New upstream release 4.6.3.0

Author: nuxwin

ChangeLog

@@ -1,6 +1,56 @@
 phpMyAdmin - ChangeLog
 ======================
 
+4.6.3 (2016-06-23)
+- issue #12249 Fixed cookie path on Windows
+- issue #12279 Fixed error reporting on connect problems
+- issue #12290 Fixed export of tables without explicitly set engine
+- issue #12285 Designer JavaScript error: Show/Hide tables list
+- issue #12293 Fix MySQL SSL connection with some PHP versions
+- issue #12279 Fix MySQL connection error on version mismatch
+- issue #12281 Keep user attributes (privileges, authentication mode, etc) when copying a user
+- issue #12308 Fix division by zero in case of misconfigured MySQL server
+- issue #12317 Fix editing server variables
+- issue #12303 Fix table size calculation in some circumstances
+- issue #12310 Fix listing routines for non privileged user
+- issue        Escape generated query in exporting a database
+- issue        Setup script doesn't use input type 'password' in all relevant locations
+- issue        [security] BBCode injection in setup script, see PMASA-2016-17
+- issue        [security] Cookie attribute injection attack, see PMASA-2016-18
+- issue        Redirect loop when directly calling url.php
+- issue        [security] SQL injection attack, see PMASA-2016-19
+- issue        [security] XSS attack in Table Structure page, see PMASA-2016-20
+- issue        [security] XSS attack in Server Privileges page, see PMASA-2016-21
+- issue        [security] DOS attack vulnerability, see PMASA-2016-22
+- issue        [security] Multiple full path disclosure vulnerabilities, see PMASA-2016-23
+- issue        [security] Full path disclosure when running in debug mode
+- issue        [security] XSS attack with partition range and table structure, see PMASA-2016-25
+- issue        [security] XSS attack when checking database privileges, see PMASA-2016-26
+- issue        [security] XSS attack when MySQL server is using a specific payload log_bin directive, see PMASA-2016-26
+- issue        [security] XSS vulnerabilities in Transformation feature, see PMASA-2016-26
+
+4.6.2 (2016-05-25)
+- issue        [security] User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14
+- issue        [security] Self XSS vulneratbility, see PMASA-2016-16
+- issue #12225 Use https for documentation links
+- issue #12234 Fix schema export with too many tables
+- issue #12240 Avoid parsing non JSON responses as JSON
+- issue #12244 Avoid using too log URLs when getting javascripts
+- issue #12118 Fixed setting mixed case languages
+- issue #12229 Avoid storing objects in session when debugging SQL
+- issue #12249 Fix cookie path on IIS
+- issue #11705 Fix occassional 200 errors on Windows
+- issue #12219 Fix locking issues when importing SQL
+- issue #12231 Avoid confusing warning when mysql extension is missing
+- issue        Improve handling of logout
+- issue        Safer handling of sessions during authentication
+- issue #12209 Fix server selection on main page
+- issue #12192 Avoid storing full error data in session
+- issue #12082 Fixed export of ARCHIVE tables with keys
+- issue #11565 Add session reload for config authentication
+- issue #12229 Do not fail on errors stored in session
+- issue #12248 Fix loading of APC based upload progress bar
+
 4.6.1 (2016-05-02)
 - issue #12120 PMA_Util not found in insert_edit.lib.php
 - issue #12118 Fixed activation of some languages
@@ -184,7 +234,7 @@ phpMyAdmin - ChangeLog
 - issue        [security] XSS vulnerability in SQL editor, see PMASA-2016-9
 
          --- Older ChangeLogs can be found on our project website ---
-                     http://www.phpmyadmin.net/old-stuff/ChangeLogs/
+                     https://www.phpmyadmin.net/old-stuff/ChangeLogs/
 
 # vim: et ts=4 sw=4 sts=4
 # vim: ft=changelog fenc=utf-8

README

@@ -1,7 +1,7 @@
 phpMyAdmin - Readme
 ===================
 
-Version 4.6.1
+Version 4.6.3
 
 A web interface for MySQL and MariaDB.
 
@@ -12,7 +12,7 @@ Summary
 
 phpMyAdmin is intended to handle the administration of MySQL over the web.
 For a summary of features, list of requirements, and installation instructions,
-please see the documentation in the ./doc/ folder or at http://docs.phpmyadmin.net/
+please see the documentation in the ./doc/ folder or at https://docs.phpmyadmin.net/
 
 Copyright
 ---------

RELEASE-DATE-4.6.1

@@ -0,0 +1 @@
+Thu Jun 23 04:31:01 UTC 2016

RELEASE-DATE-4.6.3

@@ -52,7 +52,7 @@
 $tracker_url_rfe = 'https://sourceforge.net/p/phpmyadmin/feature-requests/\\1/';
 $tracker_url_patch = 'https://sourceforge.net/p/phpmyadmin/patches/\\1/';
 $github_url = 'https://github.com/phpmyadmin/phpmyadmin/';
-$faq_url = 'http://docs.phpmyadmin.net/en/latest/faq.html';
+$faq_url = 'https://docs.phpmyadmin.net/en/latest/faq.html';
 
