4.9.5 (2020-03-20)
- issue [security] Fix SQL injection with certain usernames (PMASA-2020-2)
- issue [security] Fix SQL injection in particular search situations (PMASA-2020-3)
- issue [security] Fix SQL injection and XSS flaw (PMASA-2020-4)
- issue Deprecate "options" for the external transformation; options must now be hard-coded along with the program name directly in the file.
4.9.4 (2020-01-07)
- issue #15724 Fix 2FA was disabled by a bug
- issue [security] Fix SQL injection vulnerability on the user accounts page (PMASA-2020-1)
4.9.3 (2019-12-26)
- issue #15570 Fix page contents go underneath of floating menubar in some cases
- issue #15591 Fix php notice 'Undefined index: foreign_keys_data' on relations view when the user has column access
- issue #15592 Fix php warning "error_reporting() has been disabled for security reasons"
- issue #15434 Fix middle click on table sort column name shows a blank page
- issue Fix php notice "Undefined index table_create_time" when setting displayed columns on results of a view
- issue #15571 Fix fatal error when trying to edit row with row checked and button under the table
- issue #15633 Fix designer set display field broken for php 5.x versions
- issue #15621 Support CloudFront-Forwarded-Proto header for Amazon CloudFront proxy
- issue Fix php 8.0 php notices - Undefined index on login page
- issue #15640 Fix php 7.4 error when trying to access array offset on value of type null on table browse
- issue #15641 Fix replication actions where broken (start slave, stop slave, reset, ...)
- issue #15608 Fix DisableIS is broken when with controluser configured (database list broken)
- issue #15614 Fix undefined offset on index page for MySQL 5.7.8 (server charset)
- issue #15692 Fix JavaScript error when user has not enough privilege to view query statistics.
- issue #14248 Fixed date selection in search menu missing higher Z-index value
- issue Fix Uncaught php TypeError on php 8.0 when adding a column to table create form
- issue #15682 Fix calendar not taking current time as default value
- issue #15636 Fix php error trying to access array offset on value o type null on replication GUI
- issue #15695 Fix input field for the time in datetime picker is disabled
4.9.2 (2019-11-21)
- issue #14184 Change the cookie name from phpMyAdmin to phpMyAdmin_https for HTTPS, fixes many "Failed to set session cookie" errors
- issue #15304 Fix ssl_use php error
- issue #14804 Fix undefined index: ssl_* variables
- issue #14245 Fix mysql 8.0.3 and above fails on advisor
- issue #15499 Fix unparenthesized php deprecation
- issue #15482 Fix URL encoding plus sign (+) in the table or DB name when configuring foreign keys
- issue #14898 Fixed bottom table in list in left panel blocked by horizontal scroll bar
- issue #15161 Fix text area overflows its parent element on "Query" page
- issue #15511 Fixed exporting users after a delete will delete all selected users on "Users" page
- issue #14598 Fixed checking referencial integrity on "Operations" page
- issue #14433 Fix "You do not have privileges to manipulate with the users!" on root superadmin
- issue #15391 Fix GIS polygon of a geometry field is not drawn on "GIS visualization"
- issue #15311 Fix adjust privileges on copy database fails with MariaDB
- issue #15477 Fix display referential integrity check for InnoDB
- issue #15236 Support phpunit 8 in our test suite to help packaging phpMyAdmin on Debian
- issue #15522 Fix missing image error fills logs, removed ic_b_info icon from icon list
- issue #15537 Fixed some issues with the sort by key selectors
- issue #15546 Fix operators precedence in DatabaseInterface class
- issue #14906 Test test suite on 32-bit systems
- issue Fix Long2IP transformation issue with PHP 7.1
- issue #14951 Fix moving columns with DEFAULT NULL doesn't work on MariaDB 10.2+
- issue #14951 Fix moving columns with INT AND DEFAULT CURRENT_TIMESTAMP doesn't work on MariaDB
- issue #12241 Fixed table alias is removed when exporting a query
- issue #15316 Fixed cross join clause is removed on export
- issue #14809 Fix error "is_uploaded_file() expects parameter 1 to be string" when inserting blobs from files
- issue #15127 Fix white square when refreshing designer or browsing other pages
- issue #13912 Detect when phpMyAdmin storage tables are not accessible, help users browse corrupt DBs
- issue #15465 Display profiling when query outputs no rows
- issue Fix setting and removing display field on Designer
- issue Added a warning when trying to set a display field on Designer and configuration storage is not setup
- issue #15327 Fix shift-click in Export misses a checkbox
- issue [security] Fix improperly sanitized data when showing the Git branch (thanks to Ali Hubail for this report)
- issue [security] Fix security weaknesses in Designer feature,including a flaw where an attacker could trigger an SQL injection attack (PMASA-2019-5)
4.9.1 (2019-09-21)
- Routine fix for an issue that has been reported as CVE-2019-12922
- issue #15313 Added support for Twig 2
- issue #15315 Fix cannot edit or export column with default CURRENT_TIMESTAMP in MySQL >= 8.0.13
- issue Fix a TypeError in Import class with PHP 8
- issue #14270 Fix Middle-click on foreign key link broken
- issue #14363 Fix broken relational links in tables
- issue #14987 Fix weird error for empty collation
- issue #15334 Fix export of GIS visualisation not working (PNG, PDF, SVG)
- issue #14918 Use hex for the phpMyAdmin session token
- issue Added GB18030 Chinese collations description
- issue Added Russian, Swedish, Slovak and Chinese UCA 9.0.0 collations description
- issue Added description for the _ks (kana-sensitive) collation suffix
- issue Added description for the _nopad (NO PAD) collation suffix
- issue #15404 Remove array/string curly braces access
- issue #15427 Fixed "FilterLanguages" option does not work (configuration)
- issue #15202 Fixed creating user with single quote in password results in no password user
- issue #14950 Fixed left database overview "add column" triggers error
- issue #15363 Fix remove unexpected quotes on text fields (structure and insert)
- issue Fix NULL wrongly checked on field change
- issue #15388 Fix allow to rollback an empty statement
- issue #14291 Fixed incorrect linkage from one table's value to another table
- issue #15446 Fix tables added from other databases are not collapsing in the designer section
- issue #14945 Fix designer page save fails if dB name contains period
- issue Display an error when trying to import in designer a table that's already imported
- issue Fix many bugs when adding new tables to designer
- issue Update CodeMirror to v5.48.4
- issue Update jQuery Migrate to v3.1.0
- issue Update jQuery Validation to v1.19.1
- issue Update jQuery to v3.4.1
- issue Update js-cookie to v2.2.1
- issue Remove fieldset closing tag when setting global privileges
- issue #15425 Fix backslash in column name resulting an error in editing
- issue #15380 Fix Status - Advisor error
- issue #15439 Fix designer page status not updated when added a new table from another database
- issue #15440 Fix page number is not being updated in the URL after saving a designer's page
- issue Fix reloading a designer's page
- issue Fix designer full screen mode button and text stuck when exiting full-screen mode
4.9.0.1 (2019-06-04)
- issue #14478 phpMyAdmin no longer streams the export data
- issue #14514 Tables with SYSTEM VERSIONING show up as views instead of tables
- issue #14515 Values cannot be edited in SYSTEM VERSIONING tables with INVISIBLE timestamps
- issue Fix header icon on server plugins page
- issue #14298 Fixed error 500 on MultiTableQuery page when a empty query is passed
- issue #14402 Fixed fatal javascript error while adding index to a new column
- issue #14896 Fixed issue with plus/minus icon when refreshing an expanded database
- issue #14922 Fixed json encode error in export
- issue #13975 Fixed missing query time in German (fix decimal number format issue)
- issue #14503 Fixed JavaScript events not activating on input (sql bookmark issue)
- issue #14898 Fixed Bottom table is blocked in database list (left panel)
- issue #14425 Fixed Null Checkbox automatically unmarked
