Marc Delisle [Tue, 31 Aug 2010 16:16:00 +0000 (31 12:16 -0400)]
2.11.11-rc1
Michal Čihař [Mon, 30 Aug 2010 12:15:23 +0000 (30 14:15 +0200)]
bug #
3054458 [core] Fixed displaying number of rows.
Michal Čihař [Fri, 20 Aug 2010 11:32:34 +0000 (20 13:32 +0200)]
Merge branch 'MAINT_2_11_10' into QA_2_11
Conflicts:
ChangeLog
Documentation.html
README
libraries/Config.class.php
translators.html
Michal Čihař [Fri, 20 Aug 2010 11:26:54 +0000 (20 13:26 +0200)]
Set version to 2.11.10.1.
Michal Čihař [Fri, 20 Aug 2010 11:24:46 +0000 (20 13:24 +0200)]
Changelog.
Michal Čihař [Fri, 20 Aug 2010 09:35:42 +0000 (20 11:35 +0200)]
Escape error message coming from MySQL to avoid XSS on bad parameters.
Michal Čihař [Fri, 20 Aug 2010 09:31:11 +0000 (20 11:31 +0200)]
Avoid information disclossure on error.
Michal Čihař [Fri, 20 Aug 2010 09:19:28 +0000 (20 11:19 +0200)]
Fix possible XSS on IIS redirect page.
Herman van Rink [Fri, 20 Aug 2010 08:42:03 +0000 (20 10:42 +0200)]
Fix XSS on error with very long query.
Michal Čihař [Fri, 20 Aug 2010 08:38:32 +0000 (20 10:38 +0200)]
Fix XSS with $cfg['SQP']['fmtType'] = 'text'.
Michal Čihař [Thu, 19 Aug 2010 07:55:25 +0000 (19 09:55 +0200)]
Properly escape key name when generating config file.
Michal Čihař [Wed, 18 Aug 2010 10:27:37 +0000 (18 12:27 +0200)]
Fix XSS on hostname.
Michal Čihař [Wed, 18 Aug 2010 10:25:35 +0000 (18 12:25 +0200)]
Fix XSS on username.
Michal Čihař [Wed, 18 Aug 2010 10:23:13 +0000 (18 12:23 +0200)]
Fix XSS on tablename and pred_tablename.
Michal Čihař [Wed, 18 Aug 2010 10:22:19 +0000 (18 12:22 +0200)]
Fix XSS on dbname.
Michal Čihař [Wed, 18 Aug 2010 09:42:08 +0000 (18 11:42 +0200)]
Document PMA_sanitize.
Michal Čihař [Tue, 17 Aug 2010 14:10:27 +0000 (17 16:10 +0200)]
Escape html chars in form values.
Michal Čihař [Tue, 17 Aug 2010 14:09:07 +0000 (17 16:09 +0200)]
Add option to escape PMA_sanitize output.
This is required when it is used in form values.
Michal Čihař [Tue, 17 Aug 2010 14:33:30 +0000 (17 16:33 +0200)]
Fix handling of unknown sort order.
Michal Čihař [Tue, 17 Aug 2010 14:31:03 +0000 (17 16:31 +0200)]
Secure handling of sort_by and sort_order in server_databases.php.
Michal Čihař [Tue, 17 Aug 2010 14:23:09 +0000 (17 16:23 +0200)]
Fix XSS on delimiter in tbl_sql.php.
Marc Delisle [Tue, 17 Aug 2010 14:21:37 +0000 (17 16:21 +0200)]
Fix XSS on delimiter in db_sql.php.
