nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
10,222 Commits 1 Branch 0 Tags
38547bea51e3ee1b84564dc111c64cc476d2e73c
Commit Graph

10222 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michal Čihař
782b8b46be Avoid information disclossure on error. 2010-08-20 11:33:24 +02:00
Michal Čihař
bf60ec82e9 Fix possible XSS on IIS redirect page. 2010-08-20 11:20:10 +02:00
Michal Čihař
893abac3e5 bug #3042495 [core] Move PMA_sendHeaderLocation to core.lib.php. 
It might be needed from common.inc.php even if PMA_MINIMUM_COMMON is
defined.
 2010-08-20 11:09:15 +02:00
Michal Čihař
a29323a1a6 bug #3044189 [doc] Cleared documentation for hide_db. 2010-08-20 11:02:38 +02:00
Herman van Rink
f273e6cbf6 Fix XSS on error with very long query. 2010-08-20 10:42:03 +02:00
Michal Čihař
d2e0e09e0d Fix XSS with $cfg['SQP']['fmtType'] = 'text'. 2010-08-20 10:38:32 +02:00
Michal Čihař
b337f45a0a Revert "Do not assume that DefaultLang is escaped." 
This reverts commit 05ca00e0a2.

There does not seem to be bug here.
 2010-08-19 15:37:06 +02:00
Michal Čihař
05ca00e0a2 Do not assume that DefaultLang is escaped. 2010-08-18 12:37:20 +02:00
Michal Čihař
48e9096600 Properly check validity of sort parameter. 2010-08-18 12:31:54 +02:00
Michal Čihař
be0f47a931 Fix XSS on hostname. 2010-08-18 12:13:59 +02:00
Michal Čihař
cd205cc55a Fix XSS on username. 2010-08-18 12:12:09 +02:00
Michal Čihař
7dc6cea065 Fix XSS on tablename and pred_tablename. 2010-08-18 12:09:13 +02:00
Michal Čihař
6028221d97 Fix XSS on dbname. 2010-08-18 12:07:45 +02:00
Michal Čihař
2a1233b69c Fix XSS on checkprivs. 2010-08-18 12:05:32 +02:00
Michal Čihař
25ac7de38c Document PMA_sanitize. 2010-08-18 11:42:08 +02:00
Michal Čihař
fa30188dde Escape html chars in form values. 2010-08-18 11:38:19 +02:00
Michal Čihař
00add5c43f Add option to escape PMA_sanitize output. 
This is required when it is used in form values.
 2010-08-18 11:38:19 +02:00
Marc Delisle
c75e41d5d8 Limit list of correct values for sort order. 2010-08-18 11:30:19 +02:00
Michal Čihař
533e102135 Fix handling of unknown sort order. 2010-08-18 11:30:19 +02:00
Michal Čihař
ea3b718fc3 Secure handling of sort_by and sort_order in server_databases.php. 2010-08-18 11:30:19 +02:00
Michal Čihař
7f266483b8 Fix XSS on delimiter in tbl_sql.php. 2010-08-18 11:30:19 +02:00
Marc Delisle
5bcd95a42c Fix XSS on delimiter in db_sql.php. 2010-08-18 11:30:19 +02:00
Michal Čihař
6d548f7d44 Fix XSS on field_str in db_search.php. 2010-08-18 11:30:19 +02:00
Michal Čihař
e8cf1ac677 Generate new token on forcible generating of session id. 2010-08-17 15:30:47 +02:00
Michal Čihař
9e2a3f207b Ignore non default themes in git. 2010-08-17 13:38:37 +02:00
Michal Čihař
80cca2d68c Update translation based on current master branch. 2010-08-17 13:36:41 +02:00
Marc Delisle
dda6de20d2 bug #3042706 [pmadb] Relations, bookmarks, etc deleted after table drop 2010-08-10 17:55:04 -04:00
Marc Delisle
789d3a4131 Withdraw or edit FAQ entries related to older MySQL or PHP 2010-08-07 07:08:11 -04:00
Marc Delisle
04c2f9d254 bug #3040226 [XHTML] LockFromUpdate checkbox not checked by default 2010-08-07 06:27:04 -04:00
Marc Delisle
d42dab9dd4 patch #3039269 [dbi] Wrong variable checked for nopassword option 2010-08-05 12:22:56 -04:00
Will Palmer
158517d764 bug [mysqli] non-global $cfg referenced where $GLOBAL['cfg'] expected 2010-08-05 12:19:14 -04:00
Marc Delisle
fd1d214d35 bug #3036132 [core] Triggers not fetched if dbname has an hyphen 2010-08-01 06:17:03 -04:00
Marc Delisle
e6e78a1fa4 incorrect HTML entity 2010-07-31 15:06:28 -04:00
Marc Delisle
7951b2bacc bug #3034026 [confirmation] TRUNCATE queries get no confirmation request 2010-07-31 14:54:05 -04:00
Michal Čihař
4317af25ef Merge branch 'MAINT_3_3_5' into QA_3_3 2010-07-26 18:29:37 +02:00
Marc Delisle
e43fe5a8f1 3.3.5 release 2010-07-26 12:27:30 -04:00
Marc Delisle
f3f073a0ba 3.3.5 release 2010-07-26 12:26:41 -04:00
Michal Čihař
049fc7fef7 bug #3031705 [core] Fix generating condition for real numbers by comparing them to string. 2010-07-26 15:51:26 +02:00
Michal Čihař
83d458aa05 Revert "bug #3031705 [core] Do not use CONCAT for DECIMAL fields." 
This reverts commit ef500cd23f.

We probably need to use CONCAT still, just the other side should be
converted to string as well.
 2010-07-26 15:45:36 +02:00
Marc Delisle
053d6ca88e bug #3033063 [core] Navi gets wrong db name 2010-07-25 13:32:35 -04:00
Marc Delisle
368cf8d74f Merge branch 'MAINT_3_3_5' into QA_3_3 2010-07-25 07:53:41 -04:00
Marc Delisle
58021a8e6c bug [scripts] MySQL 5.5.5 does not accept TIMESTAMP(14) in create_tables.sql 2010-07-25 07:53:07 -04:00
Michal Čihař
8b592a365b Merge remote branch 'origin/MAINT_3_3_5' into QA_3_3 2010-07-20 14:41:29 +02:00
Michal Čihař
ef500cd23f bug #3031705 [core] Do not use CONCAT for DECIMAL fields. 2010-07-20 14:37:53 +02:00
Marc Delisle
828d008838 3.3.6-dev 2010-07-18 14:34:32 -04:00
Marc Delisle
31c18cbe11 3.3.5-rc1 2010-07-18 14:31:53 -04:00
Marc Delisle
0b9cf14f75 typo 2010-07-17 09:54:54 -04:00
Dieter Adriaenssens
dbe5daaad3 Converting number of Excel column names no longer limited 2010-07-14 22:29:26 +02:00
Dieter Adriaenssens
22b0ac9079 remove todo, after upgrade PHPExcel 2010-07-13 23:39:42 +02:00
Dieter Adriaenssens
6648c620d9 Convert Excel column name correctly 2010-07-13 23:23:51 +02:00