- issue #14870 Display correct date and time in Zip files
- issue #14763 Fixed the loading symbol not appearing when refreshing the navigation
- issue #14607 Count rows only if needed
- issue #14832 Show Designer combo boxes when adding a constraint
- issue #14948 Fix change password is not showing password strength difference at the second attempt
- issue #14868 Fix edit view
- issue #14943 Fixed loading Forever when creating new view without filling any field
- issue #14843 Fix Bookmark::get() id matching SQL
- issue #14734 Fixed invalid default value for bit field
- issue #14311 Fixed undefined index in setup script
- issue #14991 Fixed TypeError in GIS editor
- issue Fixed GIS data editor for multi server setup
- issue #14312 Fixed type error in setup script when adding new server
- issue #14053 Fix missed padding on query results
- issue #14826 Fixed javascript error PMA_messages is not defined
- issue Show error message if config-set fails and not "loading..." forever
- issue #14359 Prevent multiple error modals, and error-report request spamming from script
- issue Fixed error reporting javascript errors on multi server setup
- issue Fixed wrong property name on TableStructureController
- issue #14811 Fix SHOW FULL TABLES FROM when a table is locked
- issue #14916 Fix bug when creating or editing views
- issue #14931 Fixed php error when using a query like SELECT 1 INTO @a; SELECT @a; in inline query edit
- issue #15074 Make the server logo visible on theme "original"
- issue #15077 Fixed incorrect page numbers
- issue #14205 Fixed "No tables found in database" when you delete all tables from last page
- issue #14957 Virtuality is not selected when editing generated column (added virtuality(stored) option for mariadb)
- issue #14853 Insert page should not allow entering things into virtual columns
- issue #15110 Fixed TypeError e.preventDefaulut is not a function
- issue #15115 Improved label in Settings export, clarifying that it's a JSON file
- issue #14816 Fixed [designer] Cannot read property 'style' of null
- issue Fixed [designer] Add new tables with database/table list modal
- issue Fixed query format on multi server setup
- issue Fixed remove partitioning on multi server setup
- issue Fixed normalization
- issue Fixed 'RESET SLAVE' button on replication slave
- issue Fixed sending a php error report on multi server setup
- issue Fixed downloading of monitor parameters for IE 11, Edge, Chrome and others
- issue #15141 Fixed php notice Undefined index: designer_settings
- issue #12729 Fixed sticky table header over dropdown menu
- issue #15140 Fixed edit link does not work on failed insert
- issue #14334 Fixed export table structure shows rows fields
- issue #15010 Fixed empty SQL preview modal on tbl_relation
- issue #14673 Fixed innodb & MySQL 8: DYNAMIC & COMPRESSED ROW_FORMAT missing
- issue Fixed empty success message when adding a new INDEX from left panel
- issue #15150 Fixed generate password hidden on second open of change password modal
- issue Fixed import XML data with leading zeros
- issue #15036 Fixed missing input fields checks for MaxSizeForInputField
- issue #15119 Fixed uninterpreted HTML on Settings->Export page
- issue #15159 Fixed missing query time and database in console
- issue #13713 Fixed column comments in the floating table header
- issue #15177 Fixed label alignment on login page
- issue #15210 Fixed a typo in the english name of the Albanian language
- issue Fixed issue when resetting charset in import.php
- issue #14460 Fixed forms where submitted multiple times on CTRL + ENTER
- issue #15038 Fixed console height was allowing a negative values
- issue #15219 Fixed 'No Password' option does not switch automatically to 'Use Text Field' in add user account
- issue Fixed importing the exported config on Server status monitor page
- issue #15228 Fixed php notice 'Undefined index: foreign_keys_data' on designer when the user has column access
- issue #12900 Fixed designer page saving gives error when configuration storage is not set up
- issue #15229 Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4)
- issue #14527 Fixed import settings function not working
- issue #14908 Fixed uninterpreted HTML on Settings->Import (missing data error descriptions)
- issue #14800 Fixed status->Processes doesn't show full query process list page
- issue #14833 Fixed sort by Time not working in process list page
- issue #14982 Fixed setting "null" keep an "enum" value
- issue #14401 Fixed insert rows keypress Enter behavior
- issue #15146 Fixed error reports can not be sent because they are too large
- issue #15205 Fixed useless backquotes on sql preview modal when deleting an index
- issue #13178 Fixed issues with uppercase table and database names (lower_case_table_names=1)
- issue #14383 Fixed warning when browsing certain tables (GIS data)
- issue #12865 Fixed MySQL 8.0.0 issues with GIS display
- issue #15059 Fixed "Server charset" in "Database server" tab showing wrong information
- issue #14614 Fixed mysql error "#2014 - Commands out of sync; you can't run this command now" on sql query
- issue #15238 Fixed phpMyAdmin 4.8.5 doesn't show privileges of procedures (raw html displayed instead)
- issue #13726 Fixed can not copy user on Percona Server 5.7
- issue #15239 Fixed javascript error while fetching latest version info and switching pages
- issue #14301 Fixed javascript error when editing a JSON data type column
- issue #15240 Fixed apply a Settings form with errors shows a JSON response after using return back
- issue #15043 Fixed multiple errors printing on Settings page
- issue #15037 Fixed unexpected behavior of reset button on Settings
- issue #15157 Fixed 'Settings' tab not marked as active when browsing 2FA settings
- issue #14934 Fixed all fields readonly on Edit/Insert screens
- issue #14588 Fixed export of geometry objects, GIS objects are now exported as hex
- issue #14412 Better handling of errors with Signon authentication type
- issue Added support for AUTO_INCREMENT when using ROCKSDB, on Operations page
- issue #15276 Fixed partitioning is missing in Structure page UI (MySQL 8.0)
- issue #14252 Fixed DisableIS and database tree list (new database missing when refreshing the list)
- issue #14621 Removed "Propose table structure" on MySQL 8.0
- issue Fixed editing of virtual columns on PerconaDB
- issue #13854 Fixed column options are ignored for GENERATED/VIRTUAL/STORED columns
- issue #15262 Fixed incorrect display of charset column (raw html)
- issue Added explicit parentheses in nested ternary operators
- issue #15287 Fix auto_increment field is too small
- issue #15283 Fix tries to change collation on views when changing collation on all tables/fields
- issue Fixed empty PMA_gotoWhitelist JavaScript array
- issue #15079 Fixed responsive behaviour of instruction dialog box
- issue #10846 Fixed javascript error when renaming a table
- issue Updated sql-parser to version 4.3.2
- issue [security] SQL injection in Designer (PMASA-2019-3)
- issue [security] CSRF attack on 'cookie' login form (PMASA-2019-4)
4.8.5 (2019-01-25)
- issue Developer debug data was saved to the PHP error log
- issue #14217 Fix issue when adding user on MySQL 8.0.11
- issue #13788 Exporting a view structure based on another view with a sub-query throws no database selected error
- issue #14635 Fix PHP error in GitRevision, error in processing request, error code 200
- issue #14787 Cannot execute stored procedure
- issue Add Burmese language
- issue #14794 Not responding to click, frozen interface, plugin Text_Plain_Sql error
- issue #14786 Table level Operations functions missing
- issue #14791 PHP warning, db_export.php#L91 urldecode()
- issue #14775 Export to SQL format not available for tables
- issue #14782 Error message shown instead of two-factor QR code when adding 2fa to a user
- issue [security] Arbitrary file read/delete relating to MySQL LOAD DATA LOCAL INFILE and an evil server instance (PMASA-2019-1)
- issue [security] SQL injection in Designer (PMASA-2019-2)
The new package will be prefixed with the php version because the
dependencies are also specified with the version number in the
Makefile.
