4.6.5.2 (2016-12-05)
- issue #12765 Fixed SQL export with newlines
4.6.5.1 (2016-11-25)
- issue #12735 Incorrect parameters to escapeString in Node.php
- issue #12734 Fix PHP error when mbstring is not installed
- issue #12736 Don't force partition count to be specified when creating a new table
4.6.5 (2016-11-24)
- issue Remove potentionally license problematic sRGB profile
- issue #12459 Display read only fields as read only when editing
- issue #12384 Fix expanding of navigation pane when clicking on database
- issue #12430 Impove partitioning support
- issue #12374 Reintroduced simplified PmaAbsoluteUri configuration directive
- issue Always use UTC time in HTTP headers
- issue #12479 Simplified validation of external links
- issue #12483 Fix browsing tables with built in transformations
- issue #12485 Do not show warning about short blowfish_secret if none is set
- issue #12251 Fixed random logouts due to wrong cookie path
- issue #12480 Fixed editing of ENUM/SET/DECIMAL fields structure
- issue #12497 Missing escaping of configuration used in SQL (hide_db and only_db)
- issue #12476 Add error checking in reading advisory rules file
- issue #12477 Add checking missing elements and confirming element types from json_decode
- issue #12251 Automatically save SQL query in browser local storage rather than in cookie
- issue #12292 Unable to edit transformations
- issue #12502 Remove unused paramenter when connecting to MySQLi
- issue #12303 Fix number formatting with different settings of precision in PHP
- issue #12405 Use single quotes in PHP code
- issue #12534 Option for the dropped column is not removed from 'after_field' select, after the column is dropped
- issue #12531 Properly detect DROP DATABASE queries
- issue #12470 Fix possible race condition in setting URL hash
- issue #11924 Remove caching of server information
- issue #11628 Proper parsing of INSERT ... ON DUPLICATE KEY queries
- issue #12545 Proper parsing of CREATE TABLE ... PARTITION queries
- issue #12473 Code can throw unhandled exception
- issue #12550 Do not try to keep alive session even after expiry
- issue #12512 Fixed rendering BBCode links in setup
- issue #12518 Fixed copy of table with generated columns
- issue #12221 Fixed export of table with generated columns
- issue #12320 Copying a user does not copy usergroup
- issue #12272 Adding a new row with default enum goes to no selection when you want to add more then 2 rows
- issue #12487 Drag and drop import prevents file dropping to blob column file selector on the insert tab
- issue #12554 Absence of scrolling makes it impossible to read longer text values in grid editing
- issue #12530 "Edit routine" crashes when the current user is not the definer, even if privileges are adequate
- issue #12300 Export selective tables by-default dumps Events also
- issue #12298 Fixed export of view definitions
- issue #12242 Edit routine detail dialog does not fill "Return length" field in mysql functions
- issue #12575 New index Confirm adds whitespace around the field name
- issue #12382 Bug in zoom search
- issue #12321 Assign LIMIT clause only to syntactically correct queries
- issue #12461 Can't Execute SQL With Sub-Query Due To "LIMIT 0,25" Inserted At Wrong Place
- issue #12511 Clarify documentation on ArbitraryServerRegexp
- issue #12508 Remove duplicate code in SQL escaping
- issue #12475 Cleanup code for getting table information
- issue #12579 phpMyAdmin's export of a Select statment without a FROM clause generates Wrong SQL
- issue #12316 Correct export of complex SELECT statements
- issue #12080 Fixed parsing of subselect queries
- issue #11740 Fixed handling DELETE ... USING queries
- issue #12100 Fixed handling of CASE operator
- issue #12455 Query history stores separate entry for every letter typed
- issue #12327 Create PHP code no longer works
- issue #12179 Fixed bookmarking of query with multiple statements
- issue #12419 Wrong description on GRANT OPTION
- issue #12615 Fixed regexp for matching browser versions
- issue #12569 Avoid showing import errors twice
- issue #12362 prefs_manage.php can leave an orphaned temporary file
- issue #12619 Unable to export csv when using union select
- issue #12625 Broken Edit links in query results of JOIN query
- issue #12634 Drop DB error in import if DB doesn't exist
- issue #12338 Designer reverts to first saved ER after EACH relation create or delete
- issue #12639 'Show trace' in Console generates JS error for functions in query's trace called without any arguments
- issue #12366 Fix user creation with certain MariaDB setups
- issue #12616 Refuse to work with mbstring.func_overload enabled
- issue #12472 Properly report connection without password in setup
- issue #12365 Fix records count for large tables
- issue #12533 Fix records count for complex queries
- issue #12454 Query history not updated in console until page refresh
- issue #12344 Fixed parsing of labels in loop
- issue #12228 Fixed parsing of BEGIN labels
- issue #12637 Fixed editing some timestamp values
