phpMyAdmin

phpMyAdmin - ChangeLog ====================== 4.9.4 (2020-01-07) - issue #15724 Fix 2FA was disabled by a bug - issue [security] Fix SQL injection vulnerability on the user accounts page (PMASA-2020-1)

phpMyAdmin - ChangeLog ====================== 4.9.2 (2019-11-21) - issue #14184 Change the cookie name from phpMyAdmin to phpMyAdmin_https for HTTPS, fixes many "Failed to set session cookie" errors - issue #15304 Fix ssl_use php error - issue #14804 Fix undefined index: ssl_* variables - issue #14245 Fix mysql 8.0.3 and above fails on advisor - issue #15499 Fix unparenthesized php deprecation - issue #15482 Fix URL encoding plus sign (+) in the table or DB name when configuring foreign keys - issue #14898 Fixed bottom table in list in left panel blocked by horizontal scroll bar - issue #15161 Fix text area overflows its parent element on "Query" page - issue #15511 Fixed exporting users after a delete will delete all selected users on "Users" page - issue #14598 Fixed checking referencial integrity on "Operations" page - issue #14433 Fix "You do not have privileges to manipulate with the users!" on root superadmin - issue #15391 Fix GIS polygon of a geometry field is not drawn on "GIS visualization" - issue #15311 Fix adjust privileges on copy database fails with MariaDB - issue #15477 Fix display referential integrity check for InnoDB - issue #15236 Support phpunit 8 in our test suite to help packaging phpMyAdmin on Debian - issue #15522 Fix missing image error fills logs, removed ic_b_info icon from icon list - issue #15537 Fixed some issues with the sort by key selectors - issue #15546 Fix operators precedence in DatabaseInterface class - issue #14906 Test test suite on 32-bit systems - issue Fix Long2IP transformation issue with PHP 7.1 - issue #14951 Fix moving columns with DEFAULT NULL doesn't work on MariaDB 10.2+ - issue #14951 Fix moving columns with INT AND DEFAULT CURRENT_TIMESTAMP doesn't work on MariaDB - issue #12241 Fixed table alias is removed when exporting a query - issue #15316 Fixed cross join clause is removed on export - issue #14809 Fix error "is_uploaded_file() expects parameter 1 to be string" when inserting blobs from files - issue #15127 Fix white square when refreshing designer or browsing other pages - issue #13912 Detect when phpMyAdmin storage tables are not accessible, help users browse corrupt DBs - issue #15465 Display profiling when query outputs no rows - issue Fix setting and removing display field on Designer - issue Added a warning when trying to set a display field on Designer and configuration storage is not setup - issue #15327 Fix shift-click in Export misses a checkbox - issue [security] Fix improperly sanitized data when showing the Git branch (thanks to Ali Hubail for this report) - issue [security] Fix security weaknesses in Designer feature,including a flaw where an attacker could trigger an SQL injection attack (PMASA-2019-5) 4.9.1 (2019-09-20) - issue #15313 Added support for Twig 2 - issue #15315 Fix cannot edit or export column with default CURRENT_TIMESTAMP in MySQL >= 8.0.13 - issue Fix a TypeError in Import class with PHP 8 - issue #14270 Fix Middle-click on foreign key link broken - issue #14363 Fix broken relational links in tables - issue #14987 Fix weird error for empty collation - issue #15334 Fix export of GIS visualisation not working (PNG, PDF, SVG) - issue #14918 Use hex for the phpMyAdmin session token - issue Added GB18030 Chinese collations description - issue Added Russian, Swedish, Slovak and Chinese UCA 9.0.0 collations description - issue Added description for the _ks (kana-sensitive) collation suffix - issue Added description for the _nopad (NO PAD) collation suffix - issue #15404 Remove array/string curly braces access - issue #15427 Fixed "FilterLanguages" option does not work (configuration) - issue #15202 Fixed creating user with single quote in password results in no password user - issue #14950 Fixed left database overview "add column" triggers error - issue #15363 Fix remove unexpected quotes on text fields (structure and insert) - issue Fix NULL wrongly checked on field change - issue #15388 Fix allow to rollback an empty statement - issue #14291 Fixed incorrect linkage from one table's value to another table - issue #15446 Fix tables added from other databases are not collapsing in the designer section - issue #14945 Fix designer page save fails if dB name contains period - issue Display an error when trying to import in designer a table that's already imported - issue Fix many bugs when adding new tables to designer - issue Update CodeMirror to v5.48.4 - issue Update jQuery Migrate to v3.1.0 - issue Update jQuery Validation to v1.19.1 - issue Update jQuery to v3.4.1 - issue Update js-cookie to v2.2.1 - issue Remove fieldset closing tag when setting global privileges - issue #15425 Fix backslash in column name resulting an error in editing - issue #15380 Fix Status - Advisor error - issue #15439 Fix designer page status not updated when added a new table from another database - issue #15440 Fix page number is not being updated in the URL after saving a designer's page - issue Fix reloading a designer's page - issue Fix designer full screen mode button and text stuck when exiting full-screen mode - issue Reduced possibility of causing heavy server traffic between the database and web servers - issue Fix a situation where a server could be deleted while an administator is using the setup script