Changelog:
4.8.3 (2018-08-22)
- issue #14314 Error when naming a database '0'
- issue #14333 Fix NULL as default not shown
- issue #14229 Fixes issue with recent table list
- issue #14045 Fix slow performance on DB structure filtering
- issue #14327 Fix Editing server variable not showing save or cancel option
- issue #14377 Populate options for view create and edit
- issue #14171 2FA configuration fails if PHP doesn't have GD support
- issue #14390 Can't unhide tables
- issue #14382 "Visualize GIS data" icon missing
- issue #14435 Event scheduler status toggle doesn't work
- issue #14365 View not working on multiple servers
- issue #14207 Partition actions in table structure do not work
- issue #14375 Fixes ERR_BLOCKED_BY_XSS_AUDITOR on export table
- issue #14552 Blank message shown instead of MySQL error when adding trigger and other locations
- issue #14525 Fix PHP 7.3 warning: "continue" in "switch" is equal to "break"
- issue #14554 Icon missing when creating a new trigger, routine, and event
- issue #14422 Table comment not showing since 4.8.1
- issue #14426 Drop table doesn't work when you copy tables to another database
- issue #14581 Escaped HTML in 'Add a new server' setup
- issue #14548 [security] HTML injection in import warning messages, see PMASA-2018-5
4.8.2 (2018-06-21)
- issue #14370 WHERE 0 causes Fatal error
- issue #14225 Fix missing index icon
- issue [security] XSS vulnerability in Designer, see PMASA-2018-3
- issue [security] File inclusion and remote code execution vulnerability, see PMASA-2018-4
4.8.1 (2018-05-24)
- issue #12772 Fix case where the central columns attributes don't get filled in
- issue #14049 Fix case where the query builder doesn't work when selected column is *
- issue #14029 Revert "Browse" table CSS overflow
- issue #14241 Dropping indexes and foreign keys fail
- issue #14227 Relational linking broken
- issue #14246 Fixed error in configuration storage zero config
- issue #14128 Show 2FA Secret next to QR code
- issue #14212 XML Export from single table throws fatal error
- issue #14239 Line and some other charts ignore result set order of values chosen for the x-axis
- issue #14260 Fixed configuration for DefaultLang and Lang
- issue #14264 Linking for 'Distinct values' broken
- issue #13968 Fix MariaDB 10.2 current_timestamp()
- issue #14249 Fix for missing go button in view edit
- issue #14125 Fix for issues with spatial fields
- issue #14189 Remember table's sorting broken
- issue #14289 Fix multi-column sorting
- issue #14278 Fix central columns in-line edit bug
- issue #14066 Fix AUTO_INCREMENT error when only exporting table structure in database-level exports
- issue #13893 Simulating queries produces unexpected results
- issue #14309 Setup script icons missing
4.8.0.1 (2018-04-19)
- issue [security] Multiple CSRF vulnerabilities, See PMASA-2018-02
4.8.0 (2018-04-07)
- issue #12946 Allow to export JSON with unescaped unicode chars
- issue #12983 Disable login button without solved reCaptcha
- issue #12315 Allow to remove individual segments from pie charts
- issue Change label from "Improve table structure" to "Normalize" to match standard terminology
- issue #13087 Offer login as different user on access denied from MySQL
- issue #13110 Indicate when HTTPS is not properly reported on the server
- issue #13119 No database selected error when adding foreign key
- issue #12388 Improved database search to allow search for exact phrase match
- issue #13099 Report error when trying to copy database to same name
- issue #13167 Themes now have to contain metadata in theme.json
- issue #6363 phpMyAdmin no longer requires eval() in PHP
- issue #12386 The mbstring dependency is now optional
- issue #13269 Small refactoring in preparation to CSP
- issue #13384 Database link broken in Databases Page
- issue #13391 Configurable authentication logging using $cfg['AuthLog']
- issue #13086 Add support for Google Invisible Captcha
- issue #13058 Improved error reporting for reCAPTCHA
- issue #12899 Improved rendering of server variables table
- issue #12948 Fixed javascript editor for TIME values
- issue #13095 Fixed alignment of foreign keys editing
- issue #12944 Improved inline editor for JSON
- issue #13145 Improved layout of operations pages
- issue #13448 Add "format" query button in edit view form
- issue #6241 Implement Responsive Design/mobile interface
- issue Use a single location for classes under PhpMyAdmin namespace
- issue #12354 Indicate SSL status on main page
- issue #5666 Configuration directives for defaults of Transformation options
- issue #12261 Remove inline JavaScript
- issue #13408 Show MySQL warnings when executing SQL queries
- issue #5827 Allow Designer to show tables from other databases
- issue #13268 Replace Query-By-Example with multi-table query generator interface
- issue #13576 Add privileges export to per-database listing
- issue Consolidate functions into class files
- issue #13560 Add support for changing collation for all tables and columns in database
- issue #13303 Add support for creating fulltext index from table structure
- issue #13711 Lower default value for $cfg['MaxExactCount']
- issue #13722 DisableIS is not fully honored
- issue #6197 Added support for authentication using U2F and 2FA
- issue #13480 Avoid removing cookies on upgrade
- issue #13397 Remember state of navigation panel
- issue #11688 Reduced cookie usage
- issue #13466 Better utilization of user preferences
- issue #14042 Rename PMD to Designer
- issue #13940 Honor arg_separator in AJAX requests
- issue #14060 Can't edit rows in Internet Explorer
- issue #14096 Internet Explorer compatibility; fixes JavaScript error Object doesn't support property or method 'startsWith'
4.7.9 (2018-03-05)
- issue #13931 Fixed browsing tables with more results
- issue #13927 "Not an integer" when browsing a table
- issue #13887 "Input variables exceeded 1000" error relating to PHP's max_input_vars directive
4.7.8 (2018-02-20)
- issue #13914 Fixed resetting default setting values.