- issue #12622 Fixed javascript error in designer
- issue #12334 Missing page indicator or VIEWs
- issue #12610 Export of tables with Timestamp/Datetime/Time columns defined with ON UPDATE clause with precision fails
- issue #12661 Error inserting into pma__history after timeout
- issue #12195 Row_format = fixed not visible
- issue #12665 Cannot add a foreign key - non-indexed fields not listed in InnoDB tables
- issue #12674 Allow for proper MySQL-allowed strings as identifiers
- issue #12651 Allow for partial dates on table insert page
- issue #12681 Fixed designer with tables using special chars
- issue #12652 Fixed visual query builder for foreign keys with more fields
- issue #12257 Improved search page performance
- issue #12322 Avoid selecting default function for foreign keys
- issue #12453 Fixed escaping of SQL parts in some corner cases
- issue #12542 Missing table name in account privileges editor
- issue #12691 Remove ksort call on empty array in PMA_getPlugins function
- issue #12443 Check parameter type before processing
- issue #12299 Avoid generating too long URLs in search
- issue #12361 Fix self SQL injection in table-specific privileges
- issue #12698 Add link to release notes and download on new version notification
- issue #12712 Error when trying to setup replication (fatal error in call to an old PMA_DBI_connect function)
- issue [security] Unsafe generation of $cfg['blowfish_secret'], see PMASA-2016-58
- issue [security] phpMyAdmin's phpinfo functionality is removed, see PMASA-2016-59
- issue [security] AllowRoot and allow/deny rule bypass with specially-crafted username, see PMASA-2016-60
- issue [security] Username matching weaknesses with allow/deny rules, see PMASA-2016-61
- issue [security] Possible to bypass logout timeout, see PMASA-2016-62
- issue [security] Full path disclosure (FPD) weaknesses, see PMASA-2016-63
- issue [security] Multiple XSS weaknesses, see PMASA-2016-64
- issue [security] Multiple denial-of-service (DOS) vulnerabilities, see PMASA-2016-65
- issue [security] Possible to bypass white-list protection for URL redirection, see PMASA-2016-66
- issue [security] BBCode injection to login page, see PMASA-2016-67
- issue [security] Denial-of-service (DOS) vulnerability in table partitioning, see PMASA-2016-68
- issue [security] Multiple SQL injection vulnerabilities, see PMASA-2016-69
- issue [security] Incorrect serialized string parsing, see PMASA-2016-70
- issue [security] CSRF token not stripped from the URL, see PMASA-2016-71
pkgsrc changes:
* Overhaul Makefile.
- Remove use of INSTALL_DIRS and simplify install process.
- Utilize pkgsrc SUBST_*.
- Stop other pkglint warninggs.
* Drop some dot files from installation.
Quote from Changes:
4.6.4 (2016-08-16)
- issue [security] Weaknesses with cookie encryption, see PMASA-2016-29
- issue [security] Improve session cookie code for openid.php and signon.php example files
- issue [security] Full path disclosure in openid.php and signon.php example files
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-30
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-31
- issue [security] Unsafe generation of BlowfishSecret (when not supplied by the user)
- issue [security] Referrer leak when phpinfo is enabled
- issue [security] PHP code injection, see PMASA-2016-32
- issue [security] Full path disclosure, see PMASA-2016-33
- issue [security] SQL injection attack, see PMASA-2016-34
- issue [security] Local file exposure through LOAD DATA LOCAL INFILE, see PMASA-2016-35
- issue [security] Local file exposure through symlinks with UploadDir, see PMASA-2016-36
- issue [security] Path traversal with SaveDir and UploadDir, see PMASA-2016-37
- issue [security] Multiple XSS vulnerabilities, see PMASA-2016-38
- issue [security] SQL injection vulnerability as control user, see PMASA-2016-39
- issue [security] SQL injection vulnerability, see PMASA-2016-40
- issue [security] Denial-of-service attack through transformation feature, see PMASA-2016-41
- issue [security] SQL injection vulnerability as control user, see PMASA-2016-42
- issue [security] Verify data before unserializing, see PMASA-2016-43
- issue [security] Use HTTPS for wiki links
- issue Remove Swekey support
- issue [security] SSRF in setup script, see PMASA-2016-44
- issue [security] Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections, see PMASA-2016-45
- issue [security] Improve SSL certificate handling
- issue [security] Fix full path disclosure in debugging code
- issue [security] Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server, see PMASA-2016-47
- issue [security] Detect if user is logged in, see PMASA-2016-48
- issue [security] Bypass URL redirection protection, see PMASA-2016-49
- issue [security] Referrer leak, see PMASA-2016-50
- issue [security] Reflected File Download, see PMASA-2016-51
- issue [security] ArbitraryServerRegexp bypass, see PMASA-2016-52
- issue [security] Denial-of-service attack by entering long password, see PMASA-2016-53
