Developers April 2007

developers@phpmyadmin.net

7 participants
13 discussions

[Phpmyadmin-devel] false alarm for deep recursion

by Marc Delisle

Hi, In this bug: http://sourceforge.net/tracker/index.php?func=detail&aid=1709463&group_id=2… there are many fields involved and we get a false alarm "possible deep recursion attack". Do we really need to protect from 1000 recursions overall? I think that protecting from 1000 recursions for each superglobal would be correct. Proposed patch which resets the recursive counter: Index: common.lib.php =================================================================== --- common.lib.php (revision 10333) +++ common.lib.php (working copy) @@ -269,9 +269,12 @@ * @param array $array array to walk * @param string $function function to call for every array element */ -function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false) +function PMA_arrayWalkRecursive(&$array, $function, $apply_to_keys_also = false, $reset_static = false) { static $recursive_counter = 0; + if ($reset_static) { + $recursive_counter = 0; + } if (++$recursive_counter > 1000) { die('possible deep recursion attack'); } @@ -2604,10 +2607,10 @@ // remove quotes added by php if (get_magic_quotes_gpc()) { - PMA_arrayWalkRecursive($_GET, 'stripslashes', true); - PMA_arrayWalkRecursive($_POST, 'stripslashes', true); - PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true); - PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true); + PMA_arrayWalkRecursive($_GET, 'stripslashes', true, true); + PMA_arrayWalkRecursive($_POST, 'stripslashes', true, true); + PMA_arrayWalkRecursive($_COOKIE, 'stripslashes', true, true); + PMA_arrayWalkRecursive($_REQUEST, 'stripslashes', true, true); } /** * In some cases, this one is not set

16 years, 7 months

Re: [Phpmyadmin-devel] Delicia!

by michal＠cihar.com

Nossas contas veja detalhe -------------------------------------------- Caderno.zip: Nao Tem Virus! Norton AntiVirus Procura Progressiva Mais detalhes: www.symantec.com

16 years, 7 months

[Phpmyadmin-devel] pma.cihar.com demo hacked again?

by Jürgen Wind

since 2000-04-17 we only get "503 - Service Not Available" Juergen -- View this message in context: http://www.nabble.com/pma.cihar.com-demo-hacked-again--tf3599775.html#a1005… Sent from the phpmyadmin-devel mailing list archive at Nabble.com.

16 years, 7 months

[Phpmyadmin-devel] Aprovado!

by robbat2＠users.sourceforge.net

Conta Fechada -------------------------------------------- Nossa Conta.scr: Nao Tem Virus! Norton AntiVirus Procura Progressiva Mais detalhes: www.symantec.com

16 years, 7 months

[Phpmyadmin-devel] testcase for mb_string

by Sebastian Mendel

Hi, does anybody have a small testcase what describes what happens without mb_string? -- Sebastian Mendel www.sebastianmendel.de

