- Developers - lists.phpmyadmin.net

HELP
by Obieto Elochukwu 01 Jul '21

01 Jul '21

i always get this massage whenever i want to import my data to "MySQLdataBase" but i dont know the meaning... Error *Static analysis:* 2 errors were found during analysis. 1. Unexpected beginning of statement. (near "phpMyAdmin" at position 0) 2. Unrecognized statement type. (near "SQL" at position 11) *SQL query:* phpMyAdmin SQL Dump -- version 4.9.4 -- https://www.phpmyadmin.net/ -- -- Host: localhost:3306 -- Generation Time: Mar 07, 2021 at 06:32 AM -- Server version: 10.3.27-MariaDB-log-cll-lve -- PHP Version: 7.3.6 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO" *MySQL said: *[image: Documentation] <https://www.forexmrk.com:2083/cpsess8669645226/3rdparty/phpMyAdmin/url.php?…> #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'phpMyAdmin SQL Dump -- version 4.9.4 -- https://www.phpmyadmin.net/ -- -- Hos...' at line 1 Error *Static analysis:* 2 errors were found during analysis. 1. Unexpected beginning of statement. (near "phpMyAdmin" at position 0) 2. Unrecognized statement type. (near "SQL" at position 11) *SQL query:* phpMyAdmin SQL Dump -- version 4.9.4 -- https://www.phpmyadmin.net/ -- -- Host: localhost:3306 -- Generation Time: Mar 07, 2021 at 06:32 AM -- Server version: 10.3.27-MariaDB-log-cll-lve -- PHP Version: 7.3.6 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO" *MySQL said: *[image: Documentation] <https://www.forexmrk.com:2083/cpsess8669645226/3rdparty/phpMyAdmin/url.php?…> #1064 - You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'phpMyAdmin SQL Dump -- version 4.9.4 -- https://www.phpmyadmin.net/ -- -- Hos...' at line 1

2 1

phpMyAdmin 5.1.1 is released
by Isaac Bennetch 04 Jun '21

04 Jun '21

We at the phpMyAdmin project are pleased to release phpMyAdmin 5.1.1, a bugfix release. There are many new bug fixes; a few highlights include: * Fixes for several PHP errors * Fixes for "$cfg['DefaultTabDatabase']" and other related configuration directives not working properly * Fix Yaml export to quote strings even when they are numeric * Fix TCPDF open_basedir issue due to internal guessing code from TCPDF * Fix for quick search not working when using more than one configured server * Fix datetime decimals displayed (.00000) after edit * Fix new lines in text fields are doubled * Fixed URL generation by removing un-needed & escaping for & char * Improvements for working with PHP 8.1 * Improved handling of adding a new user with the Percona database server There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog Downloads are available now at https://phpmyadmin.net/downloads/ Isaac and the phpMyAdmin team

1 0

phpMyAdmin crash with the latest version of xampp
by Alain Chappuis 31 Mar '21

31 Mar '21

Hello, I just installed the latest version of xampp php 8 phpmyadmin 5.1.0 and the last one crash: Fatal error: Uncaught TypeError: PhpMyAdmin\Url::getFromRoute(): Argument #1 ($route) must be of type string, null given, called in D:\Temps\twig\b5\b5e82689f83198c0bf9842c8e68e36b7e067a56300a9eba78c2fa4bc853b361e.php on line 47 and defined in C:\xampp\phpMyAdmin\libraries\classes\Url.php:289 Stack trace: #0 D:\Temps\twig\b5\b5e82689f83198c0bf9842c8e68e36b7e067a56300a9eba78c2fa4bc853b361e.php(47): PhpMyAdmin\Url::getFromRoute(NULL) #1 C:\xampp\phpMyAdmin\vendor\twig\twig\src\Template.php(405): __TwigTemplate_ca1c7f92e0d6c21c720f57fbb6430188a3256088b74632147eb976ae9d397cb1->doDisplay(Array, Array) #2 C:\xampp\phpMyAdmin\vendor\twig\twig\src\Template.php(378): Twig\Template->displayWithErrorHandling(Array, Array) #3 C:\xampp\phpMyAdmin\vendor\twig\twig\src\Template.php(390): Twig\Template->display(Array) #4 C:\xampp\phpMyAdmin\vendor\twig\twig\src\TemplateWrapper.php(45): Twig\Template->render(Array, Array) #5 C:\xampp\phpMyAdmin\libraries\classes\Template.php(129): Twig\TemplateWrapper->render(Array) #6 C:\xampp\phpMyAdmin\libraries\classes\Menu.php(247): PhpMyAdmin\Template->render('menu/breadcrumb...', Array) #7 C:\xampp\phpMyAdmin\libraries\classes\Menu.php(72): PhpMyAdmin\Menu->getBreadcrumbs() #8 C:\xampp\phpMyAdmin\libraries\classes\Header.php(444): PhpMyAdmin\Menu->getDisplay() #9 C:\xampp\phpMyAdmin\libraries\classes\Response.php(331): PhpMyAdmin\Header->getDisplay() #10 C:\xampp\phpMyAdmin\libraries\classes\Response.php(345): PhpMyAdmin\Response->getDisplay() #11 C:\xampp\phpMyAdmin\libraries\classes\Response.php(507): PhpMyAdmin\Response->htmlResponse() #12 [internal function]: PhpMyAdmin\Response->response() #13 {main} thrown in C:\xampp\phpMyAdmin\libraries\classes\Url.php on line 289 I asked for help in stackoverflow and got no answer! Can someone help me? Thanks in advance! Alain -- Alain Chappuis Photographe animalier et ornithologue http://naturissima.biz/ ou http://naturissima.biz/photos/ Natel: ++41 79.855.1946