- issue [security] Remote code execution vulnerability when running as CGI, see PMASA-2016-054
- issue [security] Administrators could trigger SQL injection attack against users
- issue [security] Denial-of-service attack when PHP uses dbase extension, see PMASA-2016-55
- issue [security] Remove tode execution vulnerability when PHP uses dbase extension, see PMASA-2016-56
- issue [security] Denial-of-service attack by using for loops, see PMASA-2016-46
- issue Include X-Robots-Tag header in responses
- issue Enforce numeric field length when creating table
- issue Fixed invalid Content-Length in some HTTP responses
- issue #12394 Create view should require a view name
- issue #12391 Message with 'Change password successfully' displayed, but does not take effect
- issue Tighten control on PHP sessions and session cookies
- issue #12409 Re-enable overhead on server databases view
- issue #12414 Fixed rendering of Original theme
- issue #12413 Fixed deleting users in non English locales
- issue #12416 Fixed replication status output in Databases listing
- issue #12303 Avoid typecasting to float when not needed
- issue #12425 Duplicate message variable names in messages.inc.php
- issue #12399 Adding index to table shows wrong top navigation
- issue #12424 Fixed password change on MariaDB without auth plugin
- issue #12339 Do not error on unset server port
- issue #12422 Improvements to the original theme
- issue #12395 Do not try to load old transformation plugins
- issue #12423 Fixed replication status in database listing
- issue #12433 Copy table with prefix does not copy the indexes
- issue #12375 Search in database: Window content is not scrolling down when clicking first time on Browse link
- issue #12346 SQL Editor textareas can have their size increased from the top, distorting the page view
Problems found with existing distfiles:
distfiles/D6.data.ros.gz
distfiles/cstore0.2.tar.gz
distfiles/data4.tar.gz
distfiles/sphinx-2.2.7-release.tar.gz
No changes made to the cstore or mariadb55-client distinfo files.
Otherwise, existing SHA1 digests verified and found to be the same on
the machine holding the existing distfiles (morden). All existing
SHA1 digests retained for now as an audit trail.
- bug #4746 Right-aligned columns have left-aligned header
- bug #4779 PMA_Util::parseEnumSetValues fails on enums with UTF-8 values
- bug Undefined index savedsearcheswork
- bug #4788 Inline edit of DATE fields with NULL, NULL checkbox is under
datepicker
- bug #4790 DROP TABLE/VIEW IF EXISTS are not tracked
- bug Compatibility with central columns of version 4.4
- bug #4758 Firefox with auth_type to http with multiple server doesn't
work anymore
- bug #4789 Views aren't dropped when copying a database
- bug #4784 Incomplete bookmark saving
- bug #4786 SELECT width on relations page
- bug [security] Risk of BREACH attack, see PMASA-2015-1
- bug #4774 SQL links are completely wrong
- bug #4768 MariaDB: version mismatch
- bug #4777 Some images are missing in Designer for original theme
- bug #4767 Drizzle: undefined index in mysql_charsets.inc.php
- bug #4753 Normal field and multi-line field have different margins
- bug #4760 Cannot re-import settings from local storage
- bug #4778 SQL error when database list is sorted by additional columns
- bug #4780 Notice when timestamp column does not have default value
- bug Undefined index navwork
- bug #4744 Opening console scroll down the page
- bug Remove extra column heading in view structure page
- bug Add missing confirmation when deleting central columns
- bug Undefined index DisableIS
- bug #4763 Database export with more than 512 tables fails
- bug #4769 Previously set column aliases are destroyed if returned to the
same table
- bug #4752 Incorrect page after creating table
- bug #4771 Central Columns not working, showing error
- bug #4728 Incorrect headings in routine editor
- bug #4730 Notice while browsing tables when phpmyadmin pma database
exists, but not all the tables
- bug #4729 Display original field when using "Relational display column"
option and display column is empty
- bug #4734 Default values for binary fields do not support binary values
- bug #4736 Changing display options breaks query highlighting
- bug Undefined index submit_type
- bug #4738 Header lose align when scrolling in Firefox
- bug #4741 in ./libraries/Advisor.class.php#184 vsprintf(): Too few arguments
- bug #4743 Unable to move cursor with keyboard in filter rows box
- bug Incorrect link in doc
- bug #4745 Tracking does not handle views properly
- bug #4706 Schema export doesn't handle dots in db/table name
- bug #3935 Table Header not displayed correct (Safari 5.0.5 Mac)
- bug #4750 Disable renaming referenced columns
- bug #4748 Column name center-aligned instead of left-aligned in Relations
- bug Undefined constant PMA_DRIZZLE
- bug #4712 Wrongly positioned date-picker while Grid-Editing
- bug #4714 Forced ORDER BY for own sql statements
- bug #4721 Undefined property: stdClass::$version
- bug #4719 'only_db' not working
