phpMyAdmin 2.11.2 - October 27, 2007 [ http://www.phpmyadmin.net ]
A PHP application to administrate MySQL over the Web.
Announcement
------------
The phpMyAdmin Project announces the immediate availability
of phpMyAdmin 2.11.2, a bugfix-only version.
phpMyAdmin is a web administration tool for MySQL databases, intended to
handle a whole database server as well as a single database. Over the
years, it has become the most popular Web GUI for MySQL.
Fixes:
- patch #1791576 HTTP auth: support REDIRECT_REMOTE_USER,
thanks to Allard
+ [lang] Serbian update, thanks to Mihailo Stefanovic
- bug #1798841 [relations] Copying db does not copy internal relations
- bug #1798646 [display] Character '+' in query wrongly interpreted
- bug #1801919 [themes] Do not use NaviDatabaseNameColor for fieldset
legend
- bug #1764735 [core] Designer: PDF error when deleting a table
- bug #1764195 [views] DROP button does not work on defective views
- bug #1805773 [relations] browse foreign values: return values not
escaped, thanks to Alex Rambau
- bug #1807923 [login] Login with html entities in password fails
- [core] Undefined variable when creating a table that exists
- patch #1808578 Changes in font size were no longer detected
after patch #1787915
+ [lang] Croatian update, thanks to Renato Pavicic
- patch #1807615 [GUI] Display patch for column rights in Opera
- bug #1811519 Can't delete user with a german umlaut.
- bug #1811519 [privileges] fixed used collation for accessing
mysql.user in server privileges
- it should not be possible to move or copy a table to
information_schema
- bug #1814733 win: copy db to mixed name db fails
- bug #1777249 [display] Remove horizontal lines in navigation panel
- bug #1805102 [display] TextareaAutoSelect issues: set this parameter
default value to false to help cut&paste from a terminal window;
also set focus to the textarea
- bug #1814463 [display] Wrong database size
- bug #1811527 [display] Problem with links to the MySQL manual
- patch #1817529 [auth] Incorrect login via URL when
AllowArbitraryServer is true, thanks to Juergen Wind
Detailed list of changes is usually available under
http://www.phpmyadmin.net/ChangeLog.txt but at present time,
please refer to the ChangeLog in the distribution kit for
the most up to date information.
Availability
------------
This software is available under the GNU General Public License V2.0.
You can get the newest version at http://www.phpmyadmin.net/
Available file formats are: .zip, .tar.gz and .tar.bz2.
If you install phpMyAdmin on your system, it's recommended to
subscribe to the news mailing list by adding your address under
http://lists.sourceforge.net/lists/listinfo/phpmyadmin-news
This way, you will be informed of new updates and security fixes.
It is a read only list, and traffic is not greater than a few
mail every year.
Support and Documentation
-------------------------
The documentation is included in the software package as text and
HTML file, but can also be downloaded from:
http://www.phpmyadmin.net/documentation/
The software is provided as is without any express or implied
warranty, but there is a bugs tracker page under:
http://sourceforge.net/projects/phpmyadmin/ [click on "Bugs"]
In addition, there are a number of discussion lists
related to phpMyAdmin. A list of mailing lists with archives
is available at:
http://sourceforge.net/mail/?group_id=23067 or
http://sourceforge.net/projects/phpmyadmin/ [click on "Lists"]
Finally, an users support forum is also available under:
http://sourceforge.net/forum/forum.php?forum_id=72909
Known bugs
----------
Please subscribe to the news mailing list under
http://lists.sourceforge.net/lists/listinfo/phpmyadmin-news
or regularly check the sourceforge bugs tracker.
Donations
---------
The project accepts donations to help improve the product. There is
a "Donations" link on http://www.phpmyadmin.net.
Description
-----------
(from http://www.phpmyadmin.net/documentation)
phpMyAdmin handles the administration of MySQL over the Web. It
can manage a whole MySQL server as well as a single database.
