The following bugs have been fixed since version 4.2.7:
- bug #4501 [security] XSS in table browse page
- bug #4502 [security] Self-XSS in enum value editor
- bug #4503 [security] Self-XSSes in monitor
- bug #4504 [security] Self-XSS in query charts
- bug #4505 [security] XSS in view operations page
- bug #4517 [security] XSS in relation view
The following bugs have been fixed since version 4.2.6:
- bug Broken links on home page
- bug #4494 Overlap in navigation panel
- bug #4427 Action icons not in horizontal order
- bug #4493 s_attention.png is missing
- bug #4499 Uncaught TypeError: Cannot call method 'substr' of undefined
- bug #4498 PMA 4.2.x and HHVM
- bug #4500 mysql_doc_template is not defined
been fixed since version 4.2.5:
- bug #4471 Undefined index warning with referenced column.
- bug #4027 $cfg['MaxExactCount'] is ignored when BROWSING is back
- bug #4482 Multi Column sorting (improved user experience)
- bug #4478 Server validation does not work while in setup/mysqli
- bug Undefined variable when grid editing a foreign key column
- bug #4481 mult_submits.inc.php Undefined variable Error
- bug #4485 Sorting breaks the copy column feature
- bug #4440 Javascript error when renaming table
- bug #4483 'New window' link (selflink) disappears, causing Javascript error
- bug #4489 Incorrect detection of privileges for routine creation
- bug #4459 First few characters of database name aren't clickable when
expanded
- bug #4486 [security] XSS injection due to unescaped table comment
- bug #4488 [security] XSS injection due to unescaped table name (triggers)
- bug #4492 [security] XSS in AJAX confirmation messages
- bug #4491 [security] Missing validation for accessing User groups feature
been fixed since version 4.2.3:
- bug #4467 shell_exec() has been disabled for security reasons
- bug #4470 Error while submitting empty query
- bug #4463 Fatal error: Class 'PMA_DatabaseInterface' not found
- bug #4469 Fixed cookie based login for installations without mcrypt
- bug #4473 incorrect result count when having clause is used
- mcrypt: remove the requirement (64-bit) and the related warning
- bug #4449 Mediawiki export does not produce table header row; also fix
related PHP warnings
- bug #4442 New lines are added to query every time
- bug #4445 Fatal error on SQL Export of join query
- bug #4448 Dump binary columns in hexadecimal notation not working
- Regenerate cookie encryption IV for every session
- bug #4405 Cannot import (open_basedir): fix another case
- bug #4457 SQL tab - Insert queries not showing affected row count
- bug Missing warning about existing account, on multi-server config
- bug #4435 WHERE clause can be undefined
- bug SQL export views as tables option getting ignored
- bug #4464 [security] XSS injection due to unescaped db/table name in
navigation hiding
- bug #4465 [security] XSS injection due to unescaped db/table name in
recent/favorite tables
- bug #4423 Moving fields not working
- bug #4424 Table indexes disappear after altering field
- bug #4432 Error while displaying chart at server level
- bug #4405 Cannot import (open_basedir)
- bug #4396 Problem copying constraints (such as Sakila)
- bug #4433 Missing privileges submenu
- bug #4394 Drop db confirmation message when dropping a user
- bug #4436 Insert form numeric field with function drop-down list
- bug #4437 Problems due to missing enforcement of the minimum supported
MySQL version
+ Add enforcement of the minimum supported PHP version (5.3.0)
- bug Query error on submitting a column change form containing a
disabled input field
- bug Incorrect menu tab generation from usergroups
- bug Missing space in index creation/edit generated query
- bug #4434 Unchecking 'Show SQL queries' results NaN
This release contains several improvements and bug fixes. This version
removes support for the deprecated PHP extension "mysql".
Some highlights include:
- Added the ability to save and load queries in Query By Example.
- Navigation tabs are now fixed and don't scroll off screen.
- Easily add a function to all rows when inserting several rows at once.
- Added a favorite tables feature for quick access to often-used tables.
- Quick filter displayed rows.