- bug #4700 Error text: Internal Server Error
- bug #4722 Incorrect width table summary when favorite tables is disabled
- bug #4710 Nav tree error after filtering the tables
- bug #4716 Collapse all in navigation panel is sometimes broken
- bug #4724 Cannot navigate in filtered table list
- bug #4717 Database navigation menu broken when resolution/screen is changing
- bug #4727 Collation column missing in database list when DisableIS is true
- bug Undefined index central_columnswork
- bug Undefined index favorite_tables
- bug #4694 js error on marking table as favorite in Safari (in private mode)
- bug #4695 Changing $cfg['DefaultTabTable'] doesn't update link and title
- bug Undefined index menuswork
- bug Undefined index navwork
- bug Undefined index central_columnswork
- bug #4697 Server Status refresh not behaving as expected
- bug Null argument in array_multisort()
- bug #4699 Navigation panel should not hide icons based on
'TableNavigationLinksMode'
- bug #4703 Unsaved schema page exported as pdf.pdf
- bug #4707 Call to undefined method PMA_Schema_PDF::dieSchema()
- bug #4702 URL is non RFC-2396 compatible in get_scripts.js.php
- bug Undefined index notices while configuring recent and favorite
tables
- bug #4687 Designer breaks without configuration storage
- bug #4686 Select elements flicker and selects something else
- bug #4689 Setup tool creates "pma__favorites" incorrectly
- bug #4685 Call to a member function isUserType() on a non-object
- bug #4691 Do not include console when no server is selected
- bug #4688 File permissions in archive
- bug #4692 Dynamic javascripts gives 500 when db selected
- bug Auto-configuration: tables were not created automatically
- bug #4677 Advanced feature checker does not check for favorite tables
feature
- bug #4678 Some of the data stored in configuration storage are not deleted
upon db or table delete
- bug #4679 Setup does not allow providing a name for favorites table
- bug #4680 Number of favorite table are not configurable in setup
- bug #4681 'Central columns table' field in setup does not have a
description
- bug #4318 Default connection collation and sorting
- bug #4683 Relational data is not properly updated on table rename
- bug #4655 Undefined index: collation_connection (second patch)
- bug #4682 4.3.3 & 4.3.4 Import sql created by mysqldump fails on foreign
keys
- bug #4676 Auto-configuration issues
- bug #4416 New lines are removed when grid editing (part two: TEXT)
- bug #4653 Always connection error was shown, on /setup at tab
"configuration storage"
- bug #4661 Drag and drop file import always fails
- bug #4651 don't open console with esc
- bug #4664 select min() displays 1 row, but reports the table amount of
rows returned
- bug #4666 Undefined indexes in table stucture print view of a view
- bug #4663 Export missing back ticks for order table name
- bug #4668 Remove from central columns error
- bug #4670 CSV import reads both commas and values into first column after
first row
- bug #4642 phpmyadmin often fails to load due to specific load order
- bug #4671 Unable to move all columns
- bug #4645 Import of export created with mysqldump
- bug #4672 "Distinct values" does not page
- bug #4667 Consistency in borders
- bug #4658 Illegal string offset (Data_length, Index_length)
- bug #4655 Undefined index: collation_connection
- bug #4673 Delimiter causing page lock
- bug The "Recently used tables" setting should be with Nav panel
- bug #4647 Can't disable Favorites
- bug #4646 Version Check Broken
- bug #4630 AJAX request infinite loop
- bug #4649 Attributes field size smaller than others
- bug #4622 Cannot remove table ordering on a Mac
- bug Fix initial replication configuration
- bug Undefined index central_columnswork
- bug #4657 Don't have default blowfish_secret
- bug #4656 Some error popups fade away too quickly
- bug #4648 Consistency in borders
- bug $cfg['Error_Handler']['display'] no longer necessary
- bug #4659 Leading and trailing whitespace in column name
The major changes in version 4.3.* are:
- Smart sorting for int keys
- Confirmation message when dropping user(s)
- Confirm dialog on accidentally leaving a page
- Allow clicking an approximate row count to get a correct one
- Support for editing binary fields in hexadecimal
- MariaDB 10+ multi-master replication support
- Allow saving query charts as images
- Use aliases in SQL export for tables and columns
- Export with table/column name changes
- Dynamic process list
- Drag and Drop SQL import
- Preview SQL instead of executing it
- Run SQL query: Allow rollback for InnoDB tables
- Zeroconf PMA tables support
- Regexp replace
- Avoid session timeout when user is active
- MySQL 5.7.5 compatibility
- Avoid session timeout when user is active
- Multiple-column foreign key relation
- Charts for data in <x-axis, series,="" value=""> format
- Range Search Capability
- Improvements for the table editor (index creation)
- PHP OpenSSL support for cookie encryption/decryption
- bug #4604 Query history not being deleted
