phpMyAdmin security announcement PMASA-2005-3
Announcement-ID: PMASA-2005-3
Date: 2005-04-03
Summary:
Cross-Site Scripting vulnerability
Description:
We received a security advisory from Oriol Torrent Santiago and we wish to thank him for his work
and report. The convcharset parameter was not correctly validated, opening the door to a XSS attack.
Severity:
We consider this vulnerability to be serious.
Affected versions:
Probably all phpMyAdmin versions before 2.6.2-rc1.
Solution:
Upgrade to phpMyAdmin 2.6.2-rc1 or newer.
References:
http://www.arrelnet.com/advisories/adv20050403.html
For further information and in case of questions, please contact the phpMyAdmin team. Our website is
http://www.phpmyadmin.net/.
Hi,
Here is patch level 3 for phpMyAdmin 2.6.1. It fixes a problem
introduced in -pl2: can no longer update a field whose name starts with
"str".
Also included, a fix for the privileges management module: escaping of
the "_" character was not properly done, giving a wildcard privilege
when editing db-specific privileges with phpMyAdmin.
Details at http://www.phpmyadmin.net
Marc Delisle, for the team
Hi,
We are sorry to report that the release of 2.6.1-pl1 introduced an
instability, producing various problems. This has been fixed, and here
is 2.6.1-pl2.
See http://www.phpmyadmin.net.
Marc Delisle, for the team
Hi,
Patch level 1 of phpMyAdmin 2.6.1 fixes some security problems,
along with a few other bugs.
A more formal security alert will be posted when ready.
Meanwhile, the phpMyAdmin development team strongly advises an
upgrade to phpMyAdmin 2.6.1-pl1, and to also apply the following
security measures on your PHP installation (if feasible) by modifying
your php.ini configuration file (or virtual host settings):
- set register_globals to Off
- set display_errors to Off
- set log_errors to On
- define the path to your error log with the error_log directive
Both settings are recommended in the PHP documentation on a server
running in production. For example:
http://www.php.net/manual/en/security.errors.php
However, we suggest you review the impact of those changes before
applying them.
Meanwhile, work continues on the development version 2.6.2.
Marc Delisle, for the team.
_ __ __ _ _ _
_ __ | |__ _ __ | \/ |_ _ / \ __| |_ __ ___ (_)_ __
| "_ \| "_ \| "_ \| |\/| | | | | / _ \ / _` | "_ ` _ \| | "_ \
| |_) | | | | |_) | | | | |_| |/ ___ \ (_| | | | | | | | | | |
| .__/|_| |_| .__/|_| |_|\__, /_/ \_\__,_|_| |_| |_|_|_| |_|
|_| |_| |___/ 2.6.1
http://www.phpmyadmin.net
phpMyAdmin 2.6.1 - January 23rd, 2005
=====================================
A set of PHP-scripts to administrate MySQL over the Web.
--------------------------------------------------------
Announcement
------------
The phpMyAdmin Project is proud to announce the immediate
availability of phpMyAdmin 2.6.1.
Almost four months have passed since 2.6.0, although three patch releases
were made to take care of several security alerts we received. In 2.6.1
there are two more security fixes. As a consequence of one of these fixes,
if you want to use MIME-based external transformations you have to use a
PHP version of 4.3.0 or later.
A major speed improvement for users of the "cookie" authentication type
is included starting from 2.6.1-rc1, but you must be running on a Web
server with the mcrypt PHP module.
Another improvement worth mentionning, which relates to a new feature
offered on MySQL 4.1.2+: on multi-user installations, the control user
no longer needs to have any rights to the "mysql" db. It is now only used
to access the linked-tables infrastructure (pmadb).
phpMyAdmin is a web administration tool for MySQL databases, intended to
handle a whole database server as well as a single database. Over the years,
it has become the most popular GUI for MySQL and is downloaded about 6,000
times a day, according to SourceForge.net.
The highlights of this release in detail:
Highlights
----------
Upgrade note:
* Using external transformations now requires PHP > 4.3.0
Improvements:
* Major speed improvement (if using auth_type = 'cookie') by using the mcrypt library (if available on your system)
* Improved wording when adding fields
* (mysqli) support for compressed protocol and CLIENT_LOCAL_FILES
* Clickable active server in left panel
* Improved ANSI mode in various scripts
* Hints added (light bulb)
* Database copying
* New Database Operations tab: note that many db operations have been moved here, including the PDF schema generation dialog
* Optional simple blocking of root login
* Binary log display
* Index creating on multiple fields
* Improved displaying of messages below tabs
* Handle MySQL "duplicate entry" error
* User list: top index for user initials
* Support for OLD_PASSWORD() function
* Under MySQL 4.1.2+, we no longer need the control user to have rights over the "mysql" db
* New checks for common index problems
* Upload: show filename of uploaded file
* Improved page selector when browsing foreign table values
* Improved handling of InnoDB constraints
* Speed up display for left panel with PMA infrastructure is used
* New message "no activity..."
