Weekly phpMyAdmin contributions 2016 – Week13

 

Last week saw the release of phpMyAdmin 4.6.5 (and 4.6.5.1 which included two minor fixes in 4.6.5) and security releases 4.4.15.9 and 4.0.10.18.

The 4.6.5 release had two minor but irritating issues: one with  mysqli_real_escape_string() being passed improper parameters and was reproducible when $cfg['only_db'] or $cfg['hide_db'] are set, other one was about user being forced to input a partition count on new table create page. The fixes have been made and are released as a part of 4.6.5.1

Majority of last week was spent on refactoring and templating of various PMA_getHtml* functions apart from regular issue assessment.

Handled issues:

Weekly phpMyAdmin contributions 2016 – Week12

Last week I continued with regular bug-fixing and issue investigation.

The bug reported some months back about Long Request URI in the AJAX call while browsing the results of Database search was fixed. It was partially because everything was being embedded in the href attribute of the link which was changed to use the HTML5’s data-* attributes and the Request method was changed to POST (originally GET).

Some issues (#12360, #12361) with self-injections in some scripts was also fixed and a bug reported in the SQL parser repository (#62) some months back turned out to be already fixed covered with a lot of fixes that have been made over the last three months. Though there is an issue left with

Meanwhile, while working on some issue-related files in the codebase, I tried to clean up some old commented debugging calls as well.

Next week should be ideally focused on fixing some security issues and the regular bug-fixing.

Handled issues:

Weekly phpMyAdmin contributions 2016 – Week11

Last week, I started by looking at some security issues and made fixes for them. The rest of the week was focused on regular bug-fixing and issue assessment.

I worked on the issue to detect wrong ordering of clauses in the queries (#22) while being parsed by the SQL parser. There were some fixes in the main repository, too. The visual query builder used to generate a wrong query in case a foreign key with more than one columns was present between the tables (#12652) and was fixed by #12689.

There was fix (#12685) for an old issue (#12257) with the Table search page being very slow, as we were issuing an extra COUNT(*) queries (for helping us decide which UI to show) which might be very slow if tables have a large number of rows. It was fixed by implementing a work around for the COUNT(*) queries to get the necessary information.

I finally got all the tests and assertions to pass with the replacement of Util::sqlAddSlashes with escapeString function of the Database Interface (which in turn calls  the inbuilt mysqli_real_escape_string ) in PR #12564, which also fixed the issue related to corrupted export of SQL (#12453). Some other minor fixes were also made and are listed in the list below.

Next week should be ideally focused on fixing some security issues, bug-fixing and some refactoring if time permits.

Handled issues:
* #12695 wrong data shown
* #12691 unnecessary ksort call in PMA_getPlugins function
* #12439 Fix html header for user properties editor
* #12542 Missing table name in account privileges editor
* #12453 exported SQL is corrupted
* #12257 search page very slow
* #12652 Visual query builder fails with foreign keys referencing more than one column
* #12687 decimal(12,2) error – rounds to decimal (12)
* #12681 Symbol $ in table names passed incorrect from “designer” to “table structure editor”
* #12651 Enter key on grid editor date field
* #12674 Unable to rename tables that start with a period
* #12684 ENUM (‘Y’,’N’)
* #22 switched WHERE and LIMIT not detected