| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
| |
Release Notes:
https://www.phpmyadmin.net/files/5.2.1/
License-Update: Update copyright year to 2022
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
* Removed support for Microsoft Internet Explorer
* Requires PHP 7.2 or newer
* Requires the openssl PHP extension
* Improved handling of system CA bundle and cacert.pem, falling back to Mozilla CA if needed
* Replace "master/slave" terms with "primary/replica"
* Add "NOT LIKE %...%" operator to Table search
* Add support for the Mroonga engine
* Add support for account locking
* Several fixes and improvements to the SQL parser library
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
=========
- Fix broken pagination links in the navigation sidebar
- Fix MariaDB has no support for system variable "disabled_storage_engines"
- Fix unsupported operand types in Results.php when running "SHOW PROCESSLIST" SQL query
- Fixed importing browser settings question box after login when having no pmadb
- Fix "First day of calendar" user override has no effect
- Fixed repeating headers are not working
- Fixed import of email-adresses or links from ODS results in empty contents
- Fixed a type error on ODS import with non string values
- Fixed header row show/hide columns buttons on each line after hover are shown on each row
- [security] Fix for path disclosure under certain server configurations (if display_errors is on, for instance)
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
License-Update: Change JS Foundation to OpenJS Foundation
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Release note:
https://www.phpmyadmin.net/files/5.1.1/
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is the result of automated script (0.9.1) conversion:
oe-core/scripts/contrib/convert-overrides.py .
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
The following changes have taken place in copyright:
-Copyright 2013 jQuery Foundation and other contributors
-http://jquery.com/
+Copyright JS Foundation and other contributors, https://js.foundation/
Signed-off-by: Zheng Ruoqin <zhengrq.fnst@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
License-Update: tecnickcom/tcpdf/LICENSE.TXT: copyright years updated.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Security fixes:
CVE-2018-15605: An issue was discovered in phpMyAdmin before 4.8.3. A
Cross-Site Scripting vulnerability has been found where an attacker can
use a crafted file to manipulate an authenticated user who loads that
file through the import feature.
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
phpmyadmin install some bin list below that depend on interpreter php,
without rdepend, will report "Not found the interpreter php"
/usr/share/phpmyadmin/vendor/phpmyadmin/sql-parser/bin/lint-query
/usr/share/phpmyadmin/vendor/phpmyadmin/sql-parser/bin/tokenize-query
/usr/share/phpmyadmin/vendor/phpmyadmin/sql-parser/bin/highlight-query
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
License-Update: move js/jquery to js/vendor/jquery
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Derek Straka <derek@asterius.io>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
|
| |
|
|
|
|
|
| |
The license files and md5 are updated.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
* Compatible with PHP 5.5 to 7.0 and MySQL 5.5 and newer.
* Release notes: http://www.phpmyadmin.net/files/4.6.3/
* Drop two CVE patches which have been fixed:
CVE-2015-7873 and CVE-2015-8669
* Use PV in SRC_URI instead of hardcoded version number.
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
* Using "cp -a" leaks UID of user running the builds, causing
many QA warnings.
* See this thread for details:
http://lists.openembedded.org/pipermail/openembedded-core/2015-November/112904.html
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
libraries/config/messages.inc.php in phpMyAdmin 4.0.x before 4.0.10.12,
4.4.x before 4.4.15.2, and 4.5.x before 4.5.3.1 allows remote attackers
to obtain sensitive information via a crafted request, which reveals
the full path in an error message.
This patch is from https://github.com/phpmyadmin/phpmyadmin/commit/c4d649325b25139d7c097e56e2e46cc7187fae45
Signed-off-by: Jian Liu <jian.liu@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The redirection feature in url.php in phpMyAdmin 4.4.x before 4.4.15.1
and 4.5.x before 4.5.1 allows remote attackers to spoof content via the
url parameter.
Backport upstream commit to fix it:
https://github.com/phpmyadmin/phpmyadmin/commit/cd097656758f981f80fb9029c7d6b4294582b706
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade phpmyadmin from 4.4.9 to 4.5.0.2 and SRC_URI is updated.
Accoring to release note, there is NO API changes for 4.5.0.x serial. So
upgrade to 4.5.0.2 rather than 4.4.15 which will only support for
security fixes only.
And license file has some text update. See:
https://github.com/phpmyadmin/phpmyadmin/commit/9d080a482fae73bde5049620088d4687da245163
Change files owner to fix [host-user-contaminated] warnings.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
upgrade to include CVE fixes:
CVE-2015-3903
CVE-2015-3902
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Roy Li <rongqing.li@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
| |
Drop patches merged upstream.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
| |
|
|
|
|
|
| |
Don't install local patch files to target.
Signed-off-by: Wenzong Fan <wenzong.fan@windriver.com>
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before
4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote
authenticated users to inject arbitrary web script or HTML via a crafted ENUM
value that is improperly handled during rendering of the (1) table search or (2)
table structure page, related to
libraries/TableSearch.class.php and libraries/Util.class.php.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-7217
Signed-off-by: Roy Li <rongqing.li@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Cross-site scripting (XSS) vulnerability in the view operations page in
phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote
authenticated users to inject arbitrary web script or HTML via a crafted
view name, related to js/functions.js.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5274
Signed-off-by: Roy Li <rongqing.li@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x
before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow
remote authenticated users to inject arbitrary web script or HTML via the
(1) browse table page, related to js/sql.js; (2) ENUM editor page, related
to js/functions.js; (3) monitor page, related to js/server_status_monitor.js;
(4) query charts page, related to js/tbl_chart.js; or (5) table relations
page, related to libraries/tbl_relation.lib.php.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-5273
Signed-off-by: Roy Li <rongqing.li@windriver.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bashism:
possible bashism in plugins/transformations/generator_plugin.sh line 16 (echo -e):
echo -e "Usage: ./generator_plugin.sh MIMEType MIMESubtype TransformationName [Description]\n"
possible bashism in plugins/transformations/generator_plugin.sh line 28 (${parm,[,][pat]} or ${parm^[^][pat]}):
MT="${MT^}"
possible bashism in plugins/transformations/generator_plugin.sh line 29 (${parm,[,][pat]} or ${parm^[^][pat]}):
MS="${MS^}"
possible bashism in plugins/transformations/generator_plugin.sh line 30 (${parm,[,][pat]} or ${parm^[^][pat]}):
TN="${TN^}"
possible bashism in plugins/transformations/generator_plugin.sh line 51 (should be 'b = a'):
if [ "$4" == "--generate_only_main_class" ]; then
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
|
| |
|
|
|
|
| |
Note that this now requires MariaDB/MySQL 5.5+.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
| |
|
|
| |
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
| |
|
|
| |
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
| |
|
|
| |
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
| |
|
|
| |
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
| |
|
|
|
|
|
| |
Remove some mostly superfluous scripts for adding additional mimetype
support that add an explicit dependency on bash.
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
| |
|
|
| |
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* This change is only aesthetic (unlike indentation in Python
tasks).
* Some recipes were using tabs.
* Some were using 8 spaces.
* Some were using mix or different number of spaces.
* Make them consistently use 4 spaces everywhere.
* Yocto styleguide advises to use tabs (but the only reason to keep
tabs is the need to update a lot of recipes). Lately this advice
was also merged into the styleguide on the OE wiki.
* Using 4 spaces in both types of tasks is better because it's less
error prone when someone is not sure if e.g.
do_generate_toolchain_file() is Python or shell task and also allows
to highlight every tab used in .bb, .inc, .bbappend, .bbclass as
potentially bad (shouldn't be used for indenting of multiline
variable assignments and cannot be used for Python tasks).
* Don't indent closing quote on multiline variables
we're quite inconsistent wheater it's first character on line
under opening quote or under first non-whitespace character in
previous line.
Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
Acked-by: Koen Kooi <koen@dominion.thruhere.net>
|
| |
|
|
|
| |
Signed-off-by: Jackie Huang <jackie.huang@windriver.com>
Signed-off-by: Joe MacDonald <joe.macdonald@windriver.com>
|
|
|
Add new recipe for phpMyAdmin 3.5.2.2, borrowing the apache.conf file
from Debian (with the addition of "Require all granted" to enable
access).
Signed-off-by: Paul Eggleton <paul.eggleton@linux.intel.com>
|