- issue #13758 Fixed fallback value for collation connection.
- issue #13938 Fixed error handling in PHP 7.2
- issue [security] Fix XSS in Central Columns Feature, See PMASA-2018-01
--- Older ChangeLogs can be found on our project website ---
https://www.phpmyadmin.net/old-stuff/ChangeLogs/
4.6.5.2 (2016-12-05)
- issue #12765 Fixed SQL export with newlines
4.6.5.1 (2016-11-25)
- issue #12735 Incorrect parameters to escapeString in Node.php
- issue #12734 Fix PHP error when mbstring is not installed
- issue #12736 Don't force partition count to be specified when creating a new table
4.6.5 (2016-11-24)
- issue Remove potentionally license problematic sRGB profile
- issue #12459 Display read only fields as read only when editing
- issue #12384 Fix expanding of navigation pane when clicking on database
- issue #12430 Impove partitioning support
- issue #12374 Reintroduced simplified PmaAbsoluteUri configuration directive
- issue Always use UTC time in HTTP headers
- issue #12479 Simplified validation of external links
- issue #12483 Fix browsing tables with built in transformations
- issue #12485 Do not show warning about short blowfish_secret if none is set
- issue #12251 Fixed random logouts due to wrong cookie path
- issue #12480 Fixed editing of ENUM/SET/DECIMAL fields structure
- issue #12497 Missing escaping of configuration used in SQL (hide_db and only_db)
- issue #12476 Add error checking in reading advisory rules file
- issue #12477 Add checking missing elements and confirming element types from json_decode
- issue #12251 Automatically save SQL query in browser local storage rather than in cookie
- issue #12292 Unable to edit transformations
- issue #12502 Remove unused paramenter when connecting to MySQLi
- issue #12303 Fix number formatting with different settings of precision in PHP
- issue #12405 Use single quotes in PHP code
- issue #12534 Option for the dropped column is not removed from 'after_field' select, after the column is dropped
- issue #12531 Properly detect DROP DATABASE queries
- issue #12470 Fix possible race condition in setting URL hash
- issue #11924 Remove caching of server information
- issue #11628 Proper parsing of INSERT ... ON DUPLICATE KEY queries
- issue #12545 Proper parsing of CREATE TABLE ... PARTITION queries
- issue #12473 Code can throw unhandled exception
- issue #12550 Do not try to keep alive session even after expiry
- issue #12512 Fixed rendering BBCode links in setup
- issue #12518 Fixed copy of table with generated columns
- issue #12221 Fixed export of table with generated columns
- issue #12320 Copying a user does not copy usergroup
- issue #12272 Adding a new row with default enum goes to no selection when you want to add more then 2 rows
- issue #12487 Drag and drop import prevents file dropping to blob column file selector on the insert tab
- issue #12554 Absence of scrolling makes it impossible to read longer text values in grid editing
- issue #12530 "Edit routine" crashes when the current user is not the definer, even if privileges are adequate
- issue #12300 Export selective tables by-default dumps Events also
- issue #12298 Fixed export of view definitions
- issue #12242 Edit routine detail dialog does not fill "Return length" field in mysql functions
- issue #12575 New index Confirm adds whitespace around the field name
- issue #12382 Bug in zoom search
- issue #12321 Assign LIMIT clause only to syntactically correct queries
- issue #12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25" Inserted At Wrong Place
- issue #12511 Clarify documentation on ArbitraryServerRegexp
- issue #12508 Remove duplicate code in SQL escaping
- issue #12475 Cleanup code for getting table information
- issue #12579 phpMyAdmin's export of a Select statment without a FROM clause generates Wrong SQL
- issue #12316 Correct export of complex SELECT statements
- issue #12080 Fixed parsing of subselect queries
- issue #11740 Fixed handling DELETE ... USING queries
- issue #12100 Fixed handling of CASE operator
- issue #12455 Query history stores separate entry for every letter typed
- issue #12327 Create PHP code no longer works
- issue #12179 Fixed bookmarking of query with multiple statements
- issue #12419 Wrong description on GRANT OPTION
- issue #12615 Fixed regexp for matching browser versions
- issue #12569 Avoid showing import errors twice
- issue #12362 prefs_manage.php can leave an orphaned temporary file
- issue #12619 Unable to export csv when using union select
- issue #12625 Broken Edit links in query results of JOIN query
- issue #12634 Drop DB error in import if DB doesn't exist
- issue #12338 Designer reverts to first saved ER after EACH relation create or delete
- issue #12639 'Show trace' in Console generates JS error for functions in query's trace called without any arguments
- issue #12366 Fix user creation with certain MariaDB setups
- issue #12616 Refuse to work with mbstring.func_overload enabled
- issue #12472 Properly report connection without password in setup
- issue #12365 Fix records count for large tables
- issue #12533 Fix records count for complex queries
- issue #12454 Query history not updated in console until page refresh
- issue #12344 Fixed parsing of labels in loop
- issue #12228 Fixed parsing of BEGIN labels
- issue #12637 Fixed editing some timestamp values
- issue #12622 Fixed javascript error in designer
- issue #12334 Missing page indicator or VIEWs
- issue #12610 Export of tables with Timestamp/Datetime/Time columns defined with ON UPDATE clause with precision fails
- issue #12661 Error inserting into pma__history after timeout
- issue #12195 Row_format = fixed not visible
- issue #12665 Cannot add a foreign key - non-indexed fields not listed in InnoDB tables
- issue #12674 Allow for proper MySQL-allowed strings as identifiers
- issue #12651 Allow for partial dates on table insert page
- issue #12681 Fixed designer with tables using special chars
- issue #12652 Fixed visual query builder for foreign keys with more fields
- issue #12257 Improved search page performance
- issue #12322 Avoid selecting default function for foreign keys
- issue #12453 Fixed escaping of SQL parts in some corner cases
- issue #12542 Missing table name in account privileges editor
- issue #12691 Remove ksort call on empty array in PMA_getPlugins function
- issue #12443 Check parameter type before processing
- issue #12299 Avoid generating too long URLs in search
- issue #12361 Fix self SQL injection in table-specific privileges
- issue #12698 Add link to release notes and download on new version notification
- issue #12712 Error when trying to setup replication (fatal error in call to an old PMA_DBI_connect function)
- issue [security] Unsafe generation of $cfg['blowfish_secret'], see PMASA-2016-58
- issue [security] phpMyAdmin's phpinfo functionality is removed, see PMASA-2016-59
- issue [security] AllowRoot and allow/deny rule bypass with specially-crafted username, see PMASA-2016-60
- issue [security] Username matching weaknesses with allow/deny rules, see PMASA-2016-61
- issue [security] Possible to bypass logout timeout, see PMASA-2016-62
- issue [security] Full path disclosure (FPD) weaknesses, see PMASA-2016-63
- issue [security] Multiple XSS weaknesses, see PMASA-2016-64
- issue [security] Multiple denial-of-service (DOS) vulnerabilities, see PMASA-2016-65
- issue [security] Possible to bypass white-list protection for URL redirection, see PMASA-2016-66
- issue [security] BBCode injection to login page, see PMASA-2016-67
- issue [security] Denial-of-service (DOS) vulnerability in table partitioning, see PMASA-2016-68
- issue [security] Multiple SQL injection vulnerabilities, see PMASA-2016-69
- issue [security] Incorrect serialized string parsing, see PMASA-2016-70
- issue [security] CSRF token not stripped from the URL, see PMASA-2016-71
pkgsrc changes:
* Overhaul Makefile.