phpMyAdmin - ChangeLog ====================== 4.8.5 (2019-01-25) - issue Developer debug data was saved to the PHP error log - issue #14217 Fix issue when adding user on MySQL 8.0.11 - issue #13788 Exporting a view structure based on another view with a sub-query throws no database selected error - issue #14635 Fix PHP error in GitRevision, error in processing request, error code 200 - issue #14787 Cannot execute stored procedure - issue Add Burmese language - issue #14794 Not responding to click, frozen interface, plugin Text_Plain_Sql error - issue #14786 Table level Operations functions missing - issue #14791 PHP warning, db_export.php#L91 urldecode() - issue #14775 Export to SQL format not available for tables - issue #14782 Error message shown instead of two-factor QR code when adding 2fa to a user - issue [security] Arbitrary file read/delete relating to MySQL LOAD DATA LOCAL INFILE and an evil server instance (PMASA-2019-1) - issue [security] SQL injection in Designer (PMASA-2019-2)

phpMyAdmin - ChangeLog ====================== 4.8.3 (2018-08-22) - issue #14314 Error when naming a database '0' - issue #14333 Fix NULL as default not shown - issue #14229 Fixes issue with recent table list - issue #14045 Fix slow performance on DB structure filtering - issue #14327 Fix Editing server variable not showing save or cancel option - issue #14377 Populate options for view create and edit - issue #14171 2FA configuration fails if PHP doesn't have GD support - issue #14390 Can't unhide tables - issue #14382 "Visualize GIS data" icon missing - issue #14435 Event scheduler status toggle doesn't work - issue #14365 View not working on multiple servers - issue #14207 Partition actions in table structure do not work - issue #14375 Fixes ERR_BLOCKED_BY_XSS_AUDITOR on export table - issue #14552 Blank message shown instead of MySQL error when adding trigger and other locations - issue #14525 Fix PHP 7.3 warning: "continue" in "switch" is equal to "break" - issue #14554 Icon missing when creating a new trigger, routine, and event - issue #14422 Table comment not showing since 4.8.1 - issue #14426 Drop table doesn't work when you copy tables to another database - issue #14581 Escaped HTML in 'Add a new server' setup - issue #14548 [security] HTML injection in import warning messages, see PMASA-2018-5

phpMyAdmin - ChangeLog ====================== 4.8.1 (2018-05-24) - issue #12772 Fix case where the central columns attributes don't get filled in - issue #14049 Fix case where the query builder doesn't work when selected column is * - issue #14029 Revert "Browse" table CSS overflow - issue #14241 Dropping indexes and foreign keys fail - issue #14227 Relational linking broken - issue #14246 Fixed error in configuration storage zero config - issue #14128 Show 2FA Secret next to QR code - issue #14212 XML Export from single table throws fatal error - issue #14239 Line and some other charts ignore result set order of values chosen for the x-axis - issue #14260 Fixed configuration for DefaultLang and Lang - issue #14264 Linking for 'Distinct values' broken - issue #13968 Fix MariaDB 10.2 current_timestamp() - issue #14249 Fix for missing go button in view edit - issue #14125 Fix for issues with spatial fields - issue #14189 Remember table's sorting broken - issue #14289 Fix multi-column sorting - issue #14278 Fix central columns in-line edit bug - issue #14066 Fix AUTO_INCREMENT error when only exporting table structure in database-level exports - issue #13893 Simulating queries produces unexpected results - issue #14309 Setup script icons missing