- bug #4057 db/table query string parameters no longer work
- bug #4605 Unseen messages in tracking
- bug #4606 Tracking report export as SQL dump does not work
- bug #4607 Syntax error during db_copy operation
- bug #4608 SELECT permission issues with relations and restricted access
- bug #4612 [security] XSS vulnerability in redirection mechanism
- bug #4611 [security] DOS attack with long passwords
The following bugs have been fixed since version 4.2.10.1:
- bug #4574 Blank/white page when JavaScript disabled
- bug #4577 Multi row actions cause full page reloads
- bug ReferenceError: targeurl is not defined
- bug Incorrect text/icon display in Tracking report
- bug #4404 Recordset return from procedure display nothing
- bug #4584 Edit dialog for routines is too long for smaller displays
- bug #4586 Javascript error after moving a column
- bug #4576 Issue with long comments on table columns
- bug #4599 Input field unnecessarily selected on focus
- bug #4602 Exporting selected rows exports all rows of the query
- bug #4444 No insert statement produced in SQL export for queries with alias
- bug #4603 Field disabled when internal relations used
- bug #4596 [security] XSS through exception stack
- bug #4595 [security] Path traversal can lead to leakage of line count
- bug #4578 [security] XSS vulnerability in table print view
- bug #4579 [security] XSS vulnerability in zoom search page
- bug #4594 [security] Path traversal in file inclusion of GIS factory
- bug #4598 [security] XSS in multi submit
- bug #4597 [security] XSS through pma_fontsize cookie
- bug ReferenceError: Table_onover is not defined
- bug #4552 Incorrect routines display for database due to case insensitive
checks
- bug #4259 reCaptcha sound session expired problem
- bug #4557 PHP fatal error, undefined function __()
- bug #4568 Date displayed incorrectly when charting a timeline
- bug #4571 Database Privileges link does not work
- bug makegrid.js: where_clause is undefined
- bug #4572 missing trailing slash (import and open_basedir)
The following bugs have been fixed since version 4.2.10:
- bug #4562 [security] XSS in debug SQL output
- bug #4563 [security] XSS in monitor query analyzer
The following bugs have been fixed since version 4.2.9.1:
- bug #4361 Can't change font size (when config.inc.php not present)
- bug #4542 Tab key in column name not shown
- bug PDF export: title not present in PDF
- bug #4543 Changing column name can break saved "order by" clause
- bug #4545 trying to favorite table while browser localStorage is disabled
throws JS error
- bug #4259 reCaptcha sound session expired problem
- bug #4548 Inline editing a field converts tab to spaces
- bug #4252 Database-level permission bug for db names containing underscores
- bug #3120 Events are not exported when using xml
- bug #4554 Grid-editing timestamp column forces datepicker
- bug #4556 Fast filters for tables, views etc. should be governed by
NavigationTreeDisplayItemFilterMinimum
The following bugs have been fixed since version 4.2.7.1:
- bug ajax.js responseHandler: cannot read property of null
- bug sql.js: str is undefined
- bug #4524 Allow for direct selection of "0" on the "user overview" page
- bug #4529 Undefined index: pos
- bug #4523 tbl_change.js: insert as new row submit type on multiple
selected records does not set all AUTO_INCREMENTs to 0 value
- bug ajax.js responseHandler: another "cannot read property"
- bug tbl_structure.js "cannot read property"
- bug #4530 [security] DOM based XSS that results to a CSRF that creates a
ROOT account in certain conditions
- bug #4516 Odd export behavior
- bug #4519 Uncaught TypeError: Cannot read property 'success' of null
- bug #4520 sql.js: cannot read property
- bug #4521 Initially allowed chart types do not match selected data
- bug #4518 Export to SQL: CREATE TABLE option AUTO_INCREMENT ignored
- bug #4522 Duplicate column names while assigning index
- bug #4487 Export of partitioned table does not import
- bug server_privileges.js: cannot read property
- bug #4527 Importing ODS files with column names having trailing spaces fails
- bug #4413 Navigation Error in Nav Tree for Search Results Past the First Page
- bug functions.js: Cannot read property 'replace' of undefined
The following bugs have been fixed since version 4.2.7:
- bug #4501 [security] XSS in table browse page
- bug #4502 [security] Self-XSS in enum value editor
- bug #4503 [security] Self-XSSes in monitor
- bug #4504 [security] Self-XSS in query charts
- bug #4505 [security] XSS in view operations page
- bug #4517 [security] XSS in relation view
The following bugs have been fixed since version 4.2.6:
- bug Broken links on home page
- bug #4494 Overlap in navigation panel
- bug #4427 Action icons not in horizontal order
- bug #4493 s_attention.png is missing
- bug #4499 Uncaught TypeError: Cannot call method 'substr' of undefined
- bug #4498 PMA 4.2.x and HHVM
- bug #4500 mysql_doc_template is not defined
been fixed since version 4.2.5:
- bug #4471 Undefined index warning with referenced column.