- Remove use of INSTALL_DIRS and simplify install process.
- Utilize pkgsrc SUBST_*.
- Stop other pkglint warninggs.
* Drop some dot files from installation.
Quote from Changes:
4.6.4 (2016-08-16)
- issue [security] Weaknesses with cookie encryption, see PMASA-2016-29
- issue [security] Improve session cookie code for openid.php and signon.php example files
- issue [security] Full path disclosure in openid.php and signon.php example files
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-30
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-31
- issue [security] Unsafe generation of BlowfishSecret (when not supplied by the user)
- issue [security] Referrer leak when phpinfo is enabled
- issue [security] PHP code injection, see PMASA-2016-32
- issue [security] Full path disclosure, see PMASA-2016-33
- issue [security] SQL injection attack, see PMASA-2016-34
- issue [security] Local file exposure through LOAD DATA LOCAL INFILE, see PMASA-2016-35
- issue [security] Local file exposure through symlinks with UploadDir, see PMASA-2016-36
- issue [security] Path traversal with SaveDir and UploadDir, see PMASA-2016-37
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-38
- issue [security] SQL injection vulnerability as control user, see PMASA-2016-39
- issue [security] SQL injection vulnerability, see PMASA-2016-40
- issue [security] Denial-of-service attack through transformation feature, see PMASA-2016-41
- issue [security] SQL injection vulnerability as control user, see PMASA-2016-42
- issue [security] Verify data before unserializing, see PMASA-2016-43
- issue [security] Use HTTPS for wiki links
- issue Remove Swekey support
- issue [security] SSRF in setup script, see PMASA-2016-44
- issue [security] Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections, see PMASA-2016-45
- issue [security] Improve SSL certificate handling
- issue [security] Fix full path disclosure in debugging code
- issue [security] Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server, see PMASA-2016-47
- issue [security] Detect if user is logged in, see PMASA-2016-48
- issue [security] Bypass URL redirection protection, see PMASA-2016-49
- issue [security] Referrer leak, see PMASA-2016-50
- issue [security] Reflected File Download, see PMASA-2016-51
- issue [security] ArbitraryServerRegexp bypass, see PMASA-2016-52
- issue [security] Denial-of-service attack by entering long password, see PMASA-2016-53
- issue [security] Remote code execution vulnerability when running as CGI, see PMASA-2016-054
- issue [security] Administrators could trigger SQL injection attack against users
- issue [security] Denial-of-service attack when PHP uses dbase extension, see PMASA-2016-55
- issue [security] Remove tode execution vulnerability when PHP uses dbase extension, see PMASA-2016-56
- issue [security] Denial-of-service attack by using for loops, see PMASA-2016-46
- issue Include X-Robots-Tag header in responses
- issue Enforce numeric field length when creating table
- issue Fixed invalid Content-Length in some HTTP responses
- issue #12394 Create view should require a view name
- issue #12391 Message with 'Change password successfully' displayed, but does not take effect
- issue Tighten control on PHP sessions and session cookies
- issue #12409 Re-enable overhead on server databases view
- issue #12414 Fixed rendering of Original theme
- issue #12413 Fixed deleting users in non English locales
- issue #12416 Fixed replication status output in Databases listing
- issue #12303 Avoid typecasting to float when not needed
- issue #12425 Duplicate message variable names in messages.inc.php
- issue #12399 Adding index to table shows wrong top navigation
- issue #12424 Fixed password change on MariaDB without auth plugin
- issue #12339 Do not error on unset server port
- issue #12422 Improvements to the original theme
- issue #12395 Do not try to load old transformation plugins
- issue #12423 Fixed replication status in database listing
- issue #12433 Copy table with prefix does not copy the indexes
- issue #12375 Search in database: Window content is not scrolling down when clicking first time on Browse link
- issue #12346 SQL Editor textareas can have their size increased from the top, distorting the page view
Problems found with existing distfiles:
distfiles/D6.data.ros.gz
distfiles/cstore0.2.tar.gz
distfiles/data4.tar.gz
distfiles/sphinx-2.2.7-release.tar.gz
No changes made to the cstore or mariadb55-client distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
- bug #4746 Right-aligned columns have left-aligned header
- bug #4779 PMA_Util::parseEnumSetValues fails on enums with UTF-8 values
- bug Undefined index savedsearcheswork
- bug #4788 Inline edit of DATE fields with NULL, NULL checkbox is under
datepicker
- bug #4790 DROP TABLE/VIEW IF EXISTS are not tracked
- bug Compatibility with central columns of version 4.4
- bug #4758 Firefox with auth_type to http with multiple server doesn't
work anymore
- bug #4789 Views aren't dropped when copying a database
- bug #4784 Incomplete bookmark saving
- bug #4786 SELECT width on relations page
- bug [security] Risk of BREACH attack, see PMASA-2015-1
- bug #4774 SQL links are completely wrong
- bug #4768 MariaDB: version mismatch
- bug #4777 Some images are missing in Designer for original theme
- bug #4767 Drizzle: undefined index in mysql_charsets.inc.php
- bug #4753 Normal field and multi-line field have different margins
- bug #4760 Cannot re-import settings from local storage
- bug #4778 SQL error when database list is sorted by additional columns
- bug #4780 Notice when timestamp column does not have default value
- bug Undefined index navwork
- bug #4744 Opening console scroll down the page
- bug Remove extra column heading in view structure page
- bug Add missing confirmation when deleting central columns
- bug Undefined index DisableIS
- bug #4763 Database export with more than 512 tables fails
- bug #4769 Previously set column aliases are destroyed if returned to the
same table
- bug #4752 Incorrect page after creating table
- bug #4771 Central Columns not working, showing error
- bug #4728 Incorrect headings in routine editor
- bug #4730 Notice while browsing tables when phpmyadmin pma database
exists, but not all the tables
- bug #4729 Display original field when using "Relational display column"
option and display column is empty
- bug #4734 Default values for binary fields do not support binary values
- bug #4736 Changing display options breaks query highlighting
- bug Undefined index submit_type
- bug #4738 Header lose align when scrolling in Firefox
- bug #4741 in ./libraries/Advisor.class.php#184 vsprintf(): Too few arguments
- bug #4743 Unable to move cursor with keyboard in filter rows box
- bug Incorrect link in doc
- bug #4745 Tracking does not handle views properly
- bug #4706 Schema export doesn't handle dots in db/table name