* - Allow the removal of individual segments from pie charts * - Improved database search to allow matching the exact phrase * - phpMyAdmin no longer requires using the PHP eval() function * - The mbstring dependency is now optional * - Authentication logging using $cfg['AuthLog'] https://docs.phpmyadmin.net/en/latest/config.html#cfg_AuthLog * - Add support for Google's Invisible Captcha * - Improved handling of reCAPTCHA * - Fixes to the JavaScript editor for TIME values * - Improved the editor for the JSON data type * - Add "Format" button to the edit view form * - Implement mobile interface * - There are now configuration directives to set defaults for Transformation options * - Allow Designer to show tables from other databases * - Add support for authentication using U2F and 2FA * - Designer: fix broken "Add tables from other database" * - Fix double escaping of ENUM dropdown * - Restore SQL query after session expires * - Query builder: Fix for new column not being added * - Fix for blank login page * - Changes to the handling of arg_separator for AJAX requests; see issue #13940 * - Structure tab: fix silent failure to create new indexes * - Fix improperly escaped HTML code on the database structure page * - Fix JavaScript errors when using Internet Explorer (in particular when editing rows) * - Fix for broken error report * - Fix failed import * - Fix for "Cannot read property sql_query of undefined" errors

Notable changes since 4.7.7: * - Fixed error handling with PHP 7.2 * - Fixed resetting default setting values * - Fixed fallback value for collation connection

phpMyAdmin - ChangeLog ====================== 4.7.6 (2017-11-29) - issue #13517 Fixed check all interaction with filtering - issue #13803 Add SJIS-win to default list of allowed charsets - issue #13436 Improve detection that MySQL server needs SSL connection - issue #13038 Support JSON datatype on MariaDB 10.2.7 and newer - issue #13824 Fixed constructing ALTER query with AFTER - issue #13821 Lock page when changes are done in the SQL editor - issue #13842 Prefer iconv for encoding conversions - issue #13737 Fixed changing password on MariaDB cluster

phpMyAdmin - ChangeLog ====================== 4.7.4 (2017-08-23) - issue #13415 Remove shadow from the logo - issue #13507 Fixed per server theme feature - issue #13523 Missing newline in ALTER exports - issue #13414 Fixed several compatibility issues with PHP 7.2 - issue #13550 Fixed copy results to clipboard - issue #13562 Add limitation for user group length - issue #13561 Fixed edit variable link in advisor - issue #13579 Optimize table link should not be visible in print page - issue #13553 Improved error handling on corrupted tables - issue #13512 Fixed rendering of add index dialog - issue #13606 Fixed refreshing server variables

phpMyAdmin - ChangeLog ====================== 4.7.2 (2017-06-29) - issue #13314 Make theme selection keep current server - issue #13311 Fixed direct login for accounts without password - issue #13316 Fixed check for mbstring.func_overload - issue #13323 Fixed wrong encoding of table at triggers - issue #12976 Fixed natural sorting in several places - issue #12718 Show warning for users removed from mysql.user table - issue #13362 Fixed loading additional javascripts - issue #13343 Fixed editing QBE - issue #13193 Improved documentation on user settings - issue #13092 Gracefully handle early fatal errors in AJAX requests - issue #13327 Fixed Incorrect NavigationTreeEnableExpansion default value in the documentation - issue #13008 Fixed export of database with a lot of tables - issue #13318 Improved performance when importing with enabled tracking - issue #13386 Avoid PHP errors with non existing configuration on OS X - issue #13388 Show only supported charsets for conversion - issue #13392 Fixed operation with session.auto_start enabled - issue #13383 "Create PHP code" is broken - issue #13189 Fixed links to resume timeouted import

phpMyAdmin - ChangeLog ====================== 4.7.0 (2017-03-28) - patch #12233 [Display] Improve message when renaming database to same name - issue #6146 Log authentication attempts to syslog - issue #11981 Remove support for Swekey authentication - issue #11987 Remove code for no longer supported MSIE versions + issue #11962 Remove embedded PHP libraries, use composer to install them + issue #12017 Cannot easily select multiple tables when exporting + issue #12047 Add javascript filtering for databases - issue #12166 More compact rendering of navigation tree + issue #12129 Improve performance with SkipLockedTables - issue #12173 Do not hide indexes under a slider - issue Improve performance of zip file import - issue #12196 Removed $cfg['ThemePath'] - issue #6274 Add support for export user settings as config.inc.php snippet - issue #5555 Better report query errors while generating SQL exports - issue #12307 Produce valid JSON on export - issue #12325 Setup script icons broken - issue #12378 Support IPv6 proxies - issue Removed MySQL connection retry without password - issue #12218 Allow to specify further parameters for control connection - issue #12162 Show charset for each table on Database structure page - issue #12463 Incorrect link in the href of icon at Hide/Show unhide links - issue #12330 Shortcut for closing console - issue #12465 Improved handling of http requests - issue #12474 Broken links in Setup forms Navigation - issue #12494 Can't add a new User - issue #12523 Add 'token' Parameter in all POST requests (Fix 'Token mismatch' errors) - issue #12302 Improved usage of number_format - issue #12656 Server selection not working - issue #12543 NULL results in dataset are colored grey - issue #12664 Create Bookmark broken - issue #12688 Use unsigned int for storing bookmark ID - issue #12352 Added password strength indicator - issue #12713 Correctly handle HTTP status when doing requests - issue #12247 Add option to delete settings from browser storage - issue #12783 Remove unused PMA_addJSCode function - issue #12069 Add table filtering to database structure - issue #12799 Allow to configure signon session parameters - issue #12854 Drop database is broken - issue #12863 Can't toggle Event Scheduler on - issue #12742 Finish removing dead code references to xls/xlsx import and export, which was removed some time ago. - issue #12536 Rename "Relations" to "Relationships" in many places as it's the more proper term - issue #12834 Fixed margins in central columns feature - issue #12903 Document more export configuration options - issue #12897 Use consistent numeric format for table overhead - issue #12901 Use server returned table name on renaming table - issue #12918 Always use \r\n as newline when editing fields - issue #12923 Fixed server side search in navigation panel - issue #12929 Undefined index warning with ssl_ca_paths - issue #12924 Do not show errors from OpenSSL cookie encryption/decryption - issue #12945 Fixed hint rendering on adding new user - issue #12941 Fixed sorting of tables in relation view - issue #12936 Fixed tables pagination in navigation panel - issue #12904 Do not collapse add form for central columns if there are none - issue #12955 Fixed database renaming - issue #12954 Fixed export of tracking data - issue #12960 Enclose exports in transaction by default - issue #12966 After adding a column ADD INDEX option won't be displayed when enabling AI - issue #12972 Better error message when Composer has not been run - issue #12988 Do not show language selector without choices - issue #12993 Fixed external links to php documentation - issue #12990 Fixed error when loading favorite tables to console - issue #12981 Improved rendering of new version information - issue #12922 Fixed bookmarks ordering - issue #12964 Fixed table search in navigation - issue #12985 Fixed rendering of foreign key browsing - issue #12957 Fixed manipulation with GIS data having zero coordinates - issue #12804 Fixed various designer javascript errors - issue #12934 Fixed possible javascript error on server status page - issue #12927 Fixed javascript error on 3NF normalization - issue #12996 List all databses in navigation panel database dropdown - issue #12980 Better defaults when creating multi field foreign key - issue #12976 Improved foreign key editor behavior - issue #12958 Always show error reporting dialog on top - issue #12693 Improved support for TokuDB - issue #11231 Try harder to honor LoginCookieValidity setting - issue #13016 and #13017 Slight improvements to the table layout of Relation view - issue #12345 Correctly show affected rows for LOAD DATA queries - issue #13010 Copy database: SQL error for copying PMADB metadata - issue #13002 Fixed OpenDocument exports - issue #13000 Align NULL values according to the column alignment - issue #13021 Show phpMyAdmin errors even with error_reporting set to 0 - issue #13020 Removed warning about client and server versions mismatch - issue Hide comments on table Structure tab when no comment is set - issue Fixed submission of error reports - issue #13033 Use Referrer-Policy header to specify referrer policy - issue Fixed javascript confirmation of dangerous queries - issue #13040 Compatibility with hhvm 3.18 - issue #13031 Fixed displaying of all rows - issue #12967 Fixed related field selection for native relations - issue #13045 Properly escape MIME transformatoin names - issue #13028 Always show 100% in font selector - issue #13047 Fix query simulating for more servers - issue #12846 Fix new version check for sites with wrongly configured curl - issue #12951 When exporting to Excel, the default is now to include column names in the first row - issue #13059 Removed debugging code - issue #13029 Fixed table tracking for nested table groups - issue #13053 Fixed broken links in setup - issue #12708 Removed phpMyAdmin version from User-Agent header - issue #13084 Do not point users to setup when it is disabled - issue #12660 Delete only phpMyAdmin cookies on upgrade - issue #13088 Fixed editing of rows with text primary key - issue #13092 Do not try to sync favorite tables if configuration storage is not enabled - issue #13105 Fixed changing attribute for virtual field - issue #12757 Fixed setting password on recent MariaDB with non working plugins - issue #12349 Fixed undefined variable on import from some formats - issue #13103 Do not offer default names for copying/renaming databases - issue [security] Possible to bypass $cfg['Servers'][$i]['AllowNoPassword'], see PMASA-2017-08 4.6.6 (2017-01-23) - issue #12759 Fix Notice regarding 'Undefined index: old_usergroup' - issue #12760 Fix Notice regarding 'Undefined index: users' - issue #12762 Fixed parsing of SQL with BINARY function - issue #12588 ReCaptcha now works without allow_url_fopen - issue #12699 Show no local storage warning only on settings tab - issue #12778 Syntax Error in Adding/Changing TIMESTAMP columns with default value as NULL - issue #12769 Edit/Export links are not clickable under Routines tab - issue #12757 Fixed creating new user with older MariaDB - issue #12784 Remove ctype installation suggestion - issue #12780 Format button replaces all text with blank spaces - issue #12786 Fixed database searching - issue #12792 Fixed javascript error on new version link - issue #12785 Add information about required and suggested extensions to composer.json - issue #12801 Custom header shown twice with cookie login form - issue #12802 Custom footer not shown with auth_type http login failure - issue #12434 Improve documentation for servers running with Suhosin - issue #12800 Updated embedded phpSecLib to 2.0.4 - issue #12800 Fixed various issues with PHP 7.1 - issue #11816 Fixed operation with lower_case_table_names=2 - issue #12813 Fixed stored procedure execution - issue #12826 Honor user configured connection collation - issue #12293 Correctly report OpenSSL errors from cookie encryption - issue #12814 DateTime won't allow to input length in Routine editor - issue #12840 Fix Notice regarding 'Undefined index: row_format' when altering table options - issue #12841 Fixed moving of columns with whitespace in name - issue #12847 Fixed editing of virtual columns - issue #12859 Changed WHERE condition to 0 instead of 1 for SQL query window to avoid accidents - issue #12872 Use same query for display and execution when dropping index - issue #12868 Fix check for user groups freatures being enabled - issue #12876 Fix notices and warning related to dbs_to_test global - issue #12831 Fix table formatting on Insert tab, which mostly affected row highlighting - issue #12495 Reintroduced phpinfo page with limited capabilities - issue #12861 Fix renaming tables with lower_case_table_names=2 - issue #12876 Fix possible PHP error in navigation - issue #12881 Fix database search with newer php-gettext - issue #12894 Fix linter error on unterminated variable name - issue #12732 Fixed filtering for active processes - issue [security] Multiple vulnerabilities in setup script, see PMASA-2016-44. - issue [security] Open redirect, see PMASA-2017-1. - issue [security] php-gettext code execution, see PMASA-2017-2. - issue [security] DOS vulnerabiltiy in table editing, see PMASA-2017-3. - issue [security] CSS injection in themes, see PMASA-2017-4. - issue [security] Cookie attribute injection attack, see PMASA-2017-5. - issue [security] SSRF in replication, see PMASA-2017-6. - issue [security] DOS in replication status, see PMASA-2017-7. --- Older ChangeLogs can be found on our project website --- https://www.phpmyadmin.net/old-stuff/ChangeLogs/ # vim: et ts=4 sw=4 sts=4 # vim: ft=changelog fenc=utf-8 # vim: fde=getline(v\:lnum-1)=~'^\\s*$'&&getline(v\:lnum)=~'\\S'?'>1'\:1&&v\:lnum>4&&getline(v\:lnum)!~'^#' # vim: fdn=1 fdm=expr

phpMyAdmin version 4.6.5.2 is a patch-level release which fixes an issue with exporting certain character sequences including a backslash (\), such as \r\n.