The following bugs were fixed since version 4.1.13:
- bug #4365 Creating bookmark with multiple queries not working
- bug #4372 Changing browser transformation results in unnecessary
table rebuild
- bug #4375 Group two DB, one's name is the prefix of the other one
- bug #4376 [interface] Login fields show in separate line
The following bugs were fixed since version 4.1.12:
- bug #4279 CTRL + up or down moves 2 fields
- bug #4336 List server css style wrong
- bug Missing value on the Status > Server page
- bug #4347 Fixed PHP Parse error in Advisor
- bug #4350 Deleting the DB if it is renamed by the same name
- bug #4353 makeProfilingChart is not defined
- bug #4355 Precision specifier for DOUBLE type is truncated
- bug #4346 Incorrect "Export incomplete" message
- bug #4359 Notices on create table page
- bug #4356 GROUPed selects show number of rows as if not grouped
- bug #4357 JS Form submitted on "enter" even if focus is inside a
select field
fixed since version 4.1.9:
- bug #4334 Add event : datepicker won't open
- bug #4338 Fix missing value error while executing SQL query
- TCPDF library is now optional dependency
- bug #4326 Cannot find the import plugins which start with uppercase 'I'
- bug #4301 Grid edit: "SELECT" query is replaced by "UPDATE" query after edit
- bug #4278 reCaptcha re-login requires double effort
- bug #4324 Datepicker not showing up on insert page
- bug #3991 Problem selecting item in select boxes with the ENTER keystroke
in some browsers
- bug #4323 QueryWindow ignores CodeMirror
- bug None of the live charts shown on "Status -> Monitor" (Chrome)
The following bugs have been fixed since the release of version 4.1.7:
- bug #4279 CTRL + up or down moves two fields (part one)
- bug #4294 output as text radio clickable for "OpenDocument Text" export
- bug #4297 DROP DATABASE tick box in export no longer works
- bug #4291 Unable to export comments in OpenDocument text format
- bug #4299 Deletion even when the user says "No" to the confirmation message
- bug #4303 "New" link in navi panel is shown even if no privileges
- bug #4302 Some params are being omitted from microhistory
- bug #4298 Missing validation on Import CSV: "Columns enclosed with" and
"Columns escaped with"
- bug #4040 Fatal error while resetting settings
- bug #4305 JS error when editing procedure from nav panel
- bug #4308 Edit routine form submitting when pressing enter
- bug #4307 Nav: "Columns" won't expand with specific schema
- bug #4276 Login loop on session expiry
- bug #4249 Incorrect number of result rows for SQL with subqueries
- bug #4275 Broken Link to php extension manual
- bug #4053 List of procedures is not displayed after executing with Enter
- bug #4081 Setup page content shifted to the right edge of its tabs
- bug #4284 Reordering a column erases comments for other columns
- bug #4286 Open "Browse" in a new tab
- bug #4287 Printview - Always one column too much
- bug #4288 Expand database (+ icon) after timeout doesn't do anything
- bug #4285 Fixed CSS for setup
- Fixed altering table to DOUBLE/FLOAT field
- bug #4292 Success message and failure message being shown together
- bug #4293 opening new tab (using selflink) for import.php based actions
results in error and logout
Changes since version 4.0.10:
- This release contains many improvements and bug fixes. With this
release the minimum supported PHP version is now 5.3 and the minimum
MySQL version is 5.5.
- Allow specifying a port when connecting to the controlhost
- User interface improvements to server privileges, view creation, the
Operations tab, Relation View, and when creating new users
- Added support for AES_ENCRYPT on BLOB columns
- Added support for relations with ndbcluser
- Added optional ReCAPTCHA support during login
- Added support for fractional seconds in time, datetime, and timestamp
columns
- Added find and replace by column
- Added the Error Reporting Component, an optional feature allowing
users to report certain errors directly to the phpMyAdmin bug team
- Added configurable menus (so an administrator can hide certain features)
fixed since version 4.0.9:
- bug #4150 Clicking database name in query window opens a new tab
- bug #4141 Wrong page is shown after editing; also, do not show a modal
dialog for multi-row edit
- bug #3939 PHP NavigationTree error when paging through list
- bug #4075 Support A10 Networks load balancer
- bug #4083 row deleting isn't binlogs friendly
- bug #4163 Setup script does not recognize manually-configured server
