Re: [Phpmyadmin-devel] Phpmyadmin-devel Digest, Vol 68, Issue 52
I recently contributed a bit of code in a message to this list. It created a new transformation "Append" that just appended the specified text to a field for display. I don't know if any developer actually captured my contribution for incorporation into the code base. I'm not a serious developer and have no wish to become one. In fact I plan to unsubscribe from this list soon. If anybody wants to pursue this, let me know. On Mar 28, 2012, at 12:29 PM, phpmyadmin-devel-request@lists.sourceforge.net wrote:
Send Phpmyadmin-devel mailing list submissions to phpmyadmin-devel@lists.sourceforge.net
To subscribe or unsubscribe via the World Wide Web, visit https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel or, via email, send a message with subject or body 'help' to phpmyadmin-devel-request@lists.sourceforge.net
You can reach the person managing the list at phpmyadmin-devel-owner@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific than "Re: Contents of Phpmyadmin-devel digest..." Today's Topics:
1. Re: guidelines for avoiding security pitfalls (Marc Delisle) 2. phpMyAdmin at Percona MySQL Live Conference & Expo 2012 (Michal ?iha?) 3. phpMyAdmin 3.4.10.2 is released (Marc Delisle) 4. Re: Automated Testing - GSoC Project Idea 2012 (yasitha pandithawatta)
From: Marc Delisle <marc@infomarc.info> Subject: Re: [Phpmyadmin-devel] guidelines for avoiding security pitfalls Date: March 28, 2012 5:37:54 AM PDT To: phpmyadmin-devel@lists.sourceforge.net Reply-To: phpmyadmin-devel@lists.sourceforge.net
Le 2012-03-28 04:53, Michal Čihař a écrit :
Hi
Dne Tue, 27 Mar 2012 22:01:05 +0200 Dieter Adriaenssens <dieter.adriaenssens@gmail.com> napsal(a):
As discussed on the team meeting in February, I started creating a wiki page with some guidelines for avoiding security bugs [0]. The page is not finished yet, I just set out some ideas, that I will work out in the next few days. Feel free to comment, improve or add guidelines as you see fit.
Thanks, looks great so far!
Yes, thanks. I'm wondering, are there places where we really use htmlentities() for protection?
Also I think we should talk about PMA_sanitize().
-- Marc Delisle http://infomarc.info
From: Michal Čihař <michal@cihar.com> Subject: [Phpmyadmin-devel] phpMyAdmin at Percona MySQL Live Conference & Expo 2012 Date: March 28, 2012 6:44:57 AM PDT To: phpmyadmin-devel@lists.sourceforge.net, phpmyadmin-users@lists.sf.net, phpmyadmin-news@lists.sf.net Reply-To: phpmyadmin-devel@lists.sourceforge.net
Hi,
phpMyAdmin will be participating in the Percona MySQL Live Conference & Expo, April 10-12, 2012, in Santa Clara, California.
Be sure to stop by and visit us at the Dot Org Pavilion!
Need a discount code? "PHP-PL12" will save you 10%.
For more information see http://www.percona.com/live/mysql-conference-2012/
-- Michal Čihař for the phpMyAdmin team
From: Marc Delisle <marc@infomarc.info> Subject: [Phpmyadmin-devel] phpMyAdmin 3.4.10.2 is released Date: March 28, 2012 9:58:46 AM PDT To: phpmyadmin-news@lists.sf.net, phpmyadmin-users@lists.sf.net, phpmyadmin-devel@lists.sf.net Reply-To: phpmyadmin-devel@lists.sourceforge.net
Welcome to phpMyAdmin 3.4.10.2, a minor security release.
Please refer to the upcoming PMASA-2012-2 announcement on http://www.phpmyadmin.net/home_page/security.
Details will appear on http://phpmyadmin.net. In a hurry? you can visit http://sourceforge.net/projects/phpmyadmin to download.
Marc Delisle, for the team
From: yasitha pandithawatta <yasitha4@gmail.com> Subject: Re: [Phpmyadmin-devel] Automated Testing - GSoC Project Idea 2012 Date: March 28, 2012 12:29:34 PM PDT To: phpmyadmin-devel@lists.sourceforge.net Reply-To: phpmyadmin-devel@lists.sourceforge.net
2012/3/21 yasitha pandithawatta <yasitha4@gmail.com>
2012/3/17 yasitha pandithawatta <yasitha4@gmail.com>
On Wed, Mar 14, 2012 at 11:04 PM, yasitha pandithawatta <yasitha4@gmail.com> wrote:
On Tue, Mar 13, 2012 at 2:22 AM, Marc Delisle <marc@infomarc.info> wrote: Le 2012-03-12 15:23, Michal Čihař a écrit :
Hi
Dne Tue, 6 Mar 2012 08:53:13 +0530 yasitha pandithawatta <yasitha4@gmail.com> napsal(a):
I have set up the the testing environment. I tried to run some test suits. I have found most of the test suits have some fatal errors. Test classes under test/libraries/ are working fine. I went through the AllTest.php. The required paths have some conflicts with the real paths.
Most of the cases I'll getting the following fatal error.
PHP Fatal error: require_once(): Failed opening required './test/PMA_get_real_size_test.php' (include_path='.:/usr/share/php:/usr/share/pear:') in /var/www/phpmyadmin-dev/test/AllTests.php on line 32 (File path for an example)
And required require_once './test/FailTest.php' is not found in the package.
What can I do for these issues?
Well AllTests.php is not really used for testing. To run complete testsuite, running phpunit in phpMyAdmin's directory should do the job. I think AllTests.php is pretty much outdated and probably should be rather dropped...
Done, along with AllSeleniumTests.php.
-- Marc Delisle http://infomarc.info
------------------------------------------------------------------------------ Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2
_______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
Hi,
I went through the AllSeleniumTests.php and found the tests are outdated. I started to re write the PmaSeleniumTestCase.php and I updated the PmaSeleniumLoginTest.php. I just add the login test to the AllSeleniumTest suit. If I can get a feed back I can write the test cases for the remaining two suits. Patch was attached to the source forge patch tracker.[1] Add a README file under /test/selenium which contains testing configuration guide.
Regards,
-- Yasitha Pandithawatta Undergraduate Computer Science and Engineering Department University of Moratuwa Sri Lanka
[1] - https://sourceforge.net/tracker/?func=detail&aid=3504536&group_id=23067&atid...
Hi Michal,
I wrote some selenium test cases for login. I updated the AllSeleniumTests.php and add I add a Helper class and TestConfig class which can be use when writing other test cases. I attached the changes as patch in source forge patch tracker.[1] Meanwhile Mark has removed the AllTests.php along with AllSeleniumTests.php. Since AllSeleniumTests.php class is no longer there patch will give some errors. He suggested some one familiar with selenium should involved with this. ch willCan you look for this. Adding old AllSeleniumTests.php and merge my patch will do the job.
Regards, -- Yasitha Pandithawatta Undergraduate Computer Science and Engineering Department University of Moratuwa Sri Lanka
[1] - https://sourceforge.net/tracker/?func=detail&aid=3504536&group_id=23067&atid...
Hi,
I updated the patch and attached to the patch traker. [1]. It can be directly merged into the current master branch.
Regards, -- Yasitha Pandithawatta Undergraduate Computer Science and Engineering Department University of Moratuwa Sri Lanka
[1] - https://sourceforge.net/tracker/?func=detail&aid=3504536&group_id=23067&atid...
Hi,
I fixed the PmaSeleniumPrivilegesTest and PmaSeleniumXssTest classes as well. I attached the patch in the source forge patch tracker.[0] In PmaSeleniumXssTest class I added a method testQueryTabWithNullValue() to test the processing a null query. But there should be another method to handle the query with xss scripts. For this I need to call selenium.type() on the respective textarea. But in the latest version the textarea is replaced with codemirror object. It doesn't have an id and cannot access via Xpath. Can you give any suggestion for this?
Regards,
-- Yasitha Pandithawatta Undergraduate Computer Science and Engineering Department University of Moratuwa Sri Lanka
[1] - https://sourceforge.net/tracker/?func=detail&aid=3512509&group_id=23067&atid...
------------------------------------------------------------------------------ This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure___________________________________________... Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
Le 2012-03-30 20:27, G R Lewis a écrit :
I recently contributed a bit of code in a message to this list. It created a new transformation "Append" that just appended the specified text to a field for display.
I don't know if any developer actually captured my contribution for incorporation into the code base. I'm not a serious developer and have no wish to become one. In fact I plan to unsubscribe from this list soon.
If anybody wants to pursue this, let me know.
Hi, I am currently looking at your code. -- Marc Delisle http://infomarc.info
Le 2012-03-31 07:16, Marc Delisle a écrit :
Le 2012-03-30 20:27, G R Lewis a écrit :
I recently contributed a bit of code in a message to this list. It created a new transformation "Append" that just appended the specified text to a field for display.
I don't know if any developer actually captured my contribution for incorporation into the code base. I'm not a serious developer and have no wish to become one. In fact I plan to unsubscribe from this list soon.
If anybody wants to pursue this, let me know.
Hi, I am currently looking at your code.
Hi, Thanks, I have incorporated your code to the master branch (future 4.0 version), and added XSS protection to the string that is appended by the transformation. -- Marc Delisle http://infomarc.info
participants (2)
-
G R Lewis -
Marc Delisle