- bug #4027 $cfg['MaxExactCount'] is ignored when BROWSING is back
- bug #4482 Multi Column sorting (improved user experience)
- bug #4478 Server validation does not work while in setup/mysqli
- bug Undefined variable when grid editing a foreign key column
- bug #4481 mult_submits.inc.php Undefined variable Error
- bug #4485 Sorting breaks the copy column feature
- bug #4440 Javascript error when renaming table
- bug #4483 'New window' link (selflink) disappears, causing Javascript error
- bug #4489 Incorrect detection of privileges for routine creation
- bug #4459 First few characters of database name aren't clickable when
expanded
- bug #4486 [security] XSS injection due to unescaped table comment
- bug #4488 [security] XSS injection due to unescaped table name (triggers)
- bug #4492 [security] XSS in AJAX confirmation messages
- bug #4491 [security] Missing validation for accessing User groups feature
been fixed since version 4.2.3:
- bug #4467 shell_exec() has been disabled for security reasons
- bug #4470 Error while submitting empty query
- bug #4463 Fatal error: Class 'PMA_DatabaseInterface' not found
- bug #4469 Fixed cookie based login for installations without mcrypt
- bug #4473 incorrect result count when having clause is used
- mcrypt: remove the requirement (64-bit) and the related warning
- bug #4449 Mediawiki export does not produce table header row; also fix
related PHP warnings
- bug #4442 New lines are added to query every time
- bug #4445 Fatal error on SQL Export of join query
- bug #4448 Dump binary columns in hexadecimal notation not working
- Regenerate cookie encryption IV for every session
- bug #4405 Cannot import (open_basedir): fix another case
- bug #4457 SQL tab - Insert queries not showing affected row count
- bug Missing warning about existing account, on multi-server config
- bug #4435 WHERE clause can be undefined
- bug SQL export views as tables option getting ignored
- bug #4464 [security] XSS injection due to unescaped db/table name in
navigation hiding
- bug #4465 [security] XSS injection due to unescaped db/table name in
recent/favorite tables
- bug #4423 Moving fields not working
- bug #4424 Table indexes disappear after altering field
- bug #4432 Error while displaying chart at server level
- bug #4405 Cannot import (open_basedir)
- bug #4396 Problem copying constraints (such as Sakila)
- bug #4433 Missing privileges submenu
- bug #4394 Drop db confirmation message when dropping a user
- bug #4436 Insert form numeric field with function drop-down list
- bug #4437 Problems due to missing enforcement of the minimum supported
MySQL version
+ Add enforcement of the minimum supported PHP version (5.3.0)
- bug Query error on submitting a column change form containing a
disabled input field
- bug Incorrect menu tab generation from usergroups
- bug Missing space in index creation/edit generated query
- bug #4434 Unchecking 'Show SQL queries' results NaN
This release contains several improvements and bug fixes. This version
removes support for the deprecated PHP extension "mysql".
Some highlights include:
- Added the ability to save and load queries in Query By Example.
- Navigation tabs are now fixed and don't scroll off screen.
- Easily add a function to all rows when inserting several rows at once.
- Added a favorite tables feature for quick access to often-used tables.
- Quick filter displayed rows.
The following bugs were fixed since version 4.1.13:
- bug #4365 Creating bookmark with multiple queries not working
- bug #4372 Changing browser transformation results in unnecessary
table rebuild
- bug #4375 Group two DB, one's name is the prefix of the other one
- bug #4376 [interface] Login fields show in separate line
The following bugs were fixed since version 4.1.12:
- bug #4279 CTRL + up or down moves 2 fields
- bug #4336 List server css style wrong
- bug Missing value on the Status > Server page
- bug #4347 Fixed PHP Parse error in Advisor
- bug #4350 Deleting the DB if it is renamed by the same name
- bug #4353 makeProfilingChart is not defined
- bug #4355 Precision specifier for DOUBLE type is truncated
- bug #4346 Incorrect "Export incomplete" message
- bug #4359 Notices on create table page
- bug #4356 GROUPed selects show number of rows as if not grouped
- bug #4357 JS Form submitted on "enter" even if focus is inside a
select field
fixed since version 4.1.9:
- bug #4334 Add event : datepicker won't open
- bug #4338 Fix missing value error while executing SQL query
- TCPDF library is now optional dependency
- bug #4326 Cannot find the import plugins which start with uppercase 'I'
- bug #4301 Grid edit: "SELECT" query is replaced by "UPDATE" query after edit
- bug #4278 reCaptcha re-login requires double effort
- bug #4324 Datepicker not showing up on insert page
- bug #3991 Problem selecting item in select boxes with the ENTER keystroke
in some browsers
- bug #4323 QueryWindow ignores CodeMirror
- bug None of the live charts shown on "Status -> Monitor" (Chrome)
The following bugs have been fixed since the release of version 4.1.7:
- bug #4279 CTRL + up or down moves two fields (part one)
- bug #4294 output as text radio clickable for "OpenDocument Text" export