- bug #4158 Events page says no privileges with ALL PRIVILEGES
The following bugs were fixed since the release of version 4.0.8:
- bug #4104 Can't edit updatable view when searching
- bug #4108 Missing refresh by deleting databases
- bug #3995 Drizzle server charset notice
- bug #3911 Filtering database names includes empty groupings
- bug #3678 Does not display or manipulate bit(64) fields appropriately
- bug #4129 Unneeded navi panel refresh
- bug #4120 SSL redirects to port 80
- bug #4144 DROP DATABASE displays wrong database name
- bug #4059 Running delete query asks for confirmation but says it was
already executed
- bug #4147 Accessibility: Images without Alt nor title attribute
The following bugs were fixed since the release of version 4.0.7:
- bug #3988 Rename view is not working
- bug #4041 Interaction between linkified fields and grid editing
- bug #3975 Table grouping isn't implemented properly
- bug #4060 Browser tries to remember wrong password when creating new user
- bug #4002 Edit Index on big table doesn't show "Loading" or any message
- bug #4098 Default table tab is ignored
- bug #4099 Server/library difference warning: setting is ignored
- bug #4100 table tree group strategy
- bug #4102 ALTER TABLE ORDER BY and InnoDB
- bug #4103 Tracking report: cannot delete a statement
- bug #3996 Drizzle navigation doesn't expand
- bug #4074 GIS column editor: point not displayed
- bug #4109 Drizzle tables in navigation are shown as views
- bug #4095 NUL symbols added to the end of database dump file
- bug #4105 More disappears in table Structure
- bug #3992 Multi-row edit doesn't clear values when checking NULL
- bug #3993 Sorting in database overview with statistics doesn't work
- bug Handle the situation where PHP_SELF is not set
- bug #4080 Overwrite existing file not obeyed
- bug #3929 Database-specific privileges are not copied when cloning user
- bug #3997 Error handling in case MySQL extension is missing
- bug #4089 Moving Columns will alter column definition
- bug #4091 Insert ignore option does not work
- bug #4090 Downloading BLOB downloads page template
- bug #4092 Clicking on table name in view of information_schema redirects to wrong page
- bug #4079 Copy Table Add AUTO_INCREMENT value checkbox not working
- bug #4088 MySQL server version at index.php incorrect w/ controlhost
- bug #4001 Import error: Class 'ImportOds' not found
- bug #3986 Missing DROP VIEW button
Approved by Thomas Klausner.
The major changes since version 3.5.* are:
- HTML frames are gone.
- The navigation panel now presents a tree.
- Javascript now required
- Documentation has a new look.
- Many bug fixes and smaller new features
This update also fixes the security vulnerability reported in PMASA-2013-10.
Approved by Thomas Klausner.
- [security] Fix self-XSS in "Showing rows", see PMASA-2013-8
- [security] Fix self-XSS in Display chart, see PMASA-2013-9
- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
+ [security] JSON content type header for version_check.php, see PMASA-2013-9
+ [security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMASA-2013-9
+ [security] Fix full path disclosure, see PMASA-2013-12
+ [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
+ [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
- [security] Fix self-XSS in schema export, see PMASA-2013-14
- [security] Fix unencoded json object, see PMASA-2013-11
- bug #3779 [core] Problem with backslash in enum fields
- bug #3816 Missing server_processlist.php
- bug #3821 Safari: white page
- Correct detection of the Chrome browser
- bug #3593604 [status] Erroneous advisor rule
- bug #3596070 [status] localStorage broken in server status monitor
- bug #3598736 [routines] Editing a procedure with special characters
- bug #3600322 [core] Visualize GIS data throws Fatal Error
- bug #3599362 [core] Double-escaped error message
- bug #3776 [cookies] Login without auth on second server
- bug #3563824 [export] Support Apache's mod_deflate
- bug #3585523 [interface] Inline query editing broken after row update
- bug #3586389 [setup] Cannot switch language in /setup
- bug #3585695 [CSS] Font size in inline query editor is way too big
- bug #3588354 [l10n] Portuguese Language not displaying correctly
- bug #3591412 [status] Live charts don't work for non-default server
- bug [core] Proxy ajax calls to pma.net to avoid browser notices
- bug #3593534 [tracking] Structure Snapshot on tracked view renders
invalid SQL
- bug #3544366 [events] Event comments not saved
Approved by Thomas Klausner.
