libraries/vendor_config.php | 16 8 + 8 - 0 !
1 file changed, 8 insertions(+), 8 deletions(-)

 adjust phpmyadmin vendor configuration to match debian needs
 - setup generates configuration in /var
 - documentation is in /usr/share/doc
 - config file consists of several included files, so we skip mtime check

doc/setup.rst | 22 5 + 17 - 0 !
1 file changed, 5 insertions(+), 17 deletions(-)

 adjust phpmyadmin documentation to match our changes
 Document how to enable setup script. 

setup/frames/index.inc.php | 4 1 + 3 - 0 !
1 file changed, 1 insertion(+), 3 deletions(-)

 adjust phpmyadmin setup message to match our changes

libraries/common.inc.php | 5 5 + 0 - 0 !
libraries/plugins/AuthenticationPlugin.class.php | 9 9 + 0 - 0 !
libraries/plugins/auth/AuthenticationCookie.class.php | 10 10 + 0 - 0 !
3 files changed, 24 insertions(+)

 [patch 1/1] bug #4611 [security] dos attack with long passwords

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>

url.php | 6 5 + 1 - 0 !
1 file changed, 5 insertions(+), 1 deletion(-)

 [patch 1/1] bug #4612 [security] xss vulnerability in redirection
 mechanism

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>

libraries/select_lang.lib.php | 28 4 + 24 - 0 !
1 file changed, 4 insertions(+), 24 deletions(-)

---

libraries/url_generating.lib.php | 1 1 + 0 - 0 !
setup/frames/form.inc.php | 4 2 + 2 - 0 !
setup/frames/index.inc.php | 11 5 + 6 - 0 !
setup/frames/menu.inc.php | 7 4 + 3 - 0 !
setup/frames/servers.inc.php | 4 2 + 2 - 0 !
setup/index.php | 4 2 + 2 - 0 !
setup/lib/form_processing.lib.php | 17 10 + 7 - 0 !
setup/validate.php | 6 4 + 2 - 0 !
8 files changed, 30 insertions(+), 24 deletions(-)

---

libraries/Config.class.php | 2 0 + 2 - 0 !
1 file changed, 2 deletions(-)

---

libraries/plugins/auth/AuthenticationCookie.class.php | 29 1 + 28 - 0 !
1 file changed, 1 insertion(+), 28 deletions(-)

---

url.php | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

---

js/functions.js | 21 19 + 2 - 0 !
1 file changed, 19 insertions(+), 2 deletions(-)

 [patch] use secure rng if available
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Recent browsers come with better RNG, so let's use it for generating
password instead of Math.random if available.

Signed-off-by: Michal iha <michal@cihar.com>

libraries/phpseclib/Crypt/Random.php | 230 230 + 0 - 0 !
libraries/session.inc.php | 6 4 + 2 - 0 !
2 files changed, 234 insertions(+), 2 deletions(-)

 [patch] use phpseclib's crypt::random to generate csrf token
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Michal iha <michal@cihar.com>

libraries/DbSearch.class.php | 3 2 + 1 - 0 !
libraries/TableSearch.class.php | 4 2 + 2 - 0 !
libraries/core.lib.php | 2 1 + 1 - 0 !
3 files changed, 5 insertions(+), 4 deletions(-)

---

libraries/common.inc.php | 2 1 + 1 - 0 !
libraries/core.lib.php | 8 8 + 0 - 0 !
libraries/core.lib.php.orig | only
libraries/core.lib.php.rej | only
4 files changed, 9 insertions(+), 1 deletion(-)

---

file_echo.php | 8 6 + 2 - 0 !
js/functions.js | 2 1 + 1 - 0 !
libraries/Config.class.php | 2 1 + 1 - 0 !
libraries/server_privileges.lib.php | 2 1 + 1 - 0 !
tbl_zoom_select.php | 6 5 + 1 - 0 !
5 files changed, 14 insertions(+), 6 deletions(-)

 [patch] fix xss in zoom search

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>

libraries/structure.lib.php | 15 8 + 7 - 0 !
1 file changed, 8 insertions(+), 7 deletions(-)

 [patch] fix xss in database structure page

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>

libraries/DisplayResults.class.php | 2 1 + 1 - 0 !
libraries/DisplayResults.class.php.orig | only
libraries/mult_submits.lib.php | 4 2 + 2 - 0 !
libraries/mult_submits.lib.php.orig | only
tbl_row_action.php | 4 2 + 2 - 0 !
5 files changed, 5 insertions(+), 5 deletions(-)

---

setup/frames/index.inc.php | 27 12 + 15 - 0 !
1 file changed, 12 insertions(+), 15 deletions(-)

 [patch] use javascript for redirection to https
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The current approach is broken since whitelisting is active in url.php
and also allows potential bbcode injection.

Signed-off-by: Michal iha <michal@cihar.com>

libraries/DBQbe.class.php | 2 1 + 1 - 0 !
libraries/server_privileges.lib.php | 2 1 + 1 - 0 !
2 files changed, 2 insertions(+), 2 deletions(-)

---

js/get_scripts.js.php | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

---

examples/openid.php | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

---

js/ajax.js | 4 2 + 2 - 0 !
js/get_image.js.php | 8 4 + 4 - 0 !
js/tbl_chart.js | 2 1 + 1 - 0 !
libraries/TableSearch.class.php | 2 1 + 1 - 0 !
libraries/build_html_for_db.lib.php | 6 3 + 3 - 0 !
libraries/plugins/transformations/abstract/DateFormatTransformationsPlugin.class.php | 9 5 + 4 - 0 !
libraries/plugins/transformations/abstract/DownloadTransformationsPlugin.class.php | 2 1 + 1 - 0 !
libraries/plugins/transformations/abstract/ImageLinkTransformationsPlugin.class.php | 11 2 + 9 - 0 !
libraries/plugins/transformations/abstract/InlineTransformationsPlugin.class.php | 26 9 + 17 - 0 !
libraries/plugins/transformations/abstract/LongToIPv4TransformationsPlugin.class.php | 2 1 + 1 - 0 !
libraries/plugins/transformations/abstract/PreApPendTransformationsPlugin.class.php | 4 1 + 3 - 0 !
libraries/plugins/transformations/abstract/SubstringTransformationsPlugin.class.php | 2 1 + 1 - 0 !
libraries/plugins/transformations/abstract/TextImageLinkTransformationsPlugin.class.php | 28 11 + 17 - 0 !
libraries/plugins/transformations/abstract/TextLinkTransformationsPlugin.class.php | 31 13 + 18 - 0 !
libraries/server_bin_log.lib.php | 4 2 + 2 - 0 !
libraries/transformations.lib.php | 38 0 + 38 - 0 !
16 files changed, 57 insertions(+), 122 deletions(-)

---

libraries/Header.class.php | 4 4 + 0 - 0 !
1 file changed, 4 insertions(+)

---