>and with this very powerfull database administration tool
>- it's IMNSHO very - very very - important to always keep security
>issues as a top priority - it's better to leave out a fancy feature to
>later implementation - than to just give a damn about the security
>and hope that it'll be fixed later...
I fully agree. So let's test and test ans test again the user
administration page I've rewritten to fit xhtml standards.
An other possible security issue may be the improved copy/move
table feature that were added the option to work with other db than
the current one. I'm not sure the access rights to the target db are
checked before the query is executed.
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
>thus I think that it better of preparer the
>version 3.x with new functionality and graphic system
Well it must be for 3.x.
Let's remain some coding standards in version numbers
for most open source projects. There are three digits:
- the third one change for bug fixes only ;
- the second one when modifications regards large part of the
code;
- and the first one for major changes.
With these conventions:
- the next version could be 2.2.1 or a 2.3.0 since the big
"lib.inc.php3" has been splitted;
- a new interface like the nice one you suggested and thumbnails
must lead to a 3.x version since it implies far or less a rewrite of
of the whole script.
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
finally it work!
well, I think that it is true to install this new graphic environment
on a version such as 2.3.x is not good a idea.
(also it takes me time)
thus I think that it better of preparer the
version 3.x with new functionality and graphic system
What you think ?
Michael_-
Hi List!
I've done some investigations on bugs #461192 and
#463683 and my conclusion is we need a powerfull
parser for "SELECT" queries.
I mean that to fix these bugs and some other ones
that can't be long to be submitted it requires :
1) To be able to get "true" db and table names, even
if aliases are used in the query (and then
mysql_fetch_field is not enough) because we need
these "true" names to modify/delete a record, for
example.
2) To be able to split the sql query in convenient parts
ie:
- what is before the "FROM" (is there a "DISTINCT"
clause, is the COUNT function used...),
- what is in the "FROM" part of the query (is it a query
with a "JOIN" clause or not...)
- and what are the different clauses after the "FROM"
part of the query.
All this is necessary to achieve the first point (get the
"true" db and table names) and to know the number
of record returned by the query without the program-
matically appended "LIMIT" clause.
3) To distinguish the true different clauses keywords from
the same words used as backquoted db/table/fields
names or as fields values. I mean for example to take
into account only the second " FROM " in the query:
SELECT `my from field`
FROM my_table
WHERE `my from field` = 'annoying from in string'
4) To take care of in-line comments and of the "/*!..*/"
MySQL syntax: the former should be skipped from
the query while parsing it, the latter should be taken
into account depending on the MySQL version.
For exemple whith the query:
SELECT `my_field`
FROM my_table
/*!32340 WHERE `my_field` = 'something' */
may or may not have a where clause depending on
the MySQL version and then the total number of
rows depends also on the MySQL version.
As you may have understand this is a huge work and
I don't have enough free time to work on it now.
Does anyone of you can work on this?
BTW I wonder if we should not release the 2.2.1
version as soon as possible because many bugs have
already been fixed since 2.2.0.
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
> I think this bug has already been fixed in the current
> cvs version but in a different way: a "DISTINCT" clause
> has been added in the sql query used to get the table
> list.
vs.
> $dblist = array_unique($true_dblist);
And this is defenitly also the most correct way to solve the problem - as
array_unique first was introduced in PHP 4.0.0 and by the way was broken in
PHP 4.0.4
This also calls for a general "WATCH OUT" to all us developers - please keep
in mind that "core" phpMyAdmin functions must not rely on newly added PHP
functions - as phpMyAdmin is used on many platforms that has not been
upgraded with the latest software - and according to securityfixes etc. it
would be very bad if ISPs (etc.) won't be able to upgrade their phpMyAdmin
to a newer version (with securityfixes etc.).
So my plea to you guys - carefully think about the consequenses when you
uses a PHP function that wasen't in PHP 3.x.x - often a little bit of
extended - thought thru - code may replace the newle added PHP feature and
secure the downward compability with PHP 3.x.x (and MySQL) versions.
My to minuts worth of wisdom ;o) Comments on this is welcome and appreciated
:-)
Kind regards
Geert Lund
Hi Michael, Armel & all!
I think this bug has already been fixed in the current
cvs version but in a different way: a "DISTINCT" clause
has been added in the sql query used to get the table
list.
Regards,
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif
Hi all,
----- Original Message -----
From: "Michael Katzenmayer" <katzenmayer(a)erfnet.de>
To: <webmaster(a)phpindex.com>
Sent: Tuesday, September 25, 2001 4:10 PM
Subject: Bug in phpmyadmin left.php
> Hi,
>
> Sometimes when only_db is selected, the db is shown twice in the left
frame. I don't know why that happens, but changing
>
> $dblist = $true_dblist;
>
> to
>
> $dblist = array_unique($true_dblist);
>
> fixes the problem.
>
> Michael Katzenmayer
>
I've just received a mail from Michael: he can not post message to
the dev. list at this time (he subscribed about 5 hours ago but SF
seems to be lagging a bit).
Nevertheless he had read all your opinions and will take them into
account.
Loïc
______________________________________________________________________________
ifrance.com, l'email gratuit le plus complet de l'Internet !
vos emails depuis un navigateur, en POP3, sur Minitel, sur le WAP...
http://www.ifrance.com/_reloc/email.emailif