- bug #3570212 [edit] uuid_short() is a no-arguments function
- bug #3569577 [edit] Add routine parameter headers not valid for "function"
- bug #3575799 [search] Various search operators not working as expected
- bug #3576322 [search] Invalid select query generated for tables with
ENUM fields
- bug #3577468 [display] Incorrect imagejpeg Syntax Breaks Image Transformation
- bug #3578776 [search] Editing SQL not possible when no records found
- bug #3571970 [interface] Display chart and number of rows to plot
- bug #3582631 [core] Wrong redirect url caused cookies error with ForceSSL
- bug #3539044 [interface] Browse mode "Show" button gives blank page if no
results anymore
- bug #3534979 [interface] Copy Database Ajax feedback vanishes long before
copying is done
- bug #3527531 [interface] GC-maxlifetime warning incorrectly displayed
- bug #3526916 [interface] Search fails with JS error when tooltips disabled
- bug #3544366 [interface] Event comments not saved
- bug #3549084 [edit] Can't enter date directly when editing inline
- bug #3548491 [interface] Inline query editor doesn't work from search results
- bug #3547825 [edit] BLOB download no longer works
- bug #3541966 [config] Error in generated configuration arrray
- bug #3553551 [GUI] Invalid HTML code in multi submits confirmation form
- [interface] Designer sometimes places tables on the top menu
- bug #3546277 [core] Call to undefined function __() when config file has
wrong permissions
- bug #3540922 [edit] Error searching table with many fields
- bug #3555104 [edit] Cannot copy a DB with table & views
- bug #3559925 [privileges] Incorrect updating of the list of users
- bug #3561224 [edit] cell edit date field with empty date fills in current
date
- bug #3559955 [edit] current_date from function drop down fails on update
- bug #3562472 add support for Solaris and FreeBSD system load and memory
display in server status
- bug #3553068 [import] Table import from XML file fails
- replace Highcharts with jqplot for Display chart
- bug #3567684 [edit] Pasting value doesn't clear null checkbox
- bug #3570786 [edit] Datepicker for date and datetime fields is broken
- The setup scripts *must* not get write access to the real "config.inc.php".
Allow then instead to generate a file in "/var/phpmyadmin" which the
administrator copies it place manually. This is the intended procedure
as documented by the developers.
- Restore the normal "config.inc.php" to its original location. Not sure
why I didn't encounter any problems during testing the last change
because phpMyAdmin isn't working very well without this.
While here change dependences to require both the "php-mysql" and the
"php-mysqli" packages. Old installations will use the former, new
installation will use the later.
Bump the package revision again because of these changes.
1.) Install PHP script in the "setup" directory.
2.) Use Vendor override to set the location of the configuration file.
It is now possible to use phpMyAdmin's setup for configuration.
Based on a suggestion by Peter Avalos in private e-mail.
- bug #3521416 [interface] JS error when editing index
- bug #3521313 [core] Call to undefined function __()
- bug #3521016 [edit] NOW() function incorrectly selected
- bug [GUI] Invalid HTML code on transformation_overview.php
- bug #3522930 [browse] Missing validation in Ajax mode
- bug Fix popup message on build SQL of import
- bug #3523499 [core] Make X-WebKit-CSP work better
- replace Highcharts with jqplot for query profiling, zoom search
- bug #3531584 [interface] No form validation in change password dialog
- bug #3531585 [interface] Broken password validation in copy user form
- bug #3531586 [unterface] Add user form prints JSON when user presses enter
- bug #3534121 [config] duplicate line in config.sample.inc.php
- bug #3534311 [interface] Grid editing incorrectly parses ENUM/SET values
- bug #3510196 [core] More clever URL rewriting with ForceSSL
- browse-mode improvements
- grid editing
- remember recent tables
- remember last sort order by table
- flexible column width
- reorder columns
- more compact navigation bar
- AJAXification of many operations
- reorganised server status page, with server monitoring
- improved support for stored routines, events and triggers
- openGIS support
- zoom-search in table search
- Drizzle support
- improved ENUM/SET editor
- bug #3486970 [import] Exception on XML import
- bug #3488777 [navi] $cfg['ShowTooltipAliasTB'] and blank names in
navigation
- bug #3512565 [navi] Fixed missing word "Rows" in table list tooltip
after cli
- [security] Fixed local path disclosure vulnerability, see PMASA-2012-2
- bug #3460090 [interface] TextareaAutoSelect feature broken
- patch #3375984 [export] PHP Array export might generate invalid php code
- bug #3049209 [import] Import from ODS ignores cell that is the same as
cell before
- bug #3463933 [display] SELECT DISTINCT displays wrong total records found
- patch #3458944 [operations] copy table data missing
SET SQL_MODE='NO_AUTO_VALUE_ON_ZERO'
- bug #3469254 [edit] Setting data to NULL and drop-downs
- bug #3477063 [edit] Missing set fields and values in generated INSERT query
- bug #3460867 [libraries] license issue with TCPDF (updated to 5.9.145)
- bug #3442028 [edit] Inline editing enum fields with null shows
