[security] Self-XSS on database names (Synchronize), see PMASA-2011-18
[phpmyadmin.git] / changelog.php
blob5c42e6797fd429d4292629f82fee30f71af27e48
1 <?php
2 /* vim: set expandtab sw=4 ts=4 sts=4: */
3 /**
4 * Simple script to set correct charset for changelog
6 * @package phpMyAdmin
7 */
9 /**
10 * Gets core libraries and defines some variables
12 require './libraries/common.inc.php';
14 $filename = CHANGELOG_FILE;
16 /**
17 * Read changelog.
19 // Check if the file is available, some distributions remove these.
20 if (is_readable($filename)) {
22 // Test if the if is in a compressed format
23 if (substr($filename, -3) == '.gz') {
24 ob_start();
25 readgzfile($filename);
26 $changelog = ob_get_contents();
27 ob_end_clean();
28 } else {
29 $changelog = file_get_contents($filename);
31 } else {
32 printf(__('The %s file is not available on this system, please visit www.phpmyadmin.net for more information.'), $filename);
33 exit;
36 /**
37 * Whole changelog in variable.
39 $changelog = htmlspecialchars($changelog);
41 $replaces = array(
42 '@(http://[./a-zA-Z0-9.-_-]*[/a-zA-Z0-9_])@'
43 => '<a href="\\1">\\1</a>',
45 // sourceforge users
46 '/([0-9]{4}-[0-9]{2}-[0-9]{2}) (.+[^ ]) +&lt;(.*)@users.sourceforge.net&gt;/i'
47 => '\\1 <a href="https://sourceforge.net/users/\\3/">\\2</a>',
48 '/thanks to ([^\(\r\n]+) \(([-\w]+)\)/i'
49 => 'thanks to <a href="https://sourceforge.net/users/\\2/">\\1</a>',
50 '/thanks to ([^\(\r\n]+) -\s+([-\w]+)/i'
51 => 'thanks to <a href="https://sourceforge.net/users/\\2/">\\1</a>',
53 // mail adresse
54 '/([0-9]{4}-[0-9]{2}-[0-9]{2}) (.+[^ ]) +&lt;(.*@.*)&gt;/i'
55 => '\\1 <a href="mailto:\\3">\\2</a>',
57 // linking patches
58 '/patch\s*#?([0-9]{6,})/i'
59 => '<a href="https://sourceforge.net/support/tracker.php?aid=\\1">patch #\\1</a>',
61 // linking RFE
62 '/(?:rfe|feature)\s*#?([0-9]{6,})/i'
63 => '<a href="https://sourceforge.net/support/tracker.php?aid=\\1">RFE #\\1</a>',
65 // linking files
66 '/(\s+)([\\/a-z_0-9\.]+\.(?:php3?|html|pl|js|sh))/i'
67 => '\\1<a href="http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=history;f=\\2;hb=HEAD">\\2</a>',
69 // FAQ entries
70 '/FAQ ([0-9]+)\.([0-9a-z]+)/i'
71 => '<a href="http://localhost/phpMyAdmin/Documentation.html#faq\\1_\\2">FAQ \\1.\\2</a>',
73 // linking bugs
74 '/bug\s*#?([0-9]{6,})/i'
75 => '<a href="https://sourceforge.net/support/tracker.php?aid=\\1">bug #\\1</a>',
77 // all other 6+ digit numbers are treated as bugs
78 '/(?<!BUG|RFE|patch) #?([0-9]{6,})/i'
79 => ' <a href="https://sourceforge.net/support/tracker.php?aid=\\1">bug #\\1</a>',
81 // CVE/CAN entries
82 '/((CAN|CVE)-[0-9]+-[0-9]+)/'
83 => '<a href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=\\1">\\1</a>',
85 // Highlight releases (with links)
86 '/([0-9]+)\.([0-9]+)\.([0-9]+)\.0 (\([0-9-]+\))/'
87 => '<a name="\\1_\\2_\\3"></a><a href="http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=shortlog;h=refs/tags/RELEASE_\\1_\\2_\\3">\\1.\\2.\\3.0 \\4</a>',
88 '/([0-9]+)\.([0-9]+)\.([0-9]+)\.([1-9][0-9]*) (\([0-9-]+\))/'
89 => '<a name="\\1_\\2_\\3_\\4"></a><a href="http://phpmyadmin.git.sourceforge.net/git/gitweb.cgi?p=phpmyadmin/phpmyadmin;a=shortlog;h=refs/tags/RELEASE_\\1_\\2_\\3_\\4">\\1.\\2.\\3.\\4 \\5</a>',
91 // Highlight releases (not linkable)
92 '/( ### )(.*)/'
93 => '\\1<b>\\2</b>',
97 header('Content-type: text/html; charset=utf-8');
98 echo '<?xml version="1.0" encoding="utf-8"?'.'>';
100 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
101 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
102 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
103 <head>
104 <link rel="icon" href="./favicon.ico" type="image/x-icon" />
105 <link rel="shortcut icon" href="./favicon.ico" type="image/x-icon" />
106 <title>phpMyAdmin - ChangeLog</title>
107 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
108 </head>
109 <body>
110 <h1>phpMyAdmin - ChangeLog</h1>
111 <?php
112 echo '<pre>';
113 echo preg_replace(array_keys($replaces), $replaces, $changelog);
114 echo '</pre>';
116 </body>
117 </html>