Michal Čihař [Thu, 11 Mar 2010 12:51:07 +0000 (11 13:51 +0100)]
Merge remote branch 'origin/MAINT_2_11_10' into QA_2_11
Conflicts:
ChangeLog
Documentation.html
README
libraries/Config.class.php
translators.html
Herman van Rink [Mon, 28 Dec 2009 15:50:36 +0000 (28 15:50 +0000)]
[core] Fix broken cleanup of $_GET
Marc Delisle [Mon, 7 Dec 2009 17:13:18 +0000 (7 17:13 +0000)]
2.11.10 release
Marc Delisle [Mon, 7 Dec 2009 17:01:31 +0000 (7 17:01 +0000)]
2.11.11-dev
Michal Čihař [Mon, 7 Dec 2009 13:09:09 +0000 (7 13:09 +0000)]
[setup] avoid usage of (un)serialize, what might be unsafe in some cases
Marc Delisle [Mon, 12 Oct 2009 21:47:40 +0000 (12 21:47 +0000)]
[security] XSS and SQL injection
Michal Čihař [Wed, 25 Mar 2009 08:30:28 +0000 (25 08:30 +0000)]
Document removal of config directory after configuring phpMyAdmin.
Marc Delisle [Tue, 24 Mar 2009 21:04:18 +0000 (24 21:04 +0000)]
2.11.9.5
Michal Čihař [Tue, 24 Mar 2009 12:56:58 +0000 (24 12:56 +0000)]
Use official names for wiki (wiki.phpmyadmin.net) and demo server (demo.phpmyadmin.net).
Michal Čihař [Tue, 24 Mar 2009 08:55:07 +0000 (24 08:55 +0000)]
Escape special chars when displaying filename template cookies.
Michal Čihař [Tue, 24 Mar 2009 08:34:23 +0000 (24 08:34 +0000)]
Do not output unescaped chars to generated configuration file.
Michal Čihař [Tue, 9 Dec 2008 13:45:32 +0000 (9 13:45 +0000)]
[security] possible XSRF on several pages
Michal Čihař [Fri, 21 Nov 2008 08:58:00 +0000 (21 08:58 +0000)]
Adjust create-release.sh instructions to match current website.
Marc Delisle [Thu, 30 Oct 2008 12:47:24 +0000 (30 12:47 +0000)]
[security] XSS in a Designer component
Marc Delisle [Mon, 22 Sep 2008 14:09:44 +0000 (22 14:09 +0000)]
typos
Michal Čihař [Mon, 22 Sep 2008 10:13:32 +0000 (22 10:13 +0000)]
XSS in MSIE using NUL byte, thanks to JPCERT.
Marc Delisle [Mon, 15 Sep 2008 12:03:45 +0000 (15 12:03 +0000)]
[security] Code execution vulnerability
Marc Delisle [Wed, 3 Sep 2008 14:04:44 +0000 (3 14:04 +0000)]
TempDir new doc
Michal Čihař [Tue, 2 Sep 2008 17:35:48 +0000 (2 17:35 +0000)]
Do not automatically set and create TempDir, it might lead to secrity issue (thanks to Thijs Kinkhorst).
Marc Delisle [Fri, 29 Aug 2008 16:38:37 +0000 (29 16:38 +0000)]
typos
Michal Čihař [Fri, 29 Aug 2008 15:49:06 +0000 (29 15:49 +0000)]
safer handling of temporary files with open_basedir (thanks to Thijs Kinkhorst)
Marc Delisle [Thu, 28 Aug 2008 16:41:57 +0000 (28 16:41 +0000)]
2.11.9 and 2.11.10-dev
Marc Delisle [Thu, 28 Aug 2008 16:17:53 +0000 (28 16:17 +0000)]
bug #
2074250 [parser] Undefined variable seen_from
Marc Delisle [Tue, 26 Aug 2008 16:33:00 +0000 (26 16:33 +0000)]
Norwegian UTF-8 original file remerged
Marc Delisle [Wed, 13 Aug 2008 16:28:43 +0000 (13 16:28 +0000)]
bug #
2045512 [export] Numbers in Excel export
Marc Delisle [Sat, 9 Aug 2008 13:58:44 +0000 (9 13:58 +0000)]
bug #
2037375 [export] DROP PROCEDURE needs IF EXISTS