Currently it can:
* easily browse through databases and tables
* create, copy, rename, alter and drop databases
* create, copy, rename, alter and drop tables
* do table maintenance
* add, edit and drop fields
* execute any SQL-statement, even multiple queries
* create, alter and drop indexes
* load text files into tables
* create (*) and read dumps of tables or databases
* export (*) data to SQL, CSV, XML, Word, Excel, PDF and Latex formats
* administer multiple servers
* manage MySQL users and privileges
* check server settings and runtime information with configuration hints
* check referential integrity in MyISAM tables
* using Query-by-example (QBE), create complex queries automatically
connecting required tables
* create PDF graphics of your Database layout
* search globally in a database or a subset of it
* transform stored data into any format using a set of predefined
functions,like displaying BLOB-data as image or download-link
* support InnoDB tables and foreign keys (see FAQ 3.6)
* support mysqli, the improved MySQL extension (see FAQ 1.17)
* communicate in 54 different languages
(*) phpMyAdmin can compress (Zip, GZip -RFC 1952- or Bzip2
formats) dumps and CSV exports if you use PHP4 >= 4.0.4 with Zlib
support (--with-zlib) and/or Bzip2 support (--with-bz2).
Authors & Copyright
-------------------
Copyright (C) 1998-2000
Tobias Ratschiller <tobias_at_ratschiller.com>
Copyright (C) 2001-2007
Marc Delisle <Marc.Delisle_at_cegepsherbrooke.qc.ca>
Olivier Müller <om_at_omnis.ch>
Robin Johnson <robbat2_at_users.sourceforge.net>
Alexander M. Turek <me_at_derrabus.de>
Michal Cihar <michal_at_cihar.com>
Garvin Hicking <me_at_supergarv.de>
Sebastian Mendel <cybot_tm_at_users.sourceforge.net>
+ many other people
(check the CREDITS section of our documentation)
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to
Free Software Foundation, Inc.,
59 Temple Place, Suite 330,
Boston, MA 02111-1307 USA
Marc Delisle, for the team / 2007-10-27
Hi,
if somebody cares about and find the time, due to the new Zend Core and the
FastCGI for IIS there some more than usually posts about phpMyAdmin
http://blogs.iis.net/forums/1102.aspx
--
Sebastian
select_lang.lib.php#346:
$convcharset = isset($GLOBALS['cfg']['DefaultCharset']) ?
$GLOBALS['cfg']['DefaultCharset'] : 'en-utf-8';
shouldn't this be 'utf-8' without 'en'?
--
Sebastian
Hi devs,
I requested a CVE id to be assigned for PMASA-2007-6, which is quoted below.
If I have spotted it correctly, I see not much use of CVE id's within
phpMyAdmin. It would be very helpful for security workers in e.g.
distributions if the PMASA advisories would mention the corresponding CVE
numbers when such a number is or becomes available. It could also have a
place in the relevant changelog entry that fixes the problem.
Would you consider doing that?
Thanks
Thijs
(also on behalf of the Debian security team)
---------------------------- Original Message ----------------------------
Subject: Re: CVE for phpMyAdmin PMASA-2007-6
From: "Steven M. Christey" <coley(a)linus.mitre.org>
Date: Mon, October 22, 2007 22:19
To: "Thijs Kinkhorst" <thijs(a)debian.org>
Cc: cve(a)mitre.org
--------------------------------------------------------------------------
Hello,
Use CVE-2007-5589
- Steve
======================================================
Name: CVE-2007-5589
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5589
Reference:
MISC:http://www.digitrustgroup.com/advisories/TDG-advisory071015a.html
Reference:
CONFIRM:http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin/branches/MA…
Reference:
CONFIRM:http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&re…
Reference:
CONFIRM:http://www.phpmyadmin.net/home_page/security.php?issue=PMASA-2007-6
Reference: FRSIRT:ADV-2007-3535
Reference: URL:http://www.frsirt.com/english/advisories/2007/3535
Reference: SECUNIA:27246
Reference: URL:http://secunia.com/advisories/27246
Muliple cross-site scripting (XSS) vulnerabilities in phpMyAdmin
before 2.11.1.2 allow remote attackers to inject arbitrary web script
or HTML via certain input available in (1) PHP_SELF in (a)
server_status.php, and (b) grab_globals.lib.php, (c)
display_change_password.lib.php, and (d) common.lib.php in libraries/;
and certain input available in PHP_SELF and (2) PATH_INFO in
libraries/common.inc.php. NOTE: there might also be other vectors
related to (3) REQUEST_URI.
Welcome to phpMyAdmin 2.11.2-rc1, the first release candidate for a
bugfix-only version.
