[SECURITY] Update pMA to the latest stable 4.4.x release (4.4.15.3) -…

… MWEXT-8 - PMASA-2016-5: Unsafe comparison of XSRF/CSRF token - PMASA-2015-6: Full path disclosure vulnerability - PMASA-2016-1: Multiple full path disclosure vulnerabilities - PMASA-2016-2: Unsafe generation of XSRF/CSRF token - PMASA-2016-3: Multiple XSS vulnerabilities - PMASA-2016-4: Insecure password generation in JavaScript - PMASA-2016-6: Multiple full path disclosure vulnerabilities - PMASA-2016-7: XSS vulnerability in normalization page - Provide composer.json (thanks to André Wuttig for the contribution) - Add CONTRIBUTING.md
mehrwert · Jan 28, 2016 · 63c67e6 · 63c67e6
1 parent efb964f
commit 63c67e6
Show file tree

Hide file tree

Showing 1,724 changed files with 879 additions and 51,994 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,2 +1,3 @@
 /.idea
 /atlassian-ide-plugin.xml
+Build
diff --git a/BeModule/conf.php b/BeModule/conf.php
@@ -11,7 +11,7 @@
 // Configuration
 $MCONF['name'] = 'tools_txphpmyadmin';
 $MCONF['script'] = '_DISPATCH';
-$MCONF['PMA_subdir'] = 'Vendor/phpMyAdmin-4.4.15.1-all-languages/';
+$MCONF['PMA_subdir'] = 'Vendor/phpMyAdmin-4.4.15.3-all-languages/';
 $MCONF['PMA_script'] = 'index.php';
 
 // Localization

diff --git a/BeModule/index.php b/BeModule/index.php
@@ -3,7 +3,7 @@
 * Copyright notice
 *
 * (c) 1999-2005 Kasper Skaarhoj ([email protected])
-* (c) 2006-2015 mehrwert ([email protected])
+* (c) 2006-2016 mehrwert ([email protected])
 * All rights reserved
 *
 * This script is part of the TYPO3 project. The TYPO3 project is
@@ -235,7 +235,7 @@ public function printContent()	{
 $MCONF['name'] = 'tools_txphpmyadmin';
 $MCONF['script'] = '_DISPATCH';
 $MCONF['access'] = 'admin';
-$MCONF['PMA_subdir'] = 'Vendor/phpMyAdmin-4.4.15.1-all-languages/';
+$MCONF['PMA_subdir'] = 'Vendor/phpMyAdmin-4.4.15.3-all-languages/';
 $MCONF['PMA_script'] = 'index.php';
 
 // Proceed if TYPO3_MODE is defined

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -0,0 +1,27 @@
+# Contributing to EXT:phpmyadmin
+
+All contributions are welcome!
+
+* Bug reports
+* Feature requests
+* Testing
+
+## How to contribute
+
+Latest code of EXT:phpmyadmin is hosted on GitHub (https://github.com/mehrwert/TYPO3-phpMyAdmin). The code is organized in branches:
+
+* master: Production release
+* develop: Ongoing development
+* feature/*: new features
+* hotfix/*: all hotfixes
+
+You need
+
+*   LAMP/MAMP/MNMP/your favorite Stack - with TYPO3 Versions 6.2 or 7.6
+
+## Links
+
+* https://github.com/mehrwert/TYPO3-phpMyAdmin
+* https://forge.typo3.org/projects/extension-phpmyadmin
+* https://www.phpmyadmin.net
+* https://www.mehrwert.de
diff --git a/Classes/Hooks/BeUserAuth.php b/Classes/Hooks/BeUserAuth.php
@@ -2,7 +2,7 @@
 /***************************************************************
 * Copyright notice
 *
-* (c) 2008-2015 mehrwert ([email protected])
+* (c) 2008-2016 mehrwert ([email protected])
 * All rights reserved
 *
 * This script is part of the TYPO3 project. The TYPO3 project is

diff --git a/Documentation/Changelog/Index.rst b/Documentation/Changelog/Index.rst
@@ -11,6 +11,21 @@ Change Log
 
 The following is an overview of the changes in this extension. For more details `read the online log <https://github.com/mehrwert/TYPO3-phpMyAdmin>`_.
 
+2016-01-28 Andreas Beutel - Version 5.1.5
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+- [FEATURE] Updated pMA to the latest stable 4.4.x release (4.4.15.3)
+- [SECURITY] Includes critical vendor security fixes
+- `PMASA-2016-5 <https://www.phpmyadmin.net/security/PMASA-2016-5/>`_: Unsafe comparison of XSRF/CSRF token
+- [SECURITY] Includes non-critical vendor security fixes
+- `PMASA-2015-6 <https://www.phpmyadmin.net/security/PMASA-2015-6/>`_: Full path disclosure vulnerability
+- `PMASA-2016-1 <https://www.phpmyadmin.net/security/PMASA-2016-1/>`_: Multiple full path disclosure vulnerabilities
+- `PMASA-2016-2 <https://www.phpmyadmin.net/security/PMASA-2016-2/>`_: Unsafe generation of XSRF/CSRF token
+- `PMASA-2016-3 <https://www.phpmyadmin.net/security/PMASA-2016-3/>`_: Multiple XSS vulnerabilities
+- `PMASA-2016-4 <https://www.phpmyadmin.net/security/PMASA-2016-4/>`_: Insecure password generation in JavaScript
+- `PMASA-2016-6 <https://www.phpmyadmin.net/security/PMASA-2016-6/>`_: Multiple full path disclosure vulnerabilities
+- `PMASA-2016-7 <https://www.phpmyadmin.net/security/PMASA-2016-7/>`_: XSS vulnerability in normalization page
+- [FEATURE] Provide composer.json (thanks to André Wuttig for the contribution)
+
 2015-11-01 Andreas Beutel - Version 5.1.4
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 - [BUGFIX] Update version number in vendor path and Settings.xml

diff --git a/Settings.yml b/Settings.yml
@@ -4,10 +4,10 @@
 
 ---
 conf.py:
-  copyright: 2002-2015
+  copyright: 2002-2016
   project: phpMyAdmin Extension for TYPO3
-  version: 5.1.4
-  release: 5.1.4
+  version: 5.1.5
+  release: 5.1.5
   latex_documents:
   - - Index
     - phpmyadmin.tex

diff --git a/Vendor/phpMyAdmin-4.4.15.1-all-languages/RELEASE-DATE-4.4.15.1 b/Vendor/phpMyAdmin-4.4.15.1-all-languages/RELEASE-DATE-4.4.15.1
diff --git a/Vendor/phpMyAdmin-4.4.15.1-all-languages/doc/Makefile b/Vendor/phpMyAdmin-4.4.15.1-all-languages/doc/Makefile