- bug #4297 DROP DATABASE tick box in export no longer works
- bug #4291 Unable to export comments in OpenDocument text format
- bug #4299 Deletion even when the user says "No" to the confirmation message
- bug #4303 "New" link in navi panel is shown even if no privileges
- bug #4302 Some params are being omitted from microhistory
- bug #4298 Missing validation on Import CSV: "Columns enclosed with" and
"Columns escaped with"
- bug #4040 Fatal error while resetting settings
- bug #4305 JS error when editing procedure from nav panel
- bug #4308 Edit routine form submitting when pressing enter
- bug #4307 Nav: "Columns" won't expand with specific schema
- bug #4276 Login loop on session expiry
- bug #4249 Incorrect number of result rows for SQL with subqueries
- bug #4275 Broken Link to php extension manual
- bug #4053 List of procedures is not displayed after executing with Enter
- bug #4081 Setup page content shifted to the right edge of its tabs
- bug #4284 Reordering a column erases comments for other columns
- bug #4286 Open "Browse" in a new tab
- bug #4287 Printview - Always one column too much
- bug #4288 Expand database (+ icon) after timeout doesn't do anything
- bug #4285 Fixed CSS for setup
- Fixed altering table to DOUBLE/FLOAT field
- bug #4292 Success message and failure message being shown together
- bug #4293 opening new tab (using selflink) for import.php based actions
results in error and logout
Changes since version 4.0.10:
- This release contains many improvements and bug fixes. With this
release the minimum supported PHP version is now 5.3 and the minimum
MySQL version is 5.5.
- Allow specifying a port when connecting to the controlhost
- User interface improvements to server privileges, view creation, the
Operations tab, Relation View, and when creating new users
- Added support for AES_ENCRYPT on BLOB columns
- Added support for relations with ndbcluser
- Added optional ReCAPTCHA support during login
- Added support for fractional seconds in time, datetime, and timestamp
columns
- Added find and replace by column
- Added the Error Reporting Component, an optional feature allowing
users to report certain errors directly to the phpMyAdmin bug team
- Added configurable menus (so an administrator can hide certain features)
fixed since version 4.0.9:
- bug #4150 Clicking database name in query window opens a new tab
- bug #4141 Wrong page is shown after editing; also, do not show a modal
dialog for multi-row edit
- bug #3939 PHP NavigationTree error when paging through list
- bug #4075 Support A10 Networks load balancer
- bug #4083 row deleting isn't binlogs friendly
- bug #4163 Setup script does not recognize manually-configured server
- bug #4158 Events page says no privileges with ALL PRIVILEGES
The following bugs were fixed since the release of version 4.0.8:
- bug #4104 Can't edit updatable view when searching
- bug #4108 Missing refresh by deleting databases
- bug #3995 Drizzle server charset notice
- bug #3911 Filtering database names includes empty groupings
- bug #3678 Does not display or manipulate bit(64) fields appropriately
- bug #4129 Unneeded navi panel refresh
- bug #4120 SSL redirects to port 80
- bug #4144 DROP DATABASE displays wrong database name
- bug #4059 Running delete query asks for confirmation but says it was
already executed
- bug #4147 Accessibility: Images without Alt nor title attribute
The following bugs were fixed since the release of version 4.0.7:
- bug #3988 Rename view is not working
- bug #4041 Interaction between linkified fields and grid editing
- bug #3975 Table grouping isn't implemented properly
- bug #4060 Browser tries to remember wrong password when creating new user
- bug #4002 Edit Index on big table doesn't show "Loading" or any message
- bug #4098 Default table tab is ignored
- bug #4099 Server/library difference warning: setting is ignored
- bug #4100 table tree group strategy
- bug #4102 ALTER TABLE ORDER BY and InnoDB
- bug #4103 Tracking report: cannot delete a statement
- bug #3996 Drizzle navigation doesn't expand
- bug #4074 GIS column editor: point not displayed
- bug #4109 Drizzle tables in navigation are shown as views
- bug #4095 NUL symbols added to the end of database dump file
- bug #4105 More disappears in table Structure
- bug #3992 Multi-row edit doesn't clear values when checking NULL
- bug #3993 Sorting in database overview with statistics doesn't work
- bug Handle the situation where PHP_SELF is not set
- bug #4080 Overwrite existing file not obeyed
- bug #3929 Database-specific privileges are not copied when cloning user
- bug #3997 Error handling in case MySQL extension is missing
- bug #4089 Moving Columns will alter column definition
- bug #4091 Insert ignore option does not work
- bug #4090 Downloading BLOB downloads page template
- bug #4092 Clicking on table name in view of information_schema redirects to wrong page
- bug #4079 Copy Table Add AUTO_INCREMENT value checkbox not working
- bug #4088 MySQL server version at index.php incorrect w/ controlhost
- bug #4001 Import error: Class 'ImportOds' not found
- bug #3986 Missing DROP VIEW button
Approved by Thomas Klausner.
