bf2d68ceb81b55e5
https://github.com/phpmyadmin/phpmyadmin/commit/41684ff1a1fe2380c93fc3a0bf2d68ceb81b55e5
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M examples/openid.php
M examples/signon.php
Log Message:
-----------
Hide session error messages to avoid FPD
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: ab05803a4257c12ee75c3cf1cbc941b3ab1dcf7e
https://github.com/phpmyadmin/phpmyadmin/commit/ab05803a4257c12ee75c3cf1cbc941b3ab1dcf7e
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M import.php
M libraries/File.class.php
M libraries/file_listing.lib.php
Log Message:
-----------
Do not allow symlinks in UploadDir
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: c8297b4718d46f1d78ec7405cdbeb3b3f937001f
https://github.com/phpmyadmin/phpmyadmin/commit/c8297b4718d46f1d78ec7405cdbeb3b3f937001f
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/plugins/auth/AuthenticationCookie.class.php
M setup/lib/index.lib.php
Log Message:
-----------
Use phpseclib's Crypt module to generate encryption keys
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 14fd2758114040d4aa2d49c50f425f1e5a046a7f
https://github.com/phpmyadmin/phpmyadmin/commit/14fd2758114040d4aa2d49c50f425f1e5a046a7f
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M
libraries/plugins/transformations/abstract/FormattedTransformationsPlugin.class.php
Log Message:
-----------
Use iframe sandbox for rendering HTML in transformation
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: bdc7436c7796c7500a53d84bf44c6e24bf96fa74
https://github.com/phpmyadmin/phpmyadmin/commit/bdc7436c7796c7500a53d84bf44c6e24bf96fa74
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M version_check.php
Log Message:
-----------
Prefer curl over file_get_contents
Curl is better in SSL certificate verification.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 8e0918cc410fea4bb58a26caa0bb07b65c8da77c
https://github.com/phpmyadmin/phpmyadmin/commit/8e0918cc410fea4bb58a26caa0bb07b65c8da77c
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/config/validate.lib.php
M libraries/core.lib.php
M libraries/plugins/auth/AuthenticationCookie.class.php
M libraries/replication.inc.php
A test/libraries/core/PMA_sanitizeMySQLHost_test.php
Log Message:
-----------
Sanitize MySQL host name before connecting
It can contain p: prefix which we don't want to honor.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 80c93025a7523da0fd7ba25c11d10adbe425d439
https://github.com/phpmyadmin/phpmyadmin/commit/80c93025a7523da0fd7ba25c11d10adbe425d439
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/core.lib.php
M tbl_tracking.php
A test/libraries/core/PMA_safeUnserialize_test.php
Log Message:
-----------
Validate serialized data before unserializing
We need only strings, integers or arrays, so there is no need to
unserialize strings containing any complex types.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: a3953f88ef5ab287718bf73c454733947ce52128
https://github.com/phpmyadmin/phpmyadmin/commit/a3953f88ef5ab287718bf73c454733947ce52128
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/display_create_database.lib.php
Log Message:
-----------
Escape suggested database name
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: fec9b98a22afd6e484e584c71990cc1325e96f2c
https://github.com/phpmyadmin/phpmyadmin/commit/fec9b98a22afd6e484e584c71990cc1325e96f2c
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/schema/Export_Relation_Schema.class.php
M libraries/schema/User_Schema.class.php
M pmd_pdf.php
Log Message:
-----------
Ensure page number is integer
Even if somebody decides to change configuration storage structure.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 8ac57b1281250cbf3f0eee3db23fed281ad2ba3d
https://github.com/phpmyadmin/phpmyadmin/commit/8ac57b1281250cbf3f0eee3db23fed281ad2ba3d
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-12 (Tue, 12 Jul 2016)
Changed paths:
M libraries/RecentTable.class.php
M libraries/Table.class.php
Log Message:
-----------
Correctly escape MySQL username in queries
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: ff88cdbed224273b65e3df3a584c16e8b893cbbf