- bug #3935 Table Header not displayed correct (Safari 5.0.5 Mac)
- bug #4750 Disable renaming referenced columns
- bug #4748 Column name center-aligned instead of left-aligned in Relations
- bug Undefined constant PMA_DRIZZLE
- bug #4712 Wrongly positioned date-picker while Grid-Editing
- bug #4714 Forced ORDER BY for own sql statements
- bug #4721 Undefined property: stdClass::$version
- bug #4719 'only_db' not working
- bug #4700 Error text: Internal Server Error
- bug #4722 Incorrect width table summary when favorite tables is disabled
- bug #4710 Nav tree error after filtering the tables
- bug #4716 Collapse all in navigation panel is sometimes broken
- bug #4724 Cannot navigate in filtered table list
- bug #4717 Database navigation menu broken when resolution/screen is changing
- bug #4727 Collation column missing in database list when DisableIS is true
- bug Undefined index central_columnswork
- bug Undefined index favorite_tables
- bug #4694 js error on marking table as favorite in Safari (in private mode)
- bug #4695 Changing $cfg['DefaultTabTable'] doesn't update link and title
- bug Undefined index menuswork
- bug Undefined index navwork
- bug Undefined index central_columnswork
- bug #4697 Server Status refresh not behaving as expected
- bug Null argument in array_multisort()
- bug #4699 Navigation panel should not hide icons based on
'TableNavigationLinksMode'
- bug #4703 Unsaved schema page exported as pdf.pdf
- bug #4707 Call to undefined method PMA_Schema_PDF::dieSchema()
- bug #4702 URL is non RFC-2396 compatible in get_scripts.js.php
- bug Undefined index notices while configuring recent and favorite
tables
- bug #4687 Designer breaks without configuration storage
- bug #4686 Select elements flicker and selects something else
- bug #4689 Setup tool creates "pma__favorites" incorrectly
- bug #4685 Call to a member function isUserType() on a non-object
- bug #4691 Do not include console when no server is selected
- bug #4688 File permissions in archive
- bug #4692 Dynamic javascripts gives 500 when db selected
- bug Auto-configuration: tables were not created automatically
- bug #4677 Advanced feature checker does not check for favorite tables
feature
- bug #4678 Some of the data stored in configuration storage are not deleted
upon db or table delete
- bug #4679 Setup does not allow providing a name for favorites table
- bug #4680 Number of favorite table are not configurable in setup
- bug #4681 'Central columns table' field in setup does not have a
description
- bug #4318 Default connection collation and sorting
- bug #4683 Relational data is not properly updated on table rename
- bug #4655 Undefined index: collation_connection (second patch)
- bug #4682 4.3.3 & 4.3.4 Import sql created by mysqldump fails on foreign
keys
- bug #4676 Auto-configuration issues
- bug #4416 New lines are removed when grid editing (part two: TEXT)
- bug #4653 Always connection error was shown, on /setup at tab
"configuration storage"
- bug #4661 Drag and drop file import always fails
- bug #4651 don't open console with esc
- bug #4664 select min() displays 1 row, but reports the table amount of
rows returned
- bug #4666 Undefined indexes in table stucture print view of a view
- bug #4663 Export missing back ticks for order table name
- bug #4668 Remove from central columns error
- bug #4670 CSV import reads both commas and values into first column after
first row
- bug #4642 phpmyadmin often fails to load due to specific load order
- bug #4671 Unable to move all columns
- bug #4645 Import of export created with mysqldump
- bug #4672 "Distinct values" does not page
- bug #4667 Consistency in borders
- bug #4658 Illegal string offset (Data_length, Index_length)
- bug #4655 Undefined index: collation_connection
- bug #4673 Delimiter causing page lock
- bug The "Recently used tables" setting should be with Nav panel
- bug #4647 Can't disable Favorites
- bug #4646 Version Check Broken
- bug #4630 AJAX request infinite loop
- bug #4649 Attributes field size smaller than others
- bug #4622 Cannot remove table ordering on a Mac
- bug Fix initial replication configuration
- bug Undefined index central_columnswork
- bug #4657 Don't have default blowfish_secret
- bug #4656 Some error popups fade away too quickly
- bug #4648 Consistency in borders
- bug $cfg['Error_Handler']['display'] no longer necessary
- bug #4659 Leading and trailing whitespace in column name
The major changes in version 4.3.* are:
- Smart sorting for int keys
- Confirmation message when dropping user(s)
- Confirm dialog on accidentally leaving a page
- Allow clicking an approximate row count to get a correct one
- Support for editing binary fields in hexadecimal
- MariaDB 10+ multi-master replication support
- Allow saving query charts as images
- Use aliases in SQL export for tables and columns
- Export with table/column name changes
- Dynamic process list
- Drag and Drop SQL import
- Preview SQL instead of executing it
- Run SQL query: Allow rollback for InnoDB tables
- Zeroconf PMA tables support
- Regexp replace
- Avoid session timeout when user is active
- MySQL 5.7.5 compatibility
- Avoid session timeout when user is active
- Multiple-column foreign key relation
- Charts for data in <x-axis, series,="" value=""> format
- Range Search Capability
- Improvements for the table editor (index creation)
- PHP OpenSSL support for cookie encryption/decryption
- bug #4604 Query history not being deleted
- bug #4057 db/table query string parameters no longer work
- bug #4605 Unseen messages in tracking
- bug #4606 Tracking report export as SQL dump does not work
- bug #4607 Syntax error during db_copy operation
- bug #4608 SELECT permission issues with relations and restricted access
- bug #4612 [security] XSS vulnerability in redirection mechanism
- bug #4611 [security] DOS attack with long passwords
The following bugs have been fixed since version 4.2.10.1:
- bug #4574 Blank/white page when JavaScript disabled
- bug #4577 Multi row actions cause full page reloads
- bug ReferenceError: targeurl is not defined
- bug Incorrect text/icon display in Tracking report
- bug #4404 Recordset return from procedure display nothing
- bug #4584 Edit dialog for routines is too long for smaller displays
- bug #4586 Javascript error after moving a column
- bug #4576 Issue with long comments on table columns
- bug #4599 Input field unnecessarily selected on focus
- bug #4602 Exporting selected rows exports all rows of the query
- bug #4444 No insert statement produced in SQL export for queries with alias
- bug #4603 Field disabled when internal relations used
- bug #4596 [security] XSS through exception stack
- bug #4595 [security] Path traversal can lead to leakage of line count
- bug #4578 [security] XSS vulnerability in table print view
- bug #4579 [security] XSS vulnerability in zoom search page
- bug #4594 [security] Path traversal in file inclusion of GIS factory
- bug #4598 [security] XSS in multi submit