Marc Delisle [Wed, 6 Aug 2008 17:25:31 +0000 (6 17:25 +0000)]
bug #
2037381 [export] Export type "replace" does not work
Marc Delisle [Fri, 1 Aug 2008 20:02:21 +0000 (1 20:02 +0000)]
bug #
2004915 [bookmarks] Saved queries greater than 1000 chars not displayed
Marc Delisle [Fri, 1 Aug 2008 19:15:01 +0000 (1 19:15 +0000)]
bug #
2032707 [core] PMA does not start if ini_set() is disabled
Marc Delisle [Fri, 1 Aug 2008 19:00:36 +0000 (1 19:00 +0000)]
bug #
2031221 [auth] Links to version number on login screen
Marc Delisle [Mon, 28 Jul 2008 16:40:56 +0000 (28 16:40 +0000)]
2.11.8
Marc Delisle [Fri, 25 Jul 2008 20:41:14 +0000 (25 20:41 +0000)]
norwegian update (2.11.x)
Marc Delisle [Fri, 25 Jul 2008 12:25:33 +0000 (25 12:25 +0000)]
bug #
2027102 quotes around lang missing
Marc Delisle [Thu, 24 Jul 2008 18:01:10 +0000 (24 18:01 +0000)]
revert language changing problem introduced with 2.11.7.1; version number 2.11.8-rc1
Marc Delisle [Thu, 24 Jul 2008 17:48:59 +0000 (24 17:48 +0000)]
2.11.9-dev
Marc Delisle [Thu, 24 Jul 2008 17:26:05 +0000 (24 17:26 +0000)]
possible XSS during setup
Marc Delisle [Thu, 24 Jul 2008 17:12:32 +0000 (24 17:12 +0000)]
protection against cross-frame scripting
Marc Delisle [Wed, 23 Jul 2008 16:55:33 +0000 (23 16:55 +0000)]
bug #
2022182 [import, export] Import/Export fails because of Mac files
Marc Delisle [Sat, 19 Jul 2008 14:46:28 +0000 (19 14:46 +0000)]
logo background color
Marc Delisle [Fri, 18 Jul 2008 17:42:52 +0000 (18 17:42 +0000)]
patch #
2020630 [export] Safari and timedate
Marc Delisle [Thu, 17 Jul 2008 14:02:26 +0000 (17 14:02 +0000)]
bug #
2018595 [import] Potential data loss on import resubmit
Marc Delisle [Tue, 15 Jul 2008 18:42:50 +0000 (15 18:42 +0000)]
port 2.11.7.1 fix
Marc Delisle [Tue, 15 Jul 2008 14:14:09 +0000 (15 14:14 +0000)]
remove version info on cookie login screen
Marc Delisle [Wed, 9 Jul 2008 15:33:49 +0000 (9 15:33 +0000)]
display Language with emphasis when a non-English language is chosen
Marc Delisle [Wed, 9 Jul 2008 14:17:19 +0000 (9 14:17 +0000)]
Do not save too big queries in history
Marc Delisle [Fri, 4 Jul 2008 14:36:18 +0000 (4 14:36 +0000)]
bug #
1982489 [relation] Relationship view should check for changes
Marc Delisle [Sat, 28 Jun 2008 15:46:54 +0000 (28 15:46 +0000)]
Font size option problem when no config file
Marc Delisle [Sat, 28 Jun 2008 14:17:11 +0000 (28 14:17 +0000)]
bug #
1989281 [export] CSV for MS Excel incorrect escaping of double quotes
Marc Delisle [Sat, 28 Jun 2008 13:44:48 +0000 (28 13:44 +0000)]
XHTML fixes
Marc Delisle [Fri, 27 Jun 2008 15:08:21 +0000 (27 15:08 +0000)]
bug #
2001005 [GUI] ARCHIVE cannot have indexes
Marc Delisle [Fri, 27 Jun 2008 14:27:18 +0000 (27 14:27 +0000)]
PMA_getTableDef() is also called from Table.class.php
Marc Delisle [Thu, 26 Jun 2008 15:37:15 +0000 (26 15:37 +0000)]
bug #
1989281 [export] Export fails if one table is marked as crashed