2 1

phpMyAdmin 5.1.0 is released
by Isaac Bennetch 24 Feb '21

24 Feb '21

We at the phpMyAdmin project are pleased to publish phpMyAdmin 5.1.0. There are many new features and bug fixes; a few highlights include: * Improve virtuality dropdown for MariaDB > 10.1 * Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when editing a table structure * Added ip2long transformation * Improvements to linking to MySQL and MariaDB documentation * Add "Preview SQL" option on Index dialog box when creating a new table * Add a new vendor constant "CACHE_DIR" that defaults to "libraries/cache/" and store routing cache into this folder * Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl * Add the password_hash PHP function as an option when inserting data * Improvements to editing and displaying columns of the JSON data type. * Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']" * Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated * Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha * Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network * Export blobs as hex on JSON export * Fix leading space not shown in a CHAR column when browsing a table * Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2) * Fixed missing option to enter TABLE specific permissions when the database name contains an "_" (underscore) * Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export * Fix for several PHP 8 warnings or errors, giving this release full compatibility with PHP 8 There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog Downloads are available now at https://phpmyadmin.net/downloads/ Isaac and the phpMyAdmin team

1 0

Re: [phpMyAdmin Developers] help accessing wordpress login
by PETAL 10 Feb '21

10 Feb '21

Hi, I hope all is well. I have a wordpress site and theme installed with MAMP. I am way out of my comfort level/knowledge. I am writing to ask if someone may be able to help me access my website? I lost track of the log in and password. Thank you. petalargie(a)gmail.com

2 1

phpMyAdmin 5.1.0-rc2 is available
by Isaac Bennetch 10 Feb '21

10 Feb '21

Hi, I have published phpMyAdmin 5.1.0-rc2 as a quick second release candidate before 5.1.0 is officially released. Please feel free to test it out, and if you find any unreported issues you can open a new ticket at https://github.com/phpmyadmin/phpmyadmin/issues/. If this rc goes well, I expect to release 5.1.0 within a few days. Isaac and the phpMyAdmin team

3 3

Debian translation URL missing
by Isaac Bennetch 09 Jan '21

09 Jan '21

We are getting a translation error with Weblate, apparently the Debian repository has moved. > https://salsa.debian.org/phpmyadmin-team/phpmyadmin/blob/master/debian/temp… (404 Client Error: Not Found for url: https://salsa.debian.org/phpmyadmin-team/phpmyadmin/blob/master/debian/temp… ) This has always been a very small repository but used to be part of the Debian packaging process. William (or anyone else), do you know what is happening with that repository?

2 1

Re: [phpMyAdmin Developers] Question regarding fix of CVE 2020-26935 - SQL Injection via SearchController
by studentProject 26 Dec '20