- bug #4597 [security] XSS through pma_fontsize cookie
- bug ReferenceError: Table_onover is not defined
- bug #4552 Incorrect routines display for database due to case insensitive
checks
- bug #4259 reCaptcha sound session expired problem
- bug #4557 PHP fatal error, undefined function __()
- bug #4568 Date displayed incorrectly when charting a timeline
- bug #4571 Database Privileges link does not work
- bug makegrid.js: where_clause is undefined
- bug #4572 missing trailing slash (import and open_basedir)
The following bugs have been fixed since version 4.2.10:
- bug #4562 [security] XSS in debug SQL output
- bug #4563 [security] XSS in monitor query analyzer
The following bugs have been fixed since version 4.2.9.1:
- bug #4361 Can't change font size (when config.inc.php not present)
- bug #4542 Tab key in column name not shown
- bug PDF export: title not present in PDF
- bug #4543 Changing column name can break saved "order by" clause
- bug #4545 trying to favorite table while browser localStorage is disabled
throws JS error
- bug #4259 reCaptcha sound session expired problem
- bug #4548 Inline editing a field converts tab to spaces
- bug #4252 Database-level permission bug for db names containing underscores
- bug #3120 Events are not exported when using xml
- bug #4554 Grid-editing timestamp column forces datepicker
- bug #4556 Fast filters for tables, views etc. should be governed by
NavigationTreeDisplayItemFilterMinimum
The following bugs have been fixed since version 4.2.7.1:
- bug ajax.js responseHandler: cannot read property of null
- bug sql.js: str is undefined
- bug #4524 Allow for direct selection of "0" on the "user overview" page
- bug #4529 Undefined index: pos
- bug #4523 tbl_change.js: insert as new row submit type on multiple
selected records does not set all AUTO_INCREMENTs to 0 value
- bug ajax.js responseHandler: another "cannot read property"
- bug tbl_structure.js "cannot read property"
- bug #4530 [security] DOM based XSS that results to a CSRF that creates a
ROOT account in certain conditions
- bug #4516 Odd export behavior
- bug #4519 Uncaught TypeError: Cannot read property 'success' of null
- bug #4520 sql.js: cannot read property
- bug #4521 Initially allowed chart types do not match selected data
- bug #4518 Export to SQL: CREATE TABLE option AUTO_INCREMENT ignored
- bug #4522 Duplicate column names while assigning index
- bug #4487 Export of partitioned table does not import
- bug server_privileges.js: cannot read property
- bug #4527 Importing ODS files with column names having trailing spaces fails
- bug #4413 Navigation Error in Nav Tree for Search Results Past the First Page
- bug functions.js: Cannot read property 'replace' of undefined
The following bugs have been fixed since version 4.2.7:
- bug #4501 [security] XSS in table browse page
- bug #4502 [security] Self-XSS in enum value editor
- bug #4503 [security] Self-XSSes in monitor
- bug #4504 [security] Self-XSS in query charts
- bug #4505 [security] XSS in view operations page
- bug #4517 [security] XSS in relation view
The following bugs have been fixed since version 4.2.6:
- bug Broken links on home page
- bug #4494 Overlap in navigation panel
- bug #4427 Action icons not in horizontal order
- bug #4493 s_attention.png is missing
- bug #4499 Uncaught TypeError: Cannot call method 'substr' of undefined
- bug #4498 PMA 4.2.x and HHVM
- bug #4500 mysql_doc_template is not defined
been fixed since version 4.2.5:
- bug #4471 Undefined index warning with referenced column.
- bug #4027 $cfg['MaxExactCount'] is ignored when BROWSING is back
- bug #4482 Multi Column sorting (improved user experience)
- bug #4478 Server validation does not work while in setup/mysqli
- bug Undefined variable when grid editing a foreign key column
- bug #4481 mult_submits.inc.php Undefined variable Error
- bug #4485 Sorting breaks the copy column feature
- bug #4440 Javascript error when renaming table
- bug #4483 'New window' link (selflink) disappears, causing Javascript error
- bug #4489 Incorrect detection of privileges for routine creation
- bug #4459 First few characters of database name aren't clickable when
expanded
- bug #4486 [security] XSS injection due to unescaped table comment
- bug #4488 [security] XSS injection due to unescaped table name (triggers)
- bug #4492 [security] XSS in AJAX confirmation messages
- bug #4491 [security] Missing validation for accessing User groups feature
been fixed since version 4.2.3:
- bug #4467 shell_exec() has been disabled for security reasons
- bug #4470 Error while submitting empty query
- bug #4463 Fatal error: Class 'PMA_DatabaseInterface' not found
- bug #4469 Fixed cookie based login for installations without mcrypt
- bug #4473 incorrect result count when having clause is used
- mcrypt: remove the requirement (64-bit) and the related warning
- bug #4449 Mediawiki export does not produce table header row; also fix
related PHP warnings
- bug #4442 New lines are added to query every time
- bug #4445 Fatal error on SQL Export of join query
- bug #4448 Dump binary columns in hexadecimal notation not working
- Regenerate cookie encryption IV for every session
- bug #4405 Cannot import (open_basedir): fix another case
- bug #4457 SQL tab - Insert queries not showing affected row count
- bug Missing warning about existing account, on multi-server config
- bug #4435 WHERE clause can be undefined
- bug SQL export views as tables option getting ignored
- bug #4464 [security] XSS injection due to unescaped db/table name in
navigation hiding
- bug #4465 [security] XSS injection due to unescaped db/table name in
recent/favorite tables
- bug #4423 Moving fields not working
- bug #4424 Table indexes disappear after altering field
- bug #4432 Error while displaying chart at server level
- bug #4405 Cannot import (open_basedir)
- bug #4396 Problem copying constraints (such as Sakila)
- bug #4433 Missing privileges submenu
- bug #4394 Drop db confirmation message when dropping a user
- bug #4436 Insert form numeric field with function drop-down list
- bug #4437 Problems due to missing enforcement of the minimum supported
MySQL version
+ Add enforcement of the minimum supported PHP version (5.3.0)
- bug Query error on submitting a column change form containing a
disabled input field
- bug Incorrect menu tab generation from usergroups
- bug Missing space in index creation/edit generated query
- bug #4434 Unchecking 'Show SQL queries' results NaN
This release contains several improvements and bug fixes. This version
removes support for the deprecated PHP extension "mysql".
Some highlights include:
- Added the ability to save and load queries in Query By Example.
- Navigation tabs are now fixed and don't scroll off screen.
- Easily add a function to all rows when inserting several rows at once.
- Added a favorite tables feature for quick access to often-used tables.
- Quick filter displayed rows.