no dropdown
- bug #3442004 [interface] DB suggestion not correct for user with
underscore
- bug #3438420 [core] Magic quotes removed in PHP 5.4
- bug #3398788 [session] No feedback when result is empty
(signon auth_type)
- bug #3384035 [display] Problems regarding ShowTooltipAliasTB
- bug #3306875 [edit] Can't rename a database that contains views
- bug #3452506 [edit] Unable to move tables with triggers
- bug #3449659 [navi] Fast filter broken with table tree
- bug #3448485 [GUI] Firefox favicon frameset regression
- [core] Better compatibility with mysql extension
- [security] Self-XSS on export options (export server/database/table),
see PMASA-2011-20
- [security] Self-XSS in setup (host parameter), see PMASA-2011-19
- bug #3425230 [interface] enum data split at space char (more space to edit)
- bug #3426840 [interface] ENUM/SET editor can't handle commas in values
- bug #3427256 [interface] no links to browse/empty views and tables
- bug #3430377 [interface] Deleted search results remain visible
- bug #3428627 [import] ODS import ignores memory limits
- bug #3426836 [interface] Visual column separation
- bug #3428065 [parser] TRUE not recognized by parser
+ patch #3433770 [config] Make location of php-gettext configurable
- patch #3430291 [import] Handle conflicts in some open_basedir situations
- bug #3431427 [display] Dropdown results - setting NULL does not work
- patch #3428764 [edit] Inline edit on multi-server configuration
- patch #3437354 [core] Notice: Array to string conversion in PHP 5.4
- [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the
view name in main panel db Structure page
- bug #3439292 [core] Fail to synchronize column with name of keyword
- bug #3425156 [interface] Add column after drop
- [interface] Avoid showing the password in phpinfo()'s output
- bug #3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8
- bug #3407235 [interface] Entering the key through a lookup window does not reset NULL
- [security] Self-XSS on database names (Synchronize), see PMASA-2011-18
- [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18
- [security] Self-XSS on column type (Create index), see PMASA-2011-18
- [security] Self-XSS on column type (table Search), see PMASA-2011-18
- [security] Self-XSS on invalid query (table overview), see PMASA-2011-18
- bug #3418610 [interface] Links in navigation when
$cfg['MainPageIconic'] = false
- bug #3418849 [interface] Inline edit shows dropdowns even after closing
- bug [view] View renaming did not work
- bug [navi] Wrong icon for view (MySQL 5.5)
- bug #3420229 [doc] Missing documentation section
- bug #3423725 [pdf] Broken PDF file when exporting database to PDF
- [core] Allow to set language in URL
- bug #3425184 [doc] Fix links to PHP documentation
- bug #3426031 [export] Export to bzip2 is not working
Welcome to phpMyAdmin 3.4.6, a bugfix and minor security release.
Please refer to the upcoming PMASA-2011-15 and -16 announcements on
http://www.phpmyadmin.net/home_page/security/.
- bug #3375325 [interface] Page list in navigation frame looks odd
- bug #3313235 [interface] Error div misplaced
- bug #3374802 [interface] Comment on a column breaks inline editing
- patch #3383711 [display] Order by a column in a view doesn't work in
some cases
- bug #3386434 [interface] Add missing space to server status
- [core] Remove library PHPExcel, due to license issues
- [export] Remove native Excel export modules (xls and xlsx formats)
- [import] Remove native Excel import modules (xls and xlsx formats)
- bug #3392920 [edit] BLOB emptied after editing another column
- [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14
- [security] Fixed XSS with db/table/column names, see PMASA-2011-14
- bug #3323060 [parser] SQL parser breaks AJAX requests if query has
unclosed quotes
- bug #3323101 [parser] Invalid escape sequence in SQL parser
- bug #3348995 [config] $cfg['Export']['asfile'] set to false does not
select asText option
- bug #3340151 [export] Working SQL query exports error page
- bug #3353649 [interface] "Create an index on X columns" form not validated
- bug #3350790 [interface] JS error in Table->Structure->Index->Edit
- bug #3353811 [interface] Info message has "error" class
- bug #3357837 [interface] TABbing through a NULL field in the inline mode
resets NULL
- remove version number in /setup
- bug #3367993 [usability] Missing "Generate Password" button
- bug #3363221 [display] Missing Server Parameter on inline sql query
- bug #3367986 [navi] Drop field -> lost active table
- remove misleading comment on the "Rename database" interface
- bug #3374374 [interface] Fix footnote for inexact count while browsing
- bug #3372807 [interface] Fix security warning link in setup
- bug #3374347 [display] Backquotes in normal text on import page
- bug #3358750 [core] With Suhosin, urls are too long in edit links
- [security] Missing sanitization on the table, column and index names leads
to XSS vulnerabilities, see PMASA-2011-13
This is major feature update which requires at least PHP 5.2.0 and
MySQL 5.0. It features a new user interface and uses MySQL for
authentication and access control.
The update was necessary as "phpmyadmin" 2.11 is no longer supported:
http://sourceforge.net/news/?group_id=23067&id=301992