Marc Delisle [Tue, 24 Jun 2008 17:51:49 +0000 (24 17:51 +0000)]
bug #
1992628 [parser] SQL parser removes essential space
Marc Delisle [Tue, 24 Jun 2008 17:33:50 +0000 (24 17:33 +0000)]
bug #
1989813 [interface] Deleting multiple views (space in name)
Marc Delisle [Tue, 24 Jun 2008 14:11:54 +0000 (24 14:11 +0000)]
protect view name with backquotes
Marc Delisle [Mon, 23 Jun 2008 16:49:33 +0000 (23 16:49 +0000)]
2.11.7 release date
Marc Delisle [Mon, 23 Jun 2008 11:56:41 +0000 (23 11:56 +0000)]
bug #
1971221 [interface] tabindex not set correctly
Marc Delisle [Sat, 21 Jun 2008 14:01:54 +0000 (21 14:01 +0000)]
protection against XSS when register_globals is on and .htaccess has no effect
Marc Delisle [Sat, 21 Jun 2008 13:16:05 +0000 (21 13:16 +0000)]
adjust table comments protection to the updated advisory (db print view and db data dictionary)
Marc Delisle [Fri, 20 Jun 2008 17:53:30 +0000 (20 17:53 +0000)]
improved fix for bug
1996943
Marc Delisle [Thu, 19 Jun 2008 12:32:07 +0000 (19 12:32 +0000)]
typo
Marc Delisle [Thu, 19 Jun 2008 12:29:48 +0000 (19 12:29 +0000)]
bug #
1996943 [export] Firefox 3 and .sql.gz (corrupted)
Marc Delisle [Sat, 14 Jun 2008 12:01:58 +0000 (14 12:01 +0000)]
bug [XHTML] problem with tabindex and radio fields
Marc Delisle [Fri, 13 Jun 2008 17:18:18 +0000 (13 17:18 +0000)]
bug #
1990342 [import] SQL file import very slow on Windows
Marc Delisle [Fri, 13 Jun 2008 16:26:21 +0000 (13 16:26 +0000)]
bug #
1989081 [profiling] Profiling causes query to be executed again
Marc Delisle [Thu, 12 Jun 2008 20:00:23 +0000 (12 20:00 +0000)]
remove old hint for number of tables
Marc Delisle [Thu, 12 Jun 2008 17:23:24 +0000 (12 17:23 +0000)]
patch #
1987593 [interface] Table list pagination in navi
Marc Delisle [Tue, 10 Jun 2008 17:25:15 +0000 (10 17:25 +0000)]
new sf.net upload procedure
Marc Delisle [Tue, 10 Jun 2008 16:50:25 +0000 (10 16:50 +0000)]
2.11.8-dev
Marc Delisle [Tue, 10 Jun 2008 16:32:39 +0000 (10 16:32 +0000)]
(really) revert patch
Marc Delisle [Tue, 10 Jun 2008 16:26:07 +0000 (10 16:26 +0000)]
revert patch
Marc Delisle [Sun, 1 Jun 2008 13:02:12 +0000 (1 13:02 +0000)]
bug #
1936761 [interface] BINARY not treated as BLOB: update/delete issues
Marc Delisle [Sun, 1 Jun 2008 12:15:23 +0000 (1 12:15 +0000)]
bug #
1981043 [export] HTML in exports getting corrupted
Marc Delisle [Sun, 18 May 2008 16:57:12 +0000 (18 16:57 +0000)]
bug #
1955572 oops we still need the alt tag but empty
Marc Delisle [Sun, 18 May 2008 16:45:36 +0000 (18 16:45 +0000)]
bug #
1762029 [interface] Cannot upload BLOB into existing row
Marc Delisle [Sun, 18 May 2008 15:53:27 +0000 (18 15:53 +0000)]
unused variable
Marc Delisle [Fri, 16 May 2008 13:30:29 +0000 (16 13:30 +0000)]
bug #
1964643 wrong content displayed (dev version)
Marc Delisle [Sun, 11 May 2008 13:38:48 +0000 (11 13:38 +0000)]
bug #
1955572 [display] alt text causes duplicated strings