16 years, 7 months

[Phpmyadmin-devel] phpMyAdmin 2.10.1-rc1 is released

by Marc Delisle

_ __ __ _ _ _ _ __ | |__ _ __ | \/ |_ _ / \ __| |_ __ ___ (_)_ __ | "_ \| "_ \| "_ \| |\/| | | | | / _ \ / _` | "_ ` _ \| | "_ \ | |_) | | | | |_) | | | | |_| |/ ___ \ (_| | | | | | | | | | | | .__/|_| |_| .__/|_| |_|\__, /_/ \_\__,_|_| |_| |_|_|_| |_| |_| |_| |___/ 2.10.1-rc1 http://www.phpmyadmin.net phpMyAdmin 2.10.1-rc1 - April 14, 2007 ====================================== A PHP application to administrate MySQL over the Web ---------------------------------------------------- Announcement ------------ The phpMyAdmin Project announces the immediate availability of the first release candidate for phpMyAdmin 2.10.1. phpMyAdmin is a web administration tool for MySQL databases, intended to handle a whole database server as well as a single database. Over the years, it has become the most popular Web GUI for MySQL. Fixes: * - bug #1541147 [js] '#' in database names not correctly handled by queywindow.js * - bug #1671403 [parser] using "client" as table name * - bug #1672379 [core] Call to undefined function PMA_removeCookie() * - bug [core] undefined variable in libraries/tbl_replace_fields.inc.php * - bug [gui] query window icon did not work, thanks to Juergen Wind - windkiel * . [general] use PMA_getenv('PHP_SELF') * - bug #1676033 [core] pow(int,int) causes overflow * - bug #1680952 [core] undefined function PMA_getUvaCondition() * - bug #1596328 [export] drop support for POSTGRESQL compatibility mode * - bug #1609443 [privileges] Grant all priv. on wildcard name * - bug #1567317 [sqp] Syntax highlighter: extra spaces * - bug #1239401 [sqp] table dot numeric field name * - bug #1672789 [sqp] Undefined offset: 4 in sqlparser.lib.php #1674 * - bug #1682044 [export] Export file even if file not selected * - bug #1664212 querywindow loses url encoded characters * - replaced ctype_digit() with is_numeric() * + [config] clean cookies on phpMyAdmin upgrade * - bug #1674972 [export] no export with %afm% * - bug #1667887 HTML maxlength * - bug #1679055 #1050 - Table 'table name' already exists * - patch #1681620 [interface] support reordering of cfg['ColumnTypes'], thanks to Leonard den Ottolander * - bug #1690718 Can't edit if BLOB and no PK * - bug #1672636 [export] PDF export too wide * + [lang] brazilian-portuguese update, thanks to Airon Luis Pereira * - patch #1698964 javascript typo, thanks to Corey Hollaway Detailed list of changes is usually available under http://www.phpmyadmin.net/ChangeLog.txt but at present time, please refer to the ChangeLog in the distribution kit for the most up to date information. Availability ------------ This software is available under the GNU General Public License V2.0. You can get the newest version at http://www.phpmyadmin.net/ Available file formats are: .zip, .tar.gz and .tar.bz2. If you install phpMyAdmin on your system, it's recommended to subscribe to the news mailing list by adding your address under http://lists.sourceforge.net/lists/listinfo/phpmyadmin-news This way, you will be informed of new updates and security fixes. It is a read only list, and traffic is not greater than a few mail every year. Support and Documentation ------------------------- The documentation is included in the software package as text and HTML file, but can also be downloaded from: http://www.phpmyadmin.net/documentation/ The software is provided as is without any express or implied warranty, but there is a bugs tracker page under: http://sourceforge.net/projects/phpmyadmin/ [click on "Bugs"] In addition, there are also a number of discussion lists related to phpMyAdmin. A list of mailing lists with archives is available at: http://sourceforge.net/mail/?group_id=23067 or http://sourceforge.net/projects/phpmyadmin/ [click on "Lists"] Finally, an users support forum is also available under: http://sourceforge.net/forum/forum.php?forum_id=72909 Known bugs ---------- Please subscribe to the news mailing list under http://lists.sourceforge.net/lists/listinfo/phpmyadmin-news or regularly check the sourceforge bugs tracker. Donations --------- The project accepts donations to help improve the product. There is a "Donations" link on http://www.phpmyadmin.net. Description ----------- (from http://www.phpmyadmin.net/documentation) phpMyAdmin handles the administration of MySQL over the Web. It can manage a whole MySQL server as well as a single database. Currently it can: * easily browse through databases and tables * create, copy, rename, alter and drop databases * create, copy, rename, alter and drop tables * do table maintenance * add, edit and drop fields * execute any SQL-statement, even multiple queries * create, alter and drop indexes * load text files into tables * create (*) and read dumps of tables or databases * export (*) data to SQL, CSV, XML, Word, Excel, PDF and Latex formats * administer multiple servers * manage MySQL users and privileges * check server settings and runtime information with configuration hints * check referential integrity in MyISAM tables * using Query-by-example (QBE), create complex queries automatically connecting required tables * create PDF graphics of your Database layout * search globally in a database or a subset of it * transform stored data into any format using a set of predefined functions, like displaying BLOB-data as image or download-link * support InnoDB tables and foreign keys (see FAQ 3.6) * support mysqli, the improved MySQL extension (see FAQ 1.17) * communicate in 50 different languages (*) phpMyAdmin can compress (Zip, GZip -RFC 1952- or Bzip2 formats) dumps and CSV exports if you use PHP4 >= 4.0.4 with Zlib support (--with-zlib) and/or Bzip2 support (--with-bz2). Authors & Copyright ------------------- Copyright (C) 1998-2000 Tobias Ratschiller <tobias_at_ratschiller.com> Copyright (C) 2001-2007 Marc Delisle <Marc.Delisle_at_cegepsherbrooke.qc.ca> Olivier Müller <om_at_omnis.ch> Robin Johnson <robbat2_at_users.sourceforge.net> Alexander M. Turek <me_at_derrabus.de> Michal Cihar <michal_at_cihar.com> Garvin Hicking <me_at_supergarv.de> Sebastian Mendel <cybot_tm_at_users.sourceforge.net> + many other people (check the CREDITS section of our documentation) This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Marc Delisle / 2007-04-14

16 years, 7 months

[Phpmyadmin-devel] still typo in js/function see patch-trk 1698964

by Jürgen Wind

should be fixed before 2.10.1rc1 release: located @ js/functions.js on line 992 -return(getElement(e,fdocument.layers[W])); +return(getElement(e,f.document.layers[W])); -- Juergen -- View this message in context: http://www.nabble.com/still-typo-in-js-function-see-patch-trk-1698964-tf357… Sent from the phpmyadmin-devel mailing list archive at Nabble.com.

16 years, 7 months

[Phpmyadmin-devel] revision 10260: navi frame and db list

by Marc Delisle

Hi, There is something that does not look right to me. For my test databases, in 2.10 I was seeing: base2 base2 _other _inno base2x marc _airline _chapter1 with this revision I see in FF 2.0.0.3 XP: . . base2 . _other . _inno . base2x . . _airline . _chapter1 So, the "marc" prefix is gone for the "marc_airline" and "marc_chapter1" dbs.

16 years, 7 months

[Phpmyadmin-devel] Using all-languages or utf8-only for Debian package?

by Thijs Kinkhorst

Hi, I'm the Debian packager of phpMyadmin. I've quite recently taken over the package, and while we were approaching a new release (Etch) I haven't made extensive changes, but now Etch is out I plan to polish it up quite a bit. In that context I was wondering the following: we're currently packaging from the 'all-locales.tar.gz' from the website, but I'm considering to switch to the 'utf8-only' tarball. It's quite a bit smaller so it will reduce the installed size for users. Do you think using the utf8-only tarball would cause problems or is it a safe thing to do? Otherwise, if you as upstream authors have any comments on the Debian packaging, I'm glad to hear it. Thanks, Thijs

16 years, 7 months

[Phpmyadmin-devel] My demo is again working

by Michal Čihař

Hi all You might have noticed that my demo server was not working for some time. It was caused by successful DOS attack on MySQL server which it is using. Due to bad (or almost none) limits for this process this lead to unavailability of whole server. I set up much restrictive environment using vserver right now and the demo server is up and running. After some aggressive testing today, I feel it will handle much better possible attacks. -- Michal Čihař | http://cihar.com | http://blog.cihar.com

16 years, 7 months

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

Developers April 2007