The major changes since version 3.5.* are:
- HTML frames are gone.
- The navigation panel now presents a tree.
- Javascript now required
- Documentation has a new look.
- Many bug fixes and smaller new features
This update also fixes the security vulnerability reported in PMASA-2013-10.
Approved by Thomas Klausner.
- [security] Fix self-XSS in "Showing rows", see PMASA-2013-8
- [security] Fix self-XSS in Display chart, see PMASA-2013-9
- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
+ [security] JSON content type header for version_check.php, see PMASA-2013-9
+ [security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMASA-2013-9
+ [security] Fix full path disclosure, see PMASA-2013-12
+ [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
+ [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
- [security] Fix self-XSS in schema export, see PMASA-2013-14
- [security] Fix unencoded json object, see PMASA-2013-11
- bug #3779 [core] Problem with backslash in enum fields
- bug #3816 Missing server_processlist.php
- bug #3821 Safari: white page
- Correct detection of the Chrome browser
- bug #3593604 [status] Erroneous advisor rule
- bug #3596070 [status] localStorage broken in server status monitor
- bug #3598736 [routines] Editing a procedure with special characters
- bug #3600322 [core] Visualize GIS data throws Fatal Error
- bug #3599362 [core] Double-escaped error message
- bug #3776 [cookies] Login without auth on second server
- bug #3563824 [export] Support Apache's mod_deflate
- bug #3585523 [interface] Inline query editing broken after row update
- bug #3586389 [setup] Cannot switch language in /setup
- bug #3585695 [CSS] Font size in inline query editor is way too big
- bug #3588354 [l10n] Portuguese Language not displaying correctly
- bug #3591412 [status] Live charts don't work for non-default server
- bug [core] Proxy ajax calls to pma.net to avoid browser notices
- bug #3593534 [tracking] Structure Snapshot on tracked view renders
invalid SQL
- bug #3544366 [events] Event comments not saved
Approved by Thomas Klausner.
- bug #3570212 [edit] uuid_short() is a no-arguments function
- bug #3569577 [edit] Add routine parameter headers not valid for "function"
- bug #3575799 [search] Various search operators not working as expected
- bug #3576322 [search] Invalid select query generated for tables with
ENUM fields
- bug #3577468 [display] Incorrect imagejpeg Syntax Breaks Image Transformation
- bug #3578776 [search] Editing SQL not possible when no records found
- bug #3571970 [interface] Display chart and number of rows to plot
- bug #3582631 [core] Wrong redirect url caused cookies error with ForceSSL
- bug #3539044 [interface] Browse mode "Show" button gives blank page if no
results anymore
- bug #3534979 [interface] Copy Database Ajax feedback vanishes long before
copying is done
- bug #3527531 [interface] GC-maxlifetime warning incorrectly displayed
- bug #3526916 [interface] Search fails with JS error when tooltips disabled
- bug #3544366 [interface] Event comments not saved
- bug #3549084 [edit] Can't enter date directly when editing inline
- bug #3548491 [interface] Inline query editor doesn't work from search results
- bug #3547825 [edit] BLOB download no longer works
- bug #3541966 [config] Error in generated configuration arrray
- bug #3553551 [GUI] Invalid HTML code in multi submits confirmation form
- [interface] Designer sometimes places tables on the top menu
- bug #3546277 [core] Call to undefined function __() when config file has
wrong permissions
- bug #3540922 [edit] Error searching table with many fields
- bug #3555104 [edit] Cannot copy a DB with table & views
- bug #3559925 [privileges] Incorrect updating of the list of users
- bug #3561224 [edit] cell edit date field with empty date fills in current
date
- bug #3559955 [edit] current_date from function drop down fails on update
- bug #3562472 add support for Solaris and FreeBSD system load and memory
display in server status
- bug #3553068 [import] Table import from XML file fails
- replace Highcharts with jqplot for Display chart
- bug #3567684 [edit] Pasting value doesn't clear null checkbox
- bug #3570786 [edit] Datepicker for date and datetime fields is broken
- The setup scripts *must* not get write access to the real "config.inc.php".
Allow then instead to generate a file in "/var/phpmyadmin" which the
administrator copies it place manually. This is the intended procedure
as documented by the developers.
- Restore the normal "config.inc.php" to its original location. Not sure
why I didn't encounter any problems during testing the last change
because phpMyAdmin isn't working very well without this.
While here change dependences to require both the "php-mysql" and the
"php-mysqli" packages. Old installations will use the former, new
installation will use the later.
Bump the package revision again because of these changes.