26 Dec '20

Hi, Thank you for the quick answer. There is only one thing which confuses us, as how the vulnerability marked with CVE 2020-26935 has any danger to the system? All "dangerous" characters used for SQL injections get escaped. It is possible to send a union or a sleep command in the query but the union command is limited by the user privileges and sleep only makes everything on the attackers side slower. You can also try to send a second sql command in the where_clause but through dbi it only takes the first sql command and ignores the rest. So far as we see it, there isn't a realistic danger to the system. So why excatly did you create a cve for that, which has a relatively high score? Regards MKrebs & JHiller Students @ HAW Hof ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ Am Freitag, 18. Dezember 2020 00:01 schrieb Isaac Bennetch <bennetch(a)gmail.com>: > Hi, > > The attack vector is someone intercepting the search parameter and injecting some arbitrary SQL command there. If I recall correctly, the where_clause is not presented in the graphical interface at all and is simply present in the POST variables. It's used to build the query, but isn't going to be modified by the user, and prior to the fix we were just recalling the statement from the POST data without confirming that the user had not modified it. The fix verifies the signature of the returned portion of the query to make sure the user (or some attacker) has not injected their own statement in to the where_clause. > > If you believe the code is still vulnerable, you're welcome to write back here or send an email to security(a)phpmyadmin.net. Of course, if I have left off some detail, I'm happy to answer further questions as well as I can. > > Cheers, > Isaac from the phpMyAdmin project > > On Thu, Dec 17, 2020 at 8:45 AM studentProject via Developers <developers(a)phpmyadmin.net> wrote: > >> Hello, >> >> we are two students from the university of applied sciences Hof in Germany and for a module about IT-security we are researching the vulnerability marked with CVE 2020-26935, which describes a possible SQLi attack via SearchController. >> >> The issue has already been documented by phpmyadmin: >> https://www.phpmyadmin.net/security/PMASA-2020-6/ >> >> And the responsible fix has also been linked as a git commit in the link above: >> https://github.com/phpmyadmin/phpmyadmin/commit/d09ab9bc9d634ad08b866d42bb8… >> >> We are writing because we do not fully understand in which way the commit in question fixes any possible SQLi attacks mentioned in the CVE. As far as our research goes, we have figured out that the where_clause gets signed with an HMAC signature, which doesn't necessarily provide security against said attacks. >> >> Would you mind elaborating how the commit mentioned in the issue linked above fixes the CVE (2020-26935) in question? We are clueless considering the given commit doesn't seem to clear up the question for us. Is the commit linked in the PMASA-2020-6 note perhaps wrong? Does the fix lie in another method/class or even in the frontend instead? >> >> Regards >> MKrebs & JHiller >> Students @ HAW Hof >> _______________________________________________ >> Developers mailing list >> Developers(a)phpmyadmin.net >> https://lists.phpmyadmin.net/mailman/listinfo/developers

1 0

phpMyAdmin 5.1.0-rc1 is released
by Isaac Bennetch 17 Dec '20

17 Dec '20

Hi, We at the phpMyAdmin project are delighted to offer a release candidate for the upcoming version 5.1.0. This release, phpMyAdmin 5.1.0-rc1, is meant as a testing release before the official release of 5.1.0, and is expected to be the only release candidate before the full release. There are many new features and bug fixes; a few highlights include: * Improve virtuality dropdown for MariaDB > 10.1 * Added an option to perform ALTER ONLINE (ALGORITHM=INPLACE) when editing a table structure * Added ip2long transformation * Improvements to linking to MySQL and MariaDB documentation * Add "Preview SQL" option on Index dialog box when creating a new table * Add a new vendor constant "CACHE_DIR" that defaults to "libraries/cache/" and store routing cache into this folder * Add $cfg['CaptchaSiteVerifyURL'] for Google ReCaptcha siteVerifyUrl * Add the password_hash PHP function as an option when inserting data * Improvements to editing and displaying columns of the JSON data type. * Added support for "SameSite=Strict" on cookies using configuration "$cfg['CookieSameSite']" * Fixed AWS RDS IAM authentication doesn't work because pma_password is truncated * Add config parameters to support third-party ReCaptcha v2 compatible APIs like hCaptcha * Add $cfg['MysqlSslWarningSafeHosts'] to set the red text black when ssl is not used on a private network * Export blobs as hex on JSON export * Fix leading space not shown in a CHAR column when browsing a table * Added a rename Button to use RENAME INDEX syntax of MySQL 5.7 (and MariaDB >= 10.5.2) * Fixed missing option to enter TABLE specific permissions when the database name contains an "_" (underscore) * Fixed a PHP notice "Trying to access array offset on value of type null" on Designer PDF export * Fix for several PHP 8 warnings or errors, giving this release full compatibility with PHP 8 There are, of course, many more fixes you can see in the ChangeLog file included with this release or online at https://demo.phpmyadmin.net/master-config/index.php?route=/changelog Downloads are available now at https://phpmyadmin.net/downloads/ Isaac for the phpMyAdmin team

1 0

Cache warmup fails if composer is run with --no-dev
by Isaac Bennetch 17 Dec '20

17 Dec '20

I'm trying to fix the build script so I can release phpMyAdmin 5.1.0, but I've hit a strange issue with Composer and the cache warmup. I've manually defined all the "dev" packages as required, so that whether I run "composer update" or "composer update --no-dev" there are no changes to the installed packages. # composer update --no-dev # ./scripts/console cache:warmup --routing PHP Fatal error: Uncaught Error: Class 'PhpMyAdmin\Tests\Stubs\DbiDummy' not found in /var/www/pma-dev/fork/release/phpMyAdmin-5.1.0-rc1/scripts/console:41 Stack trace: #0 {main} thrown in /var/www/pma-dev/fork/release/phpMyAdmin-5.1.0-rc1/scripts/console on line 41 But # composer update # ./scripts/console cache:warmup --routing runs correctly... Any thoughts about this? I'd like to build the release without requiring all of the dev packages, but if I can't warm up the cache as part of the build, on first run phpMyAdmin throws an error message because ./cache/ isn't writable by the webserver process. Any thoughts about this?

1 0