https://github.com/phpmyadmin/phpmyadmin/commit/ff88cdbed224273b65e3df3a584c16e8b893cbbf
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M transformation_wrapper.php
Log Message:
-----------
Validate image scaling dimensions
Ensure we pass only integers and they are not too big.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 7f7a8ac4678d8488759ee68ff751f45821546dd3
https://github.com/phpmyadmin/phpmyadmin/commit/7f7a8ac4678d8488759ee68ff751f45821546dd3
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/plugin_interface.lib.php
Log Message:
-----------
Do not try to create non existing classes
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 56e13501184d1354b84b63dce7c00deae5066e9b
https://github.com/phpmyadmin/phpmyadmin/commit/56e13501184d1354b84b63dce7c00deae5066e9b
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/plugins/export/ExportSql.class.php
Log Message:
-----------
Properly handle newlines in SQL comments
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 8f3ee9f9dbcbaddebcdd95f4cbd7c7ea00ab17da
https://github.com/phpmyadmin/phpmyadmin/commit/8f3ee9f9dbcbaddebcdd95f4cbd7c7ea00ab17da
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M transformation_wrapper.php
Log Message:
-----------
Do not use empty MIME type
This will turn on content sniffing in browser leading to unwanted
results.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 09a427b288cbbd1508a055a5594f906c22a60dec
https://github.com/phpmyadmin/phpmyadmin/commit/09a427b288cbbd1508a055a5594f906c22a60dec
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M transformation_wrapper.php
Log Message:
-----------
Escape HTML markup in transformation wrapper
...in case content type is html.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 31546255f3ba8c8f2fc1e001aabff2da4054d293
https://github.com/phpmyadmin/phpmyadmin/commit/31546255f3ba8c8f2fc1e001aabff2da4054d293
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M
libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php
Log Message:
-----------
Ensure widht and height are integers
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 04156efeb02ade052e46e09c93c74b95e2da9175
https://github.com/phpmyadmin/phpmyadmin/commit/04156efeb02ade052e46e09c93c74b95e2da9175
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M
libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php
Log Message:
-----------
Ensure widht and height are integers
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 0f87b73ae203d79f74765c97f637a51b87205515
https://github.com/phpmyadmin/phpmyadmin/commit/0f87b73ae203d79f74765c97f637a51b87205515
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/TableSearch.class.php
Log Message:
-----------
HML encode embedded JSON data
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: ab26a8fe97be18f854c12ffda704f253c7706dfd
https://github.com/phpmyadmin/phpmyadmin/commit/ab26a8fe97be18f854c12ffda704f253c7706dfd
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-13 (Wed, 13 Jul 2016)
Changed paths:
M libraries/plugins/export/ExportSql.class.php
Log Message:
-----------
Fix exporting multiline comments
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 714818f3ad21aa44ed2017ede8009cbc30d4816d
https://github.com/phpmyadmin/phpmyadmin/commit/714818f3ad21aa44ed2017ede8009cbc30d4816d
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M ChangeLog
M README
M README.rst
M changelog.php
M composer.json
M config.sample.inc.php
M doc/developers.rst
M doc/faq.rst
M doc/intro.rst
M doc/other.rst
M doc/transformations.rst
M index.php
M libraries/Util.class.php
M libraries/plugins/auth/AuthenticationCookie.class.php
M libraries/plugins/export/ExportLatex.class.php
M libraries/plugins/export/ExportSql.class.php
M libraries/plugins/export/ExportXml.class.php
M po/es.po
M test/classes/PMA_Message_test.php
M test/libraries/PMA_sanitize_test.php
M test/libraries/common/PMA_showDocu_test.php
M test/test_data/exploit_test.sql
M themes.php
M version_check.php
Log Message:
-----------
Use https to access phpmyadmin.net
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: e8c5cab3c117e68a0d837319e0e83bdfc50be1fb
