November 29, 2016

Michal Čihař

Weekly phpMyAdmin contributions 2016-W47

Last week we've finally managed to release phpMyAdmin 4.6.5 (and quickly followed by hotfix 4.6.5.1). This included several security fixes (see my comment on our security status yesterday and lot of bugfixes as we've really failed to release quickly this time. Next release should follow two month release schedule, so let's see how we will manage that.

There was some work on the code and libraries as well. The ShapeFile library has reached 1.0 milestone after several fixes and testsuite improvements, so if you are looking for PHP library to handle ESRI Shape Files, this is the best choice right now.

Handled issues:

Filed under: English phpMyAdmin | 0 comments

by Michal Čihař (michal@cihar.com) at November 29, 2016 11:00 AM

November 28, 2016

Michal Čihař

phpMyAdmin security issues

You might wonder why there is so high number of phpMyAdmin security announcements this year. This situations has two main reasons and I will comment a bit on those.

First of all we've got quite a lot of attention of people doing security reviews this year. It has all started with Mozilla SOS Fund funded audit. It has discovered few minor issues which were fixed in the 4.6.2 release. However this was really just the beginning of the story and the announcement has attracted quite some attention to us. In upcoming weeks the security@phpmyadmin.net mailbox was full of reports and we really struggled to handle such amount. Handling that amount actually lead to creating more formalized approach to handling them as we clearly were no longer able to deal with them based on email only. Anyway most work here was done by Emanuel Bronshtein, who is really looking at every piece of our code and giving useful tips to harden our code base and infrastructure.

Second thing which got changed is that we release security announcements for security hardening even when there might not be any practical attack possible. Typical example here might be PMASA-2016-61, where using hash_equals is definitely safer, but even if the timing attack would be doable here, the practical result of figuring out admin configured allow/deny rules is usually not critical. Many of the issues also cover quite rare setups (or server misconfigurations, which we've silently fixed in past) like PMASA-2016-54 being possibly caused by server executing shell scripts shipped together with phpMyAdmin.

Overall phpMyAdmin indeed got safer this year. I don't think that there was any bug that would be really critical, on the other side we've made quite a lot of hardenings and we use current best practices when dealing with sensitive data. On the other side, I'm pretty sure our code was not in worse shape than any similarly sized projects with 18 years of history, we just become more visible thanks to security audit and people looked deeper into our code base.

Besides security announcements this all lead to generic hardening of our code and infrastructure, what might be not that visible, but are important as well:

  • All our websites are server by https only
  • All our releases are PGP signed
  • We actively encourage users to verify the downloaded files
  • All new Git tags are PGP signed as well

Filed under: Debian English phpMyAdmin SUSE | 0 comments

by Michal Čihař (michal@cihar.com) at November 28, 2016 05:00 PM

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week13

 

Last week saw the release of phpMyAdmin 4.6.5 (and 4.6.5.1 which included two minor fixes in 4.6.5) and security releases 4.4.15.9 and 4.0.10.18.

The 4.6.5 release had two minor but irritating issues: one with  mysqli_real_escape_string() being passed improper parameters and was reproducible when $cfg['only_db'] or $cfg['hide_db'] are set, other one was about user being forced to input a partition count on new table create page. The fixes have been made and are released as a part of 4.6.5.1

Majority of last week was spent on refactoring and templating of various PMA_getHtml* functions apart from regular issue assessment.

Handled issues:


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at November 28, 2016 04:03 AM

November 22, 2016

Michal Čihař

Weekly phpMyAdmin contributions 2016-W46

Last week was mostly focused on our libraries. I got merged several patches to our SQL parser from Deven and I've spent quite some time on ShapeFile library, which got several improvements.

It all started with one issue being reported and it actually pushed me to fix older issue - lack of tests. Few commits later the coverage went up to 92% and several bugs were fixed on the way, as some parts of the code were simply broken and nobody has used them so far.

Handled issues:

Filed under: English phpMyAdmin | 0 comments

by Michal Čihař (michal@cihar.com) at November 22, 2016 11:00 AM

November 21, 2016

Michal Čihař

New free software projects on Hosted Weblate

Hosted Weblate provides also free hosting for free software projects. I'm quite slow in processing the hosting requests, but when I do that, I process them in a batch and add several projects at once.

