nettika/phpmyadmin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
8,688 Commits 1 Branch 0 Tags
b01a58118f973f98ab99a4bb28d340af49fa251f
Commit Graph

8688 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michal Čihař
b01a58118f Remove error.php 
Redirecting to other script introduces possibility of inject custom
messages to it. Though there is no clear security issue in this, it
might confuse users and mistake them to go to external site as it allows
to include links.

Conflicts:

	error.php
	libraries/core.lib.php
 2011-01-06 09:39:23 +01:00
Marc Delisle
68213538d7 fix merge conflicts 2010-11-26 08:55:40 -05:00
Herman van Rink
3756112c7f bug #3115519: fixed XSS on search 2010-11-26 08:54:13 -05:00
Michal Čihař
80766a95ca Polish update (#3062617). 2010-09-16 16:45:34 +02:00
Michal Čihař
8b2f1bc55d Merge branch 'MAINT_2_11_11' into QA_2_11 2010-09-08 10:11:00 +02:00
Marc Delisle
b073a5a10f 2.11.11 release 2010-09-07 12:19:49 -04:00
Marc Delisle
e6aeaf1925 2.11.11 release 2010-09-07 12:16:12 -04:00
Michal Čihař
134cbbd490 Update year. 2010-09-01 11:45:44 +02:00
Michal Čihař
5341872a91 Merge branch 'MAINT_2_11_11' into QA_2_11 2010-09-01 11:45:19 +02:00
Marc Delisle
510a5c0b69 2.11.12-dev 2010-08-31 12:18:02 -04:00
Marc Delisle
0e4369a8d2 2.11.11-rc1 2010-08-31 12:16:00 -04:00
Michal Čihař
20c8780437 bug #3054458 [core] Fixed displaying number of rows. 2010-08-30 14:15:23 +02:00
Michal Čihař
c1865ca7b8 Merge branch 'MAINT_2_11_10' into QA_2_11 
Conflicts:
	ChangeLog
	Documentation.html
	README
	libraries/Config.class.php
	translators.html
 2010-08-20 13:32:34 +02:00
Michal Čihař
b1cb5590ee Set version to 2.11.10.1. 2010-08-20 13:26:54 +02:00
Michal Čihař
437e00ef2e Changelog. 2010-08-20 13:24:46 +02:00
Michal Čihař
a88dbaf305 Escape error message coming from MySQL to avoid XSS on bad parameters. 2010-08-20 11:36:05 +02:00
Michal Čihař
e7d10a6d53 Avoid information disclossure on error. 2010-08-20 11:35:56 +02:00
Michal Čihař
2051a861f8 Fix possible XSS on IIS redirect page. 2010-08-20 11:19:28 +02:00
Herman van Rink
0fd0512c9b Fix XSS on error with very long query. 2010-08-20 10:42:53 +02:00
Michal Čihař
4a50055d52 Fix XSS with $cfg['SQP']['fmtType'] = 'text'. 2010-08-20 10:39:26 +02:00
Michal Čihař
30c83acddb Properly escape key name when generating config file. 2010-08-19 09:55:25 +02:00
Michal Čihař
a7c004d8d4 Fix XSS on hostname. 2010-08-18 12:27:37 +02:00
Michal Čihař
8b7f07cd95 Fix XSS on username. 2010-08-18 12:25:35 +02:00
Michal Čihař
1fe1aa6c0e Fix XSS on tablename and pred_tablename. 2010-08-18 12:23:13 +02:00
Michal Čihař
8b8ce64792 Fix XSS on dbname. 2010-08-18 12:22:19 +02:00
Michal Čihař
0fe30236fa Document PMA_sanitize. 2010-08-18 11:47:54 +02:00
Michal Čihař
a4a54da173 Escape html chars in form values. 2010-08-18 11:47:46 +02:00
Michal Čihař
c69fca50ee Add option to escape PMA_sanitize output. 
This is required when it is used in form values.
 2010-08-18 11:47:35 +02:00
Michal Čihař
c910f4c9ec Fix handling of unknown sort order. 2010-08-18 11:46:29 +02:00
Michal Čihař
08e27b8907 Secure handling of sort_by and sort_order in server_databases.php. 2010-08-18 11:46:29 +02:00
Michal Čihař
110c44a7a3 Fix XSS on delimiter in tbl_sql.php. 2010-08-18 11:46:29 +02:00
Marc Delisle
4951fd1c85 Fix XSS on delimiter in db_sql.php. 2010-08-18 11:46:29 +02:00
Michal Čihař
8ae41bbc02 Merge remote branch 'origin/MAINT_2_11_10' into QA_2_11 
Conflicts:
	ChangeLog
	Documentation.html
	README
	libraries/Config.class.php
	translators.html
 2010-03-11 13:51:07 +01:00
Herman van Rink
f175026ff0 [core] Fix broken cleanup of $_GET 2009-12-28 15:50:36 +00:00
Marc Delisle
8535d48ae9 2.11.10 release 2009-12-07 17:13:18 +00:00
Marc Delisle
13fc94b844 2.11.11-dev 2009-12-07 17:01:31 +00:00
Michal Čihař
719e0dce65 [setup] avoid usage of (un)serialize, what might be unsafe in some cases 2009-12-07 13:09:09 +00:00
Marc Delisle
212daad0c0 [security] XSS and SQL injection 2009-10-12 21:47:40 +00:00
Michal Čihař
72f86848c3 Document removal of config directory after configuring phpMyAdmin. 2009-03-25 08:30:28 +00:00
Marc Delisle
7b5ec357bc 2.11.9.5 2009-03-24 21:04:18 +00:00
Michal Čihař
aeae6df369 Use official names for wiki (wiki.phpmyadmin.net) and demo server (demo.phpmyadmin.net). 2009-03-24 12:56:58 +00:00
Michal Čihař
36ddf8b61e Escape special chars when displaying filename template cookies. 2009-03-24 08:55:07 +00:00
Michal Čihař
460a649dbc Do not output unescaped chars to generated configuration file. 2009-03-24 08:34:23 +00:00
Michal Čihař
0d4adbfc19 [security] possible XSRF on several pages 2008-12-09 13:45:32 +00:00
Michal Čihař
1639051ec7 Adjust create-release.sh instructions to match current website. 2008-11-21 08:58:00 +00:00
Marc Delisle
625e9f2e93 [security] XSS in a Designer component 2008-10-30 12:47:24 +00:00
Marc Delisle
9155163f6e typos 2008-09-22 14:09:44 +00:00
Michal Čihař
44f9f2f8b7 XSS in MSIE using NUL byte, thanks to JPCERT. 2008-09-22 10:13:32 +00:00
Marc Delisle
f8d65ec564 [security] Code execution vulnerability 2008-09-15 12:03:45 +00:00
Marc Delisle
4680cab381 TempDir new doc 2008-09-03 14:04:44 +00:00