Merge pull request #28 from mehrwert/security/PMASA-2019-1-PMASA-2019-2

[SECURITY] Update pMA to the latest stable 4.8.x release (4.8.5)

.gitignore

@@ -1,3 +1,4 @@
 /.idea
 /atlassian-ide-plugin.xml
 Build
+/Vendor/*/tmp/

CONTRIBUTING.md

@@ -17,7 +17,7 @@ Latest code of EXT:phpmyadmin is hosted on GitHub (https://github.com/mehrwert/T
 
 You need
 
-*   LAMP/MAMP/MNMP/your favorite Stack - with TYPO3 Versions 8.7.x
+*   LAMP/MAMP/MNMP/your favorite Stack - with TYPO3 Versions 8.7.x - 9.5.x
 
 ## Links
 

Classes/Backend/PmaModule.php

@@ -67,7 +67,7 @@ public function main()
         $MCONF['name'] = 'tools_txphpmyadmin';
         $MCONF['script'] = '_DISPATCH';
         $MCONF['access'] = 'admin';
-        $MCONF['PMA_subdir'] = 'Vendor/phpMyAdmin-4.8.4-all-languages/';
+        $MCONF['PMA_subdir'] = 'Vendor/phpMyAdmin-4.8.5-all-languages/';
         $MCONF['PMA_script'] = 'index.php';
 
         $this->MCONF = $MCONF;

Documentation/Changelog/Index.rst

@@ -11,6 +11,14 @@ Change Log
 
 The following is an overview of the changes in this extension. For more details `read the online log <https://github.com/mehrwert/TYPO3-phpMyAdmin>`_.
 
+2019-01-26 Andreas Beutel - Version 5.2.5
+^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
+- [FEATURE] Mark pMA compatible with TYPO3 9 LTS and PHP 7.2
+- [FEATURE] Updated pMA to the latest stable 4.8.x release (4.8.5)
+- [SECURITY] Includes serious vendor security fixes
+- `PMASA-2019-1 <https://www.phpmyadmin.net/security/PMASA-2019-1/>`_: Arbitrary file read vulnerability
+- `PMASA-2019-2 <https://www.phpmyadmin.net/security/PMASA-2019-2/>`_: SQL injection in Designer feature
+
 2018-12-11 Andreas Beutel - Version 5.2.4
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 - [FEATURE] Updated pMA to the latest stable 4.8.x release (4.8.4)

Documentation/Index.rst

@@ -24,7 +24,7 @@ phpMyAdmin for TYPO3
       2002-11-01
 
 :Changed:
-      2018-11-26
+      2019-01-26
 
 :Changed by:
       Andreas Beutel

Settings.yml

@@ -4,10 +4,10 @@
 
 ---
 conf.py:
-  copyright: 2002-2018
+  copyright: 2002-2019
   project: phpMyAdmin Extension for TYPO3
-  version: 5.2.4
-  release: 5.2.4
+  version: 5.2.5
+  release: 5.2.5
   latex_documents:
   - - Index
     - phpmyadmin.tex

Vendor/phpMyAdmin-4.8.4-all-languages/ChangeLog → Vendor/phpMyAdmin-4.8.5-all-languages/ChangeLog

@@ -1,6 +1,21 @@
 phpMyAdmin - ChangeLog
 ======================
 
+4.8.5 (2019-01-25)
+- issue        Developer debug data was saved to the PHP error log
+- issue #14217 Fix issue when adding user on MySQL 8.0.11
+- issue #13788 Exporting a view structure based on another view with a sub-query throws no database selected error
+- issue #14635 Fix PHP error in GitRevision, error in processing request, error code 200
+- issue #14787 Cannot execute stored procedure
+- issue        Add Burmese language
+- issue #14794 Not responding to click, frozen interface, plugin Text_Plain_Sql error
+- issue #14786 Table level Operations functions missing
+- issue #14791 PHP warning, db_export.php#L91 urldecode()
+- issue #14775 Export to SQL format not available for tables
+- issue #14782 Error message shown instead of two-factor QR code when adding 2fa to a user
+- issue        [security] Arbitrary file read/delete relating to MySQL LOAD DATA LOCAL INFILE and an evil server instance (PMASA-2019-1)
+- issue        [security] SQL injection in Designer (PMASA-2019-2)
+
 4.8.4 (2018-12-11)
 - issue #14452 Remove hash param in edit query URL
 - issue #14295 Issue in Changing theme

Vendor/phpMyAdmin-4.8.4-all-languages/README → Vendor/phpMyAdmin-4.8.5-all-languages/README

@@ -1,7 +1,7 @@
 phpMyAdmin - Readme
 ===================
 
-Version 4.8.4
+Version 4.8.5
 
 A web interface for MySQL and MariaDB.
 

Vendor/phpMyAdmin-4.8.5-all-languages/RELEASE-DATE-4.8.5

@@ -0,0 +1 @@
+Sat Jan 26 03:04:17 UTC 2019