This time, the newly hosted projects include:

  • Harbour AllRadio - a radio player for online streaming radio (on Sailfishos/jolla mobile)
  • Simpletask - a GTD tool for Android
  • FSearch - a fast file search utility for GNU/Linux based on GTK+3
  • Peek - a simple animated Gif screen recorder for Linux
  • QTodoTxt - a cross platform todo.txt GUI
  • Stykur - fitness journal for Android and iOS
  • walabag - a self hostable application for saving web pages

If you want to support this effort, please donate to Weblate, especially recurring donations are welcome to make this service alive. You can do them on Liberapay or Bountysource.

Filed under: English Weblate | 0 comments

by Michal Čihař (michal@cihar.com) at November 21, 2016 05:00 AM

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week12

Last week I continued with regular bug-fixing and issue investigation.

The bug reported some months back about Long Request URI in the AJAX call while browsing the results of Database search was fixed. It was partially because everything was being embedded in the href attribute of the link which was changed to use the HTML5’s data-* attributes and the Request method was changed to POST (originally GET).

Some issues (#12360, #12361) with self-injections in some scripts was also fixed and a bug reported in the SQL parser repository (#62) some months back turned out to be already fixed covered with a lot of fixes that have been made over the last three months. Though there is an issue left with

Meanwhile, while working on some issue-related files in the codebase, I tried to clean up some old commented debugging calls as well.

Next week should be ideally focused on fixing some security issues and the regular bug-fixing.

Handled issues:


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at November 21, 2016 03:06 AM

November 18, 2016

Michal Čihař

Hosted Weblate changes Git repositories URLs

Since today all Git repositories from Hosted Weblate are exported over https. The previous git URLs will continue to work for some time. The exact depreciation schedule is not yet decided as this URL might be included in various scripts and there is nothing pushing us to disable the service.

The new Git URLs are consistent with Weblate URLs, just with /git/ in the path, so for example when your project is https://hosted.weblate.org/projects/weblate/website/, you can clone it using git clone https://hosted.weblate.org/git/weblate/website/.

Another important change is for private repositories, this now requires authentication using API key. You can specify it on the clone URL (git clone https://user:key@hosted.weblate.org/git/weblate/website/) or use gitcredentials to store it separately. The API key can be obtained from your user profile API page (once you're authenticated to Weblate).

Filed under: English Weblate | 0 comments

by Michal Čihař (michal@cihar.com) at November 18, 2016 01:00 PM

November 15, 2016

Michal Čihař

Weekly phpMyAdmin contributions 2016-W45

After week of silence (and sickness) I again did some work on phpMyAdmin. Again it was mostly focused on cleaning up piled issues and pull requests and it worked quite well.

Several of them needed minor changes before they can be safely merged and they were waiting for these for several weeks. In the end I've processed most of them and merged them with needed cleanups or polishing.

Handled issues:

Filed under: English phpMyAdmin | 0 comments

by Michal Čihař (michal@cihar.com) at November 15, 2016 05:00 PM

November 14, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week11

Last week, I started by looking at some security issues and made fixes for them. The rest of the week was focused on regular bug-fixing and issue assessment.

I worked on the issue to detect wrong ordering of clauses in the queries (#22) while being parsed by the SQL parser. There were some fixes in the main repository, too. The visual query builder used to generate a wrong query in case a foreign key with more than one columns was present between the tables (#12652) and was fixed by #12689.

There was fix (#12685) for an old issue (#12257) with the Table search page being very slow, as we were issuing an extra COUNT(*) queries (for helping us decide which UI to show) which might be very slow if tables have a large number of rows. It was fixed by implementing a work around for the COUNT(*) queries to get the necessary information.

I finally got all the tests and assertions to pass with the replacement of Util::sqlAddSlashes with escapeString function of the Database Interface (which in turn calls  the inbuilt mysqli_real_escape_string ) in PR #12564, which also fixed the issue related to corrupted export of SQL (#12453). Some other minor fixes were also made and are listed in the list below.

Next week should be ideally focused on fixing some security issues, bug-fixing and some refactoring if time permits.

Handled issues:
* #12695 wrong data shown
* #12691 unnecessary ksort call in PMA_getPlugins function
* #12439 Fix html header for user properties editor
* #12542 Missing table name in account privileges editor
* #12453 exported SQL is corrupted
* #12257 search page very slow
* #12652 Visual query builder fails with foreign keys referencing more than one column
* #12687 decimal(12,2) error – rounds to decimal (12)
* #12681 Symbol $ in table names passed incorrect from “designer” to “table structure editor”
* #12651 Enter key on grid editor date field
* #12674 Unable to rename tables that start with a period
* #12684 ENUM (‘Y’,’N’)
* #22 switched WHERE and LIMIT not detected


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at November 14, 2016 05:00 AM

November 07, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week10

 

Last week was slightly calmer on the work side, since I fell ill once I got back to campus. But during the later part of the week, I worked on getting the tests to work in the old PR that was originally made to replace the custom escape functions by the escape functions like mysqli_real_escape_string provided by the PHP-MySQL connectors. This is being tracked at PR #12564 and once merged, it would also fix the issue #12453.