* Support of keywords NAMES and VIEW
* Can now edit next entry (based on the next numeric primary key)
* New warnings related to the use of mbstring
* Improved navigation in calendar
* Export: selectable SQL compatibility
* PDF schema: added support for output in UTF-8
Fixes:
* Security fix against some crafted data allowing arbitrary program execution (if PHP safe mode is off and external transformations are activated)
* Security fix against a possible attack on read_dump.php (if PHP safe mode is off)
* Incorrect appending of LIMIT to queries
* Export: insufficient space to save
* Export: convert end of line chars we get from MySQL
* Wrong double column sort (with JOIN)
* Export: (mysqli) some fields wrongly exported as BINARY
* Illegal mix of collations for converted strings
* Wrong tabbing from value to value
* Allow work on temporary tables
* UNIX_TIMESTAMP and optional parameter
* Export: improved zip headers
* 0 as field name caused problems
* Incorrect handling when no default server defined
* Export: Use just for SQL exports
* Comments and multi-table selects
* Security: deactivate the list of programs for external transformations
* Incorrect handling of OFFSET
* Better displaying of table-specific privileges for a db containing an escaped character
* Since 2.6.0-pl3, connecting on a non-standard HTTP port did not work
* Do not catch Alt and Shift keys
* Do not duplicate constraints when exporting multiple databases
* Illegal length for LONGTEXT
* Moving/copying a table: problem with constraints copying
* Reloading frame on multiple queries
* Collations on non-text fields
* Use standardized MIME type for gzip/bzip2
* Problem with field names like 000
* Timestamps problem under MySQL 4.1.x
* Support Option key for field moving in Safari
* Error when adding a FLOAT field under MySQL 4.1.x
* Headers sent on invalid login
* Wrong treatment of MySQL error 1060
* Problem in bookmark logic when using MySQLi
Detailed list of changes since version 2.2.0 is available under
http://www.phpmyadmin.net/ChangeLog.txt
Availability
------------
This software is available under the GNU General Public License V2.0.
You can get the newest version at http://www.phpmyadmin.net/
Available file formats are: .zip, .tar.gz and .tar.bz2.
If you install phpMyAdmin on your system, it"s recommended to
subscribe to the news mailing list by adding your address under
http://lists.sourceforge.net/lists/listinfo/phpmyadmin-news
This way, you will be informed of new updates and security fixes.
It is a read only list, and traffic is not greater than a few
mail every year.
Support and Documentation
-------------------------
The documentation is included in the software package as text and
HTML file, but can also be downloaded from:
http://www.phpmyadmin.net/documentation/
The software is provided as is without any express or implied
warranty, but there is a bugs tracker page under:
http://sourceforge.net/projects/phpmyadmin/ [click on "Bugs"]
In addition, there are also a number of discussion lists
related to phpMyAdmin. A list of mailing lists with archives
is available at:
http://sourceforge.net/mail/?group_id=23067 or
http://sourceforge.net/projects/phpmyadmin/ [click on "Lists"]
Finally, an users support forum is also available under:
http://sourceforge.net/forum/forum.php?forum_id=72909
Known bugs
----------
- phpMyAdmin SQL parser chokes on fieldnames with certain non-ASCII characters
(bugs #593598, #936161).
To be informed about new releases fixing these problems, please
subscribe to the news mailing list under
http://lists.sourceforge.net/lists/listinfo/phpmyadmin-news
or regularly check the sourceforge bugs tracker.
Donations
---------
The project accepts donations to help improve the product. There is
a "Donations" link on http://www.phpmyadmin.net.
Description
-----------
phpMyAdmin is intended to handle the administration of MySQL over the Web. It
can manage a whole MySQL server as well as a single database.