https://github.com/phpmyadmin/phpmyadmin/commit/e8c5cab3c117e68a0d837319e0e83bdfc50be1fb
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-18 (Mon, 18 Jul 2016)
Changed paths:
M libraries/core.lib.php
Log Message:
-----------
Improve URL filtering in url.php
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 6f8eb0993d1a37f14608b90e433791b723c51085
https://github.com/phpmyadmin/phpmyadmin/commit/6f8eb0993d1a37f14608b90e433791b723c51085
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M libraries/plugins/import/ImportShp.class.php
Log Message:
-----------
Delete temporary file before reporting error
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 378c3820bf1a3c184640cd8bbe95a3b1f30ff747
https://github.com/phpmyadmin/phpmyadmin/commit/378c3820bf1a3c184640cd8bbe95a3b1f30ff747
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M libraries/plugins/import/ImportShp.class.php
M libraries/zip_extension.lib.php
M test/libraries/PMA_zip_extension_test.php
Log Message:
-----------
Sanitize filename on SHP import
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 85e1d6ec808634834927ef33e1bc77f617a67ca1
https://github.com/phpmyadmin/phpmyadmin/commit/85e1d6ec808634834927ef33e1bc77f617a67ca1
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M libraries/OutputBuffering.class.php
M url.php
Log Message:
-----------
Send standard set of HTTP headers on redirect
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: ae8693db68581d4d0d3a25e317f4ca7cf55b128f
https://github.com/phpmyadmin/phpmyadmin/commit/ae8693db68581d4d0d3a25e317f4ca7cf55b128f
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M config.sample.inc.php
M doc/config.rst
M doc/setup.rst
M index.php
M libraries/core.lib.php
M libraries/plugins/auth/AuthenticationCookie.class.php
M setup/lib/index.lib.php
Log Message:
-----------
Backport cookie encryption from 4.6 branch
- Use hash_hmac for MAC rather than plain SHA1
- Use different secret for MAC than encryption
- Merge pmaServer and pmaPass cookies
- Document 32 chars length for blowfish_secret
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 5a28b63f9c3f96e0510740625cade52ea32dc392
https://github.com/phpmyadmin/phpmyadmin/commit/5a28b63f9c3f96e0510740625cade52ea32dc392
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M tbl_addfield.php
M tbl_create.php
Log Message:
-----------
Limit maximal numver of fields to 4096
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: f261abbdf9fa7f96e30e8e040866a326f5e9b95d
https://github.com/phpmyadmin/phpmyadmin/commit/f261abbdf9fa7f96e30e8e040866a326f5e9b95d
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-22 (Fri, 22 Jul 2016)
Changed paths:
M file_echo.php
Log Message:
-----------
Remove no longer used code
It was used by old charts code to download charts.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: d03954bf9ca3b1cc4037214e7983617732282872
https://github.com/phpmyadmin/phpmyadmin/commit/d03954bf9ca3b1cc4037214e7983617732282872
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths:
M import.php
M libraries/dbi/mysql.dbi.lib.php
M libraries/dbi/mysqli.dbi.lib.php
Log Message:
-----------
Enable LOAD DATA LOCAL INFILE only when needed
There is no need to have this feature allowed for normal SQL queries, it
can lead to leaking sensitive files from the web server. It's enough to
enable it only in LDI import plugin, where we control what queries are
executed.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 4d15f6b131a7ffc107714d9503f8a93e4c7461af
https://github.com/phpmyadmin/phpmyadmin/commit/4d15f6b131a7ffc107714d9503f8a93e4c7461af
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths:
M libraries/plugins/auth/AuthenticationCookie.class.php
Log Message:
-----------
Fix random invocation
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: ac703223e97398d1d3ad902afd036e303dc3de9b
https://github.com/phpmyadmin/phpmyadmin/commit/ac703223e97398d1d3ad902afd036e303dc3de9b
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-23 (Sat, 23 Jul 2016)
Changed paths:
M libraries/gis/pma_gis_geometry.php
Log Message:
-----------
Ensure GIS point coordinates are numeric
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: eec14404a738b1259ee7dfc4fbdf17b47e497f1d
https://github.com/phpmyadmin/phpmyadmin/commit/eec14404a738b1259ee7dfc4fbdf17b47e497f1d
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths:
M doc/config.rst
M index.php
M libraries/common.inc.php
M libraries/config.default.php
M libraries/config/messages.inc.php
M libraries/config/setup.forms.php
R phpinfo.php
Log Message:
-----------
Remove option to show phpinfo() ($cfg['ShowPhpInfo'])
This is really more a PHP debugging feature than anything related to
phpMyAdmin. If user wants to debug, it's as simple a creating file with
one line of php code.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 47d00af08a90c5aa47c23f5eaa7b31818bffe9d6
https://github.com/phpmyadmin/phpmyadmin/commit/47d00af08a90c5aa47c23f5eaa7b31818bffe9d6
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths:
R libraries/plugins/transformations/generator_main_class.sh
R libraries/plugins/transformations/generator_plugin.sh
A scripts/transformations_generator_main_class.sh
A scripts/transformations_generator_plugin.sh
Log Message:
-----------
Move generator scripts out of the code
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 262aa8ec73641a9cba264711575c04424757d655
https://github.com/phpmyadmin/phpmyadmin/commit/262aa8ec73641a9cba264711575c04424757d655
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths:
M user_password.php
Log Message:
-----------
Fix password change with cookie auth
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: b0e66715ba77d2171458c2a0ef5e2673e9f7ff76
https://github.com/phpmyadmin/phpmyadmin/commit/b0e66715ba77d2171458c2a0ef5e2673e9f7ff76
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-26 (Tue, 26 Jul 2016)
Changed paths:
M user_password.php
Log Message:
-----------
Do not allow to set too long password
We do not accept password longer than 256 chars, so do not accept it on
password change as well.
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 126321da378cf14165f845309446be410470229b
https://github.com/phpmyadmin/phpmyadmin/commit/126321da378cf14165f845309446be410470229b
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths:
M libraries/DbSearch.class.php
Log Message:
-----------
Escape string when showing confirmation message
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 533ffa49427c2c5e9a1a7a332df54a8b7f7e57f5
https://github.com/phpmyadmin/phpmyadmin/commit/533ffa49427c2c5e9a1a7a332df54a8b7f7e57f5
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths:
M js/functions.js
M version_check.php
Log Message:
-----------
Add login and token validation to version_check
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 2922cb7c70300e76cbaa7509c007f48615ac879d
https://github.com/phpmyadmin/phpmyadmin/commit/2922cb7c70300e76cbaa7509c007f48615ac879d
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-28 (Thu, 28 Jul 2016)
Changed paths:
M libraries/Response.class.php
Log Message:
-----------
Do not try to wrap output in case response handling is disabled
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 12db0baeaee530007fe7b1915faf3e9867356f7b
https://github.com/phpmyadmin/phpmyadmin/commit/12db0baeaee530007fe7b1915faf3e9867356f7b
Author: Michal Čihař <mic...@cihar.com>
Date: 2016-07-29 (Fri, 29 Jul 2016)
Changed paths:
M libraries/replication.inc.php
Log Message:
-----------
Move hostname sanitization to correct place
Signed-off-by: Michal Čihař <mic...@cihar.com>
Commit: 5ba96c8804d9dd18ad380e9c5cb713201ab3cb89
https://github.com/phpmyadmin/phpmyadmin/commit/5ba96c8804d9dd18ad380e9c5cb713201ab3cb89
Author: Isaac Bennetch <benne...@gmail.com>
Date: 2016-08-16 (Tue, 16 Aug 2016)
Changed paths:
M ChangeLog
M README
M doc/conf.py
M libraries/Config.class.php
Log Message:
-----------
Release 4.0.10.17
Signed-off-by: Isaac Bennetch <benne...@gmail.com>
Compare:
https://github.com/phpmyadmin/phpmyadmin/compare/01673e94ddc4...5ba96c8804d9_______________________________________________
Git mailing list
Git@phpmyadmin.net
https://lists.phpmyadmin.net/mailman/listinfo/git