Meanwhile I have made some PRs (#12678, #12683) which once merged would go on to fix #12674 (which is about preventing incorrect identifiers as table names and database names) and #12681 (which is about incorrect link to table structure if table name contains $ symbol).

This week I also took out some time to refactor a small Language selection display and converted it into a template. Also, quite a lot of commits are being made in the PR #12564 itself, since a lot of tests have to be fixed. Along with this, some time was spent on

Next week I would continue to look at the bug-fixing and might also look at some security issues if the time permits.

Handled issues:
* #12680 No bind for enum values while edit table structure
* #12679 Value fields contain .php files instead of the raw value
* #12670 not bug but idea: upgrade from within phpMyAdmin
* #12671 Your Stable 4.6.4 version of phpmyadmin got a bug with enum table creation


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at November 07, 2016 06:36 AM

November 04, 2016

Michal Čihař

Weblate 2.9

Slightly behind schedule (it should have been released in October), Weblate 2.9 is out today. This release brings Subversion support or improved zen mode.

Full list of changes:

  • Extended parameters for createadmin management command.
  • Extended import_json to be able to handle with existing components.
  • Added support for YAML files.
  • Project owners can now configure translation component and project details.
  • Use "Watched" instead of "Subscribed" projects.
  • Projects can be watched directly from project page.
  • Added multi language status widget.
  • Highlight secondary language if not showing source.
  • Record suggestion deletion in history.
  • Improved intuitivity of languages selection in profile.
  • Fixed showing whiteboard messages for component.
  • Keep preferences tab selected after saving.
  • Show source string comment more prominently.
  • Automatically install Gettext PO merge driver for Git repositories.
  • Added search and replace feature.
  • Added support for uploading visual context (screnshots) for translations.

If you are upgrading from older version, please follow our upgrading instructions.

You can find more information about Weblate on https://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on https://hosted.weblate.org/ as official translating service for phpMyAdmin, OsmAnd, Aptoide, FreedomBox, Weblate itself and many other projects.

Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.

Filed under: Debian English phpMyAdmin SUSE Weblate | 4 comments

by Michal Čihař (michal@cihar.com) at November 04, 2016 11:00 AM

October 31, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week9

Last week was focused on bug-fixing in main repository and refactoring and adding some tests to the SQL parser. The parser library has now has reached unit test coverage of 99.75% as reported by the Codecov.io tool. The rest of week in which I had thought I would find less time, in fact turned out to be quite normal and I made and pushed fixes for some newer issues as well
as some issues which had been opened since a few months. I also reviewed a pull request adding a grey color for NULL cells in the result set to make it more recognizable.

Some issues in the SQL parser, for example, an issue with incorrect parsing of various types of JOINs and improper lexing of begin labels in the stored procedure statements were also fixed during the week’s bug-fixing.

Next week, I might take a look at the security issues along with the regular bug-fixing and taking up some refactoring work if the time permits. Since, I would be travelling back to campus on Monday and Tuesday, my activity might be slightly less over these two days, but I hope I would be able to make up for it during the remaining part of the week.

Handled issues:
* #12665 Cannot add a foreign key – fields not listed
* #12195 Row_format = fixed not visible
* #12228 SQL parser indicates error for Event definitions using BEGIN..END
* #12344 inapt error symbol when labeling a loop in a routine
* #12661 Error inserting into pma__history after timeout
* #12610 Export of tables with Timestamp/Datetime/Time columns defined with ON UPDATE clause with precision fails
* #12622 Javascript error from Designer
* #12664 Create Bookmark broken
* #12637 Use of a Timestamp column with a value greater than 23:00:00 is not allowed by PMA 4.6.4
* #12543 NULL results in dataset are colored grey
* #12662 Null results in dataset now colored grey (#12543)
* #12454 Query history not updated in console until page refresh
* #12365 Error on displaying total number of records when executing a select query on a table which contains large number of records
* #12656 Server selection not working
* #64 Error #57 fixed.
* #57 inapt error symbol when labeling a loop in a routine
* #93 “Natural” not recognized


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at October 31, 2016 04:51 AM

October 25, 2016

Michal Čihař

New features on Hosted Weblate

Today, new version has been deployed on Hosted Weblate. It brings many long requested features and enhