Last week saw the release of phpMyAdmin 4.6.5 (and 188.8.131.52 which included two minor fixes in 4.6.5) and security releases 184.108.40.206 and 220.127.116.11.
The 4.6.5 release had two minor but irritating issues: one with mysqli_real_escape_string() being passed improper parameters and was reproducible when
$cfg['hide_db'] are set, other one was about user being forced to input a partition count on new table create page. The fixes have been made and are released as a part of 18.104.22.168
Majority of last week was spent on refactoring and templating of various
PMA_getHtml* functions apart from regular issue assessment.
Last week I continued with regular bug-fixing and issue investigation.
The bug reported some months back about Long Request URI in the AJAX call while browsing the results of Database search was fixed. It was partially because everything was being embedded in the
href attribute of the link which was changed to use the HTML5’s
data-* attributes and the Request method was changed to POST (originally GET).
Some issues (#12360, #12361) with self-injections in some scripts was also fixed and a bug reported in the SQL parser repository (#62) some months back turned out to be already fixed covered with a lot of fixes that have been made over the last three months. Though there is an issue left with
Meanwhile, while working on some issue-related files in the codebase, I tried to clean up some old commented debugging calls as well.
Next week should be ideally focused on fixing some security issues and the regular bug-fixing.
- #12717 user.User field display problem
- #12712 Error when trying to setup replication (fatal error in call to an old PMA_DBI_connect function)
- #12361 Self SQL injection in table-specific privileges
- #12709 ENUM is broke
- #12706 unneeded temp file creation
- #12299 Request-URI Too Long
- #12701 ENUM – alter table syntax error
- #12360 Self SQL injection in user group name
- #12695 wrong data shown
- #62 Good for your job, but, in some condition it may not work well as expected
Last week, I started by looking at some security issues and made fixes for them. The rest of the week was focused on regular bug-fixing and issue assessment.
I worked on the issue to detect wrong ordering of clauses in the queries (#22) while being parsed by the SQL parser. There were some fixes in the main repository, too. The visual query builder used to generate a wrong query in case a foreign key with more than one columns was present between the tables (#12652) and was fixed by #12689.
There was fix (#12685) for an old issue (#12257) with the Table search page being very slow, as we were issuing an extra
COUNT(*) queries (for helping us decide which UI to show) which might be very slow if tables have a large number of rows. It was fixed by implementing a work around for the
COUNT(*) queries to get the necessary information.
I finally got all the tests and assertions to pass with the replacement of
escapeString function of the Database Interface (which in turn calls the inbuilt
mysqli_real_escape_string ) in PR #12564, which also fixed the issue related to corrupted export of SQL (#12453). Some other minor fixes were also made and are listed in the list below.
Next week should be ideally focused on fixing some security issues, bug-fixing and some refactoring if time permits.
* #12695 wrong data shown
* #12691 unnecessary ksort call in PMA_getPlugins function
* #12439 Fix html header for user properties editor
* #12542 Missing table name in account privileges editor
* #12453 exported SQL is corrupted
* #12257 search page very slow
* #12652 Visual query builder fails with foreign keys referencing more than one column
* #12687 decimal(12,2) error – rounds to decimal (12)
* #12681 Symbol $ in table names passed incorrect from “designer” to “table structure editor”
* #12651 Enter key on grid editor date field
* #12674 Unable to rename tables that start with a period
* #12684 ENUM (‘Y’,’N’)
* #22 switched WHERE and LIMIT not detected