The following bugs were fixed since version 4.1.13:
- bug #4365 Creating bookmark with multiple queries not working
- bug #4372 Changing browser transformation results in unnecessary
table rebuild
- bug #4375 Group two DB, one's name is the prefix of the other one
- bug #4376 [interface] Login fields show in separate line
The following bugs were fixed since version 4.1.12:
- bug #4279 CTRL + up or down moves 2 fields
- bug #4336 List server css style wrong
- bug Missing value on the Status > Server page
- bug #4347 Fixed PHP Parse error in Advisor
- bug #4350 Deleting the DB if it is renamed by the same name
- bug #4353 makeProfilingChart is not defined
- bug #4355 Precision specifier for DOUBLE type is truncated
- bug #4346 Incorrect "Export incomplete" message
- bug #4359 Notices on create table page
- bug #4356 GROUPed selects show number of rows as if not grouped
- bug #4357 JS Form submitted on "enter" even if focus is inside a
select field
fixed since version 4.1.9:
- bug #4334 Add event : datepicker won't open
- bug #4338 Fix missing value error while executing SQL query
- TCPDF library is now optional dependency
- bug #4326 Cannot find the import plugins which start with uppercase 'I'
- bug #4301 Grid edit: "SELECT" query is replaced by "UPDATE" query after edit
- bug #4278 reCaptcha re-login requires double effort
- bug #4324 Datepicker not showing up on insert page
- bug #3991 Problem selecting item in select boxes with the ENTER keystroke
in some browsers
- bug #4323 QueryWindow ignores CodeMirror
- bug None of the live charts shown on "Status -> Monitor" (Chrome)
The following bugs have been fixed since the release of version 4.1.7:
- bug #4279 CTRL + up or down moves two fields (part one)
- bug #4294 output as text radio clickable for "OpenDocument Text" export
- bug #4297 DROP DATABASE tick box in export no longer works
- bug #4291 Unable to export comments in OpenDocument text format
- bug #4299 Deletion even when the user says "No" to the confirmation message
- bug #4303 "New" link in navi panel is shown even if no privileges
- bug #4302 Some params are being omitted from microhistory
- bug #4298 Missing validation on Import CSV: "Columns enclosed with" and
"Columns escaped with"
- bug #4040 Fatal error while resetting settings
- bug #4305 JS error when editing procedure from nav panel
- bug #4308 Edit routine form submitting when pressing enter
- bug #4307 Nav: "Columns" won't expand with specific schema
- bug #4276 Login loop on session expiry
- bug #4249 Incorrect number of result rows for SQL with subqueries
- bug #4275 Broken Link to php extension manual
- bug #4053 List of procedures is not displayed after executing with Enter
- bug #4081 Setup page content shifted to the right edge of its tabs
- bug #4284 Reordering a column erases comments for other columns
- bug #4286 Open "Browse" in a new tab
- bug #4287 Printview - Always one column too much
- bug #4288 Expand database (+ icon) after timeout doesn't do anything
- bug #4285 Fixed CSS for setup
- Fixed altering table to DOUBLE/FLOAT field
- bug #4292 Success message and failure message being shown together
- bug #4293 opening new tab (using selflink) for import.php based actions
results in error and logout
Changes since version 4.0.10:
- This release contains many improvements and bug fixes. With this
release the minimum supported PHP version is now 5.3 and the minimum
MySQL version is 5.5.
- Allow specifying a port when connecting to the controlhost
- User interface improvements to server privileges, view creation, the
Operations tab, Relation View, and when creating new users
- Added support for AES_ENCRYPT on BLOB columns
- Added support for relations with ndbcluser
- Added optional ReCAPTCHA support during login
- Added support for fractional seconds in time, datetime, and timestamp
columns
- Added find and replace by column
- Added the Error Reporting Component, an optional feature allowing
users to report certain errors directly to the phpMyAdmin bug team
- Added configurable menus (so an administrator can hide certain features)
fixed since version 4.0.9:
- bug #4150 Clicking database name in query window opens a new tab
- bug #4141 Wrong page is shown after editing; also, do not show a modal
dialog for multi-row edit
- bug #3939 PHP NavigationTree error when paging through list
- bug #4075 Support A10 Networks load balancer
- bug #4083 row deleting isn't binlogs friendly
- bug #4163 Setup script does not recognize manually-configured server
- bug #4158 Events page says no privileges with ALL PRIVILEGES
The following bugs were fixed since the release of version 4.0.8:
- bug #4104 Can't edit updatable view when searching
- bug #4108 Missing refresh by deleting databases
- bug #3995 Drizzle server charset notice
- bug #3911 Filtering database names includes empty groupings
- bug #3678 Does not display or manipulate bit(64) fields appropriately
- bug #4129 Unneeded navi panel refresh
- bug #4120 SSL redirects to port 80
- bug #4144 DROP DATABASE displays wrong database name
- bug #4059 Running delete query asks for confirmation but says it was
already executed
- bug #4147 Accessibility: Images without Alt nor title attribute
The following bugs were fixed since the release of version 4.0.7:
- bug #3988 Rename view is not working
- bug #4041 Interaction between linkified fields and grid editing
- bug #3975 Table grouping isn't implemented properly
- bug #4060 Browser tries to remember wrong password when creating new user
- bug #4002 Edit Index on big table doesn't show "Loading" or any message
- bug #4098 Default table tab is ignored
- bug #4099 Server/library difference warning: setting is ignored
- bug #4100 table tree group strategy
- bug #4102 ALTER TABLE ORDER BY and InnoDB
- bug #4103 Tracking report: cannot delete a statement
- bug #3996 Drizzle navigation doesn't expand
- bug #4074 GIS column editor: point not displayed
- bug #4109 Drizzle tables in navigation are shown as views
- bug #4095 NUL symbols added to the end of database dump file
- bug #4105 More disappears in table Structure
- bug #3992 Multi-row edit doesn't clear values when checking NULL
- bug #3993 Sorting in database overview with statistics doesn't work
- bug Handle the situation where PHP_SELF is not set
- bug #4080 Overwrite existing file not obeyed
- bug #3929 Database-specific privileges are not copied when cloning user
- bug #3997 Error handling in case MySQL extension is missing
- bug #4089 Moving Columns will alter column definition
- bug #4091 Insert ignore option does not work
- bug #4090 Downloading BLOB downloads page template
- bug #4092 Clicking on table name in view of information_schema redirects to wrong page
- bug #4079 Copy Table Add AUTO_INCREMENT value checkbox not working
- bug #4088 MySQL server version at index.php incorrect w/ controlhost
- bug #4001 Import error: Class 'ImportOds' not found
- bug #3986 Missing DROP VIEW button
Approved by Thomas Klausner.
The major changes since version 3.5.* are:
- HTML frames are gone.
- The navigation panel now presents a tree.
- Javascript now required
- Documentation has a new look.
- Many bug fixes and smaller new features
This update also fixes the security vulnerability reported in PMASA-2013-10.
Approved by Thomas Klausner.
- [security] Fix self-XSS in "Showing rows", see PMASA-2013-8
- [security] Fix self-XSS in Display chart, see PMASA-2013-9
- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
+ [security] JSON content type header for version_check.php, see PMASA-2013-9
+ [security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMASA-2013-9
+ [security] Fix full path disclosure, see PMASA-2013-12
+ [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
+ [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
- [security] Fix self-XSS in schema export, see PMASA-2013-14
- [security] Fix unencoded json object, see PMASA-2013-11