 $replaces = array(
     '@(https?://[./a-zA-Z0-9.-_-]*[/a-zA-Z0-9_])@'

changelog.php

@@ -1,7 +1,7 @@
 {
     "name": "imscp/phpmyadmin",
     "description": "iMSCP tools - PhpMyadmin - MySQL administration tool",
-    "version": "4.6.1.0",
+    "version": "4.6.3.0",
     "authors": [
         {
             "name": "The phpMyAdmin Team",

composer.json

@@ -5,7 +5,7 @@
  * manual configuration. For easier setup you can use setup/
  *
  * All directives are explained in documentation in the doc/ folder
- * or at <http://docs.phpmyadmin.net/>.
+ * or at <https://docs.phpmyadmin.net/>.
  *
  * @package PhpMyAdmin
  */
@@ -153,5 +153,5 @@
 
 /**
  * You can find more configuration options in the documentation
- * in the doc/ folder or at <http://docs.phpmyadmin.net/>.
+ * in the doc/ folder or at <https://docs.phpmyadmin.net/>.
  */

config.sample.inc.php

@@ -93,7 +93,7 @@
     $total_rows = PMA_getCentralColumnsCount($db);
 }
 if (PMA_isValid($_REQUEST['pos'], 'integer')) {
-    $pos = $_REQUEST['pos'];
+    $pos = intval($_REQUEST['pos']);
 } else {
     $pos = 0;
 }

db_central_columns.php

@@ -51,7 +51,7 @@
 # built documents.
 #
 # The short X.Y version.
-version = '4.6.1'
+version = '4.6.3'
 # The full version, including alpha/beta/rc tags.
 release = version
 

doc/conf.py

@@ -504,7 +504,7 @@ Server connection settings
 
     More information on regular expressions can be found in the `PCRE
     pattern syntax
-    <http://php.net/manual/en/reference.pcre.pattern.syntax.php>`_ portion
+    <https://php.net/manual/en/reference.pcre.pattern.syntax.php>`_ portion
     of the PHP reference manual.
 
 .. config:option:: $cfg['Servers'][$i]['verbose']
@@ -702,7 +702,7 @@ Server connection settings
         For auto-upgrade functionality to work, your
         ``$cfg['Servers'][$i]['controluser']`` must have ALTER privilege on
         ``phpmyadmin`` database. See the `MySQL documentation for GRANT
-        <http://dev.mysql.com/doc/mysql/en/grant.html>`_ on how to
+        <https://dev.mysql.com/doc/mysql/en/grant.html>`_ on how to
         ``GRANT`` privileges to a user.
 
 .. _history:
@@ -1046,7 +1046,7 @@ Server connection settings
 
     Sets the time zone used by phpMyAdmin. Leave blank to use the time zone of your
     database server. Possible values are explained at
-    http://dev.mysql.com/doc/refman/5.7/en/time-zone-support.html
+    https://dev.mysql.com/doc/refman/5.7/en/time-zone-support.html
 
     This is useful when your database server uses a time zone which is different from the
     time zone you want to use in phpMyAdmin.
@@ -1310,14 +1310,14 @@ Generic settings
     :type: boolean
     :default: false
 
-    Whether `persistent connections <http://php.net/manual/en/features
+    Whether `persistent connections <https://php.net/manual/en/features
     .persistent-connections.php>`_ should be used or not. Works with
     following extensions:
 
-    * mysql (`mysql\_pconnect <http://php.net/manual/en/function.mysql-
+    * mysql (`mysql\_pconnect <https://php.net/manual/en/function.mysql-
       pconnect.php>`_),
     * mysqli (requires PHP 5.3.0 or newer, `more information
-      <http://php.net/manual/en/mysqli.persistconns.php>`_).
+      <https://php.net/manual/en/mysqli.persistconns.php>`_).
 
 .. config:option:: $cfg['ForceSSL']
 
@@ -1354,7 +1354,7 @@ Generic settings
     :default: ``''``
 
     Path for storing session data (`session\_save\_path PHP parameter
-    <http://php.net/session_save_path>`_).
+    <https://php.net/session_save_path>`_).
 
 .. config:option:: $cfg['MemoryLimit']
 
@@ -1500,7 +1500,7 @@ Cookie authentication options
 
     Define how long a login cookie is valid. Please note that php
     configuration option `session.gc\_maxlifetime
-    <http://php.net/manual/en/session.configuration.php#ini.session.gc-
+    <https://php.net/manual/en/session.configuration.php#ini.session.gc-
     maxlifetime>`_ might limit session validity and if the session is lost,
     the login cookie is also invalidated. So it is a good idea to set
     ``session.gc_maxlifetime`` at least to the same value of
@@ -2219,7 +2219,7 @@ Languages
 
     Defines the default connection collation to use, if not user-defined.
     See the `MySQL documentation for charsets
-    <http://dev.mysql.com/doc/mysql/en/charset-charsets.html>`_
+    <https://dev.mysql.com/doc/mysql/en/charset-charsets.html>`_
     for list of possible values.
 
 .. config:option:: $cfg['Lang']