Fixes:
- patch #1791576 HTTP auth: support REDIRECT_REMOTE_USER,
thanks to Allard
+ [lang] Serbian update, thanks to Mihailo Stefanovic
- bug #1798841 [relations] Copying db does not copy internal relations
- bug #1798646 [display] Character '+' in query wrongly interpreted
- bug #1801919 [themes] Do not use NaviDatabaseNameColor for fieldset
legend
- bug #1764735 [core] Designer: PDF error when deleting a table
- bug #1764195 [views] DROP button does not work on defective views
- bug #1805773 [relations] browse foreign values: return values not
escaped, thanks to Alex Rambau
- bug #1807923 [login] Login with html entities in password fails
- [core] Undefined variable when creating a table that exists
- patch #1808578 Changes in font size were no longer detected
after patch #1787915
+ [lang] Croatian update, thanks to Renato Pavicic
- patch #1807615 [GUI] Display patch for column rights in Opera
- bug #1811519 Can't delete user with a german umlaut.
- bug #1811519 [privileges] fixed used collation for accessing
mysql.user in server privileges
- it should not be possible to move or copy a table to
information_schema
- bug #1814733 win: copy db to mixed name db fails
- bug #1777249 [display] Remove horizontal lines in navigation panel
- bug #1805102 [display] TextareaAutoSelect issues: set this parameter
default value to false to help cut&paste from a terminal window;
also set focus to the textarea
- bug #1814463 [display] Wrong database size
- bug #1811527 [display] Problem with links to the MySQL manual
- patch #1817529 [auth] Incorrect login via URL when
AllowArbitraryServer is true, thanks to Juergen Wind
Download from http://www.phpmyadmin.net
Marc Delisle, for the team
Hi,
Andrey has sent me a windows cgi build for PHP 5.3.0 dev with mysqlnd
mysqlnd is the replacement for mysql lib
supporting mysqli and mysql interface
if anyone is interested i could send it to him
a 5.2.1 win build and the source can be obtained from here:
http://dev.mysql.com/downloads/connector/php-mysqlnd/
mysqlnd is going to replace any mysql lib dependency in PHP 5.3
mysqlnd will be cross version compatible
--
Sebastian
Hi (Marc),
should we upgrade TCPDF to latest PHP 5 version?
i am not very familiar with PDF features and do not know what needs to be
tested ...
--
Sebastian
Hi,
$strTable . ' ' . htmlspecialchars($table) . ' ' . $strHasBeenAltered;
should become
sprintf($strTableAlteredSuccessfully, $table);
'Table %1 has been altered successfully'
or?
(i know in English it makes no difference, but in other foreign languages it
could)
for Example in German it sounds better to use 'Die Tabelle' (the table)
instead of just 'Tabelle' (table) in this case
--
Sebastian
Marc Delisle schrieb:
> cybot_tm(a)users.sourceforge.net a écrit :
>> Revision: 10816
>> http://phpmyadmin.svn.sourceforge.net/phpmyadmin/?rev=10816&view=rev
>> Author: cybot_tm
>> Date: 2007-10-17 01:03:19 -0700 (Wed, 17 Oct 2007)
>>
>> Log Message:
>> -----------
>> commented out auto-switching to active database - really required? bug #1814718 win: table list disappears (mixed case db names)
>>
>> Modified Paths:
>> --------------
>> trunk/phpMyAdmin/sql.php
>>
>> Modified: trunk/phpMyAdmin/sql.php
>> ===================================================================
>> --- trunk/phpMyAdmin/sql.php 2007-10-17 08:02:56 UTC (rev 10815)
>> +++ trunk/phpMyAdmin/sql.php 2007-10-17 08:03:19 UTC (rev 10816)
>> @@ -341,12 +341,14 @@
>>
>> // Checks if the current database has changed
>> // This could happen if the user sends a query like "USE `database`;"
>> + /*
>> $current_db = PMA_DBI_fetch_value('SELECT DATABASE()');
>> if ($db !== $current_db) {
>> $db = $current_db;
>> $reload = 1;
>> }
>> unset($current_db);
>> + */
>>
>> // tmpfile remove after convert encoding appended by Y.Kawada
>> if (function_exists('PMA_kanji_file_conv')
>
> Sebastian,
> this code is there to permit a user to type "USE dbname" and it switches
> to it. This is useful to open quickly a database, especially if there
> are hundreds of them and he has to paginate in the navi panel.
ok ... but it does not work ...
at least on Win with lower_case_table_names = 2
i have opened a mysql bug report, lets wait what they say ...
--
Sebastian