Currently it can:
- create, copy and drop databases
- create, copy, drop, rename and alter tables
- do table maintenance
- delete, edit and add fields
- execute any SQL-statement, even batch-queries
- manage keys on fields
- load text files into tables
- create and read dumps of tables
- export data to CSV, XML and Latex formats
- administer multiple servers
- manage MySQL users and privileges
- check referential integrity
- using Query-by-example (QBE), create complex queries automatically
connecting required tables
- create PDF graphics of your Database layout
- search globally in a database or a subset of it
- communicate in 47 different languages
Authors & Copyright
-------------------
Copyright (C) 1998-2000 Tobias Ratschiller <tobias_at_ratschiller.com>
Copyright (C) 2001-2005 Marc Delisle <DelislMa_at_CollegeSherbrooke.qc.ca>
Olivier Müller <om_at_omnis.ch>
Robin Johnson <robbat2_at_users.sourceforge.net>
Alexander M. Turek <me_at_derrabus.de>
Michal Cihar <michal_at_cihar.com>
Garvin Hicking <me_at_supergarv.de>
Marcel Tschopp <ne0x_at_users.sourceforge.net>
+ many other people
(check the CREDITS section of our documentation)
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Marc Delisle/ 2005-01-23
_ __ __ _ _ _
_ __ | |__ _ __ | \/ |_ _ / \ __| |_ __ ___ (_)_ __
| "_ \| "_ \| "_ \| |\/| | | | | / _ \ / _` | "_ ` _ \| | "_ \
| |_) | | | | |_) | | | | |_| |/ ___ \ (_| | | | | | | | | | |
| .__/|_| |_| .__/|_| |_|\__, /_/ \_\__,_|_| |_| |_|_|_| |_|
|_| |_| |___/ 2.6.1-rc2
http://www.phpmyadmin.net
phpMyAdmin 2.6.1-rc2 - January 9th, 2005
========================================
A set of PHP-scripts to administrate MySQL over the Web.
--------------------------------------------------------
Announcement
------------
The phpMyAdmin Project is proud to announce the immediate
availability of the second release candidate of phpMyAdmin 2.6.1.
Almost four months have passed since 2.6.0, although three patch releases
were made to take care of several security alerts we received. In 2.6.1
there are two more security fixes. As a consequence of one of these fixes,
if you want to use MIME-based external transformations you have to use a
PHP version of 4.3.0 or later.
A big speed improvement for users of the "cookie" authentication type
is included starting from 2.6.1-rc1, but you must be running on a Web
server with the mcrypt PHP module.
Another improvement worth mentionning, which relates to a new feature
offered on MySQL 4.1.2+: on multi-user installations, the control user
no longer needs to have any rights to the "mysql" db. It is now only used
to access the linked-tables infrastructure (pmadb).
Please note that it is not recommended to run this testing release on
production environments.
phpMyAdmin is a web administration tool for MySQL databases, intended to
handle a whole database server as well as a single database. Over the years,
it has become the most popular GUI for MySQL and is downloaded about 6,000
times a day, according to SourceForge.net.
The highlights of this release in detail:
Highlights
----------
Upgrade note:
* Using external transformations now requires PHP > 4.3.0
Improvements:
* Big speed improvement (if using auth_type = 'cookie') by using the mcrypt library (if
available on your system)
* Improved wording when adding fields
* (mysqli) support for compressed protocol and CLIENT_LOCAL_FILES
* Clickable active server in left panel
* Improved ANSI mode in various scripts
* Hints added (light bulb)
* Database copying
* New Database Operations tab: note that many db operations have been moved here, including the
PDF schema generation dialog
* Optional simple blocking of root login
* Binary log display
* Index creating on multiple fields
* Improved displaying of messages below tabs
* Handle MySQL "duplicate entry" error
* User list: top index for user initials
* Support for OLD_PASSWORD() function
* Under MySQL 4.1.2+, we no longer need the control user to have rights over the "mysql" db
* New checks for common index problems
* Upload: show filename of uploaded file
* Improved page selector when browsing foreign table values
* Improved handling of InnoDB constraints
* Speed up display for left panel with PMA infrastructure is used
* New message "no activity..."
* Support of keywords NAMES and VIEW
* Can now edit next entry (based on the next numeric primary key)
* New warnings related to the use of mbstring
* Improved navigation in calendar
* Export: selectable SQL compatibility
* PDF schema: added support for output in UTF-8
Fixes:
* Security fix against some crafted data allowing arbitrary program execution (if PHP safe mode
is off and external transformations are activated)
* Security fix against a possible attack on read_dump.php (if PHP safe mode is off)
* Incorrect appending of LIMIT to queries
* Export: insufficient space to save
* Export: convert end of line chars we get from MySQL
* Wrong double column sort (with JOIN)
* Export: (mysqli) some fields wrongly exported as BINARY
* Illegal mix of collations for converted strings
* Wrong tabbing from value to value
* Allow work on temporary tables
* UNIX_TIMESTAMP and optional parameter
* Export: improved zip headers
* 0 as field name caused problems
* Incorrect handling when no default server defined
* Export: Use just for SQL exports
* Comments and multi-table selects
* Security: deactivate the list of programs for external transformations
* Incorrect handling of OFFSET
* Better displaying of table-specific privileges for a db containing an escaped character
* Since 2.6.0-pl3, connecting on a non-standard HTTP port did not work
* Do not catch Alt and Shift keys
* Do not duplicate constraints when exporting multiple databases
* Illegal length for LONGTEXT
* Moving/copying a table: problem with constraints copying
* Reloading frame on multiple queries
* Collations on non-text fields
* Use standardized MIME type for gzip/bzip2
* Problem with field names like 000
* Timestamps problem under MySQL 4.1.x
* Support Option key for field moving in Safari
* Error when adding a FLOAT field under MySQL 4.1.x
Detailed list of changes since version 2.2.0 is available under
http://www.phpmyadmin.net/ChangeLog.txt
Availability
------------
This software is available under the GNU General Public License V2.0.
You can get the newest version at http://www.phpmyadmin.net/
Available file formats are: .zip, .tar.gz and .tar.bz2.
If you install phpMyAdmin on your system, it"s recommended to
subscribe to the news mailing list by adding your address under
http://lists.sourceforge.net/lists/listinfo/phpmyadmin-news
This way, you will be informed of new updates and security fixes.
It is a read only list, and traffic is not greater than a few
mail every year.
Support and Documentation
-------------------------
The documentation is included in the software package as text and
HTML file, but can also be downloaded from:
http://www.phpmyadmin.net/documentation/
The software is provided as is without any express or implied
warranty, but there is a bugs tracker page under:
http://sourceforge.net/projects/phpmyadmin/ [click on "Bugs"]
In addition, there are also a number of discussion lists
related to phpMyAdmin. A list of mailing lists with archives
is available at:
http://sourceforge.net/mail/?group_id=23067 or
http://sourceforge.net/projects/phpmyadmin/ [click on "Lists"]
Finally, an users support forum is also available under:
http://sourceforge.net/forum/forum.php?forum_id=72909
Known bugs
----------
- phpMyAdmin SQL parser chokes on fieldnames with certain non-ASCII characters
(bugs #593598, #936161).
To be informed about new releases fixing these problems, please
subscribe to the news mailing list under
http://lists.sourceforge.net/lists/listinfo/phpmyadmin-news
or regularly check the sourceforge bugs tracker.
Donations
---------
The project accepts donations to help improve the product. There is
a "Donations" link on http://www.phpmyadmin.net.
Description
-----------
phpMyAdmin is intended to handle the administration of MySQL over the Web. It
can manage a whole MySQL server as well as a single database.
Currently it can:
- create, copy and drop databases
- create, copy, drop, rename and alter tables
- do table maintenance
- delete, edit and add fields
- execute any SQL-statement, even batch-queries
- manage keys on fields
- load text files into tables
- create and read dumps of tables
- export data to CSV, XML and Latex formats
- administer multiple servers
- manage MySQL users and privileges
- check referential integrity
- using Query-by-example (QBE), create complex queries automatically
connecting required tables
- create PDF graphics of your Database layout
- search globally in a database or a subset of it
- communicate in 47 different languages
Authors & Copyright
-------------------
Copyright (C) 1998-2000 Tobias Ratschiller <tobias_at_ratschiller.com>
Copyright (C) 2001-2004 Marc Delisle <DelislMa_at_CollegeSherbrooke.qc.ca>
Olivier Müller <om_at_omnis.ch>
Robin Johnson <robbat2_at_users.sourceforge.net>
Alexander M. Turek <me_at_derrabus.de>
Michal Cihar <michal_at_cihar.com>
Garvin Hicking <me_at_supergarv.de>
Marcel Tschopp <ne0x_at_users.sourceforge.net>
+ many other people
(check the CREDITS section of our documentation)
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Marc Delisle/ 2005-01-09
phpMyAdmin security announcement
_________________________________________________________________
Announcement-ID: PMASA-2004-4
Date: 2004-12-13
Summary:
Two vulnerabilities were found in phpMyAdmin, that may allow command
execution and file disclosure.
Description:
We received a security advisory from Nicolas Gregoire (exaprobe.com)
about those vulnerabilities and we wish to thank him for his work.
Both vulnerabilites can be exploited only on a web server where PHP
safe mode is off.
The vulnerabilities apply to those points:
1. Command execution: since phpMyAdmin 2.6.0-pl2, on a system where
external MIME-based transformations are activated, an attacker can
put into MySQL data an offensive value that starts a shell command
when browsed.
2. File disclosure: on systems where the UploadDir mecanism is
active, read_dump.php can be called with a crafted form; using the
fact that the sql_localfile variable is not sanitized can lead to
a file disclosure.
Severity:
As any of those vulnerabilites can be used for command execution or
file disclosure, we consider them to be serious (on servers where PHP
safe mode is off).
Affected versions:
Command execution problem: since phpMyAdmin 2.6.0-pl2. File disclosure
problem: vulnerable since at least version 2.4.0.
Unaffected versions:
CVS HEAD has been fixed. The 2.6.1-rc1 release.
Solution:
We strongly advise everyone to upgrade to version 2.6.1 when released.
Meanwhile, setting PHP safe mode to on avoids those problems. If not
feasible, you should deactivate MIME-based external transformations
and the UploadDir mecanism.
Reference:
http://www.exaprobe.com/labs/advisories/esa-2004-1213.html
For further information and in case of questions, please contact the
phpMyAdmin team. Our website is http://www.phpmyadmin.net/.
_ __ __ _ _ _
_ __ | |__ _ __ | \/ |_ _ / \ __| |_ __ ___ (_)_ __
| "_ \| "_ \| "_ \| |\/| | | | | / _ \ / _` | "_ ` _ \| | "_ \
| |_) | | | | |_) | | | | |_| |/ ___ \ (_| | | | | | | | | | |
| .__/|_| |_| .__/|_| |_|\__, /_/ \_\__,_|_| |_| |_|_|_| |_|
|_| |_| |___/ 2.6.1-rc1
http://www.phpmyadmin.net
phpMyAdmin 2.6.1-rc1 - December 12th, 2004
==========================================
A set of PHP-scripts to administrate MySQL over the Web.
--------------------------------------------------------
Announcement
------------
The phpMyAdmin Project is proud to announce the immediate
availability of the first release candidate of phpMyAdmin 2.6.1.
Almost three months have passed since 2.6.0, although three patch releases
were made to take care of several security alerts we received. In 2.6.1
there are two more security fixes (and the official alert will be published
in a few days). As a consequence of one of these fixes, if you want to use
MIME-based external transformations you have to use a PHP version of 4.3.0
or later.
A big speed improvement for users of the "cookie" authentication type
is included in 2.6.1-rc1, but you must be running on a Web server with
the mcrypt PHP module.
Another improvement worth mentionning, which relates to a new feature
offered on MySQL 4.1.2+: on multi-user installations, the control user
no longer needs to have any rights to the "mysql" db. It is now only used
to access the linked-tables infrastructure (pmadb).
Please note that it is not recommended to run this testing release on
production environments.
phpMyAdmin is a web administration tool for MySQL databases, intended to
handle a whole database server as well as a single database. Over the years,
it has become the most popular GUI for MySQL and is downloaded about 6,000
times a day, according to SourceForge.net.
The highlights of this release in detail:
Highlights
----------
Upgrade note:
* Using external transformations now requires PHP > 4.3.0
Improvements:
* Big speed improvement (if using auth_type = 'cookie') by using the
mcrypt library (if available on your system)
* Improved wording when adding fields
* (mysqli) support for compressed protocol and CLIENT_LOCAL_FILES
* Clickable active server in left panel
* Improved ANSI mode in various scripts
* Hints added (light bulb)
* Database copying
* New Database Operations tab
* Optional simple blocking of root login
* Binary log display
* Index creating on multiple fields
* Improved displaying of messages below tabs
* Handle MySQL "duplicate entry" error
* User list: top index for user initials
* Support for OLD_PASSWORD() function
* Under MySQL 4.1.2+, we no longer need the control user to have
rights over the "mysql" db
* New checks for common index problems
* Upload: show filename of uploaded file
* Improved page selector when browsing foreign table values
* Improved handling of InnoDB constraints
* Speed up display for left panel with PMA infrastructure is used
* New message "no activity..."
Fixes:
* Security fix against some crafted data allowing arbitrary program
execution (if PHP safe mode is off and external transformations are
activated)
* Security fix against a possible attack on read_dump.php
(if PHP safe mode is off)
* Incorrect appending of LIMIT to queries
* Export: insufficient space to save
* Export: convert end of line chars we get from MySQL
* Wrong double column sort (with JOIN)
* Export: (mysqli) some fields wrongly exported as BINARY
* Illegal mix of collations for converted strings
* Wrong tabbing from value to value
* Allow work on temporary tables
* UNIX_TIMESTAMP and optional parameter
* Export: improved zip headers
* 0 as field name caused problems
* Incorrect handling when no default server defined
* Export: Use just for SQL exports
* Comments and multi-table selects
* Security: deactivate the list of programs for external transformations
* Incorrect handling of OFFSET
* Better displaying of table-specific privileges for a db containing
an escaped character
* Since 2.6.0-pl3, connecting on a non-standard HTTP port did not work
Detailed list of changes since version 2.2.0 is available under
http://www.phpmyadmin.net/ChangeLog.txt
Availability
------------
This software is available under the GNU General Public License V2.0.
You can get the newest version at http://www.phpmyadmin.net/
Available file formats are: .zip, .tar.gz and .tar.bz2.
If you install phpMyAdmin on your system, it's recommended to
subscribe to the news mailing list by adding your address under
http://lists.sourceforge.net/lists/listinfo/phpmyadmin-news
This way, you will be informed of new updates and security fixes.
It is a read only list, and traffic is not greater than a few
mail every year.
Support and Documentation
-------------------------
The documentation is included in the software package as text and
HTML file, but can also be downloaded from:
http://www.phpmyadmin.net/documentation/
The software is provided as is without any express or implied
warranty, but there is a bugs tracker page under:
http://sourceforge.net/projects/phpmyadmin/ [click on "Bugs"]
In addition, there are also a number of discussion lists
related to phpMyAdmin. A list of mailing lists with archives
is available at:
http://sourceforge.net/mail/?group_id=23067 or
http://sourceforge.net/projects/phpmyadmin/ [click on "Lists"]
Finally, an users support forum is also available under:
http://sourceforge.net/forum/forum.php?forum_id=72909
Known bugs
----------
- phpMyAdmin SQL parser chokes on fieldnames with certain non-ASCII characters
(bugs #593598, #936161).
To be informed about new releases fixing these problems, please
subscribe to the news mailing list under
http://lists.sourceforge.net/lists/listinfo/phpmyadmin-news
or regularly check the sourceforge bugs tracker.
Donations
---------
The project accepts donations to help improve the product. There is
a "Donations" link on http://www.phpmyadmin.net.
Description
-----------
phpMyAdmin is intended to handle the administration of MySQL over the Web. It
can manage a whole MySQL server as well as a single database.
Currently it can:
- create, copy and drop databases
- create, copy, drop, rename and alter tables
- do table maintenance
- delete, edit and add fields
- execute any SQL-statement, even batch-queries
- manage keys on fields
- load text files into tables
- create and read dumps of tables
- export data to CSV, XML and Latex formats
- administer multiple servers
- manage MySQL users and privileges
- check referential integrity
- using Query-by-example (QBE), create complex queries automatically
connecting required tables
- create PDF graphics of your Database layout
- search globally in a database or a subset of it
- communicate in 47 different languages
Authors & Copyright
-------------------
Copyright (C) 1998-2000 Tobias Ratschiller <tobias_at_ratschiller.com>
Copyright (C) 2001-2004 Marc Delisle <DelislMa_at_CollegeSherbrooke.qc.ca>
Olivier Müller <om_at_omnis.ch>
Robin Johnson <robbat2_at_users.sourceforge.net>
Alexander M. Turek <me_at_derrabus.de>
Michal Cihar <michal_at_cihar.com>
Garvin Hicking <me_at_supergarv.de>
Marcel Tschopp <ne0x_at_users.sourceforge.net>
+ many other people
(check the CREDITS section of our documentation)
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
Marc Delisle/ 2004-12-12
Hi,
Patch level 3 of phpMyAdmin 2.6.0 has been released,
fixing some XSS vulnerabilities.
Our PMASA-2004-3 security announcement gives more details and further
references. The announcement and downloads details are available at
http://www.phpmyadmin.net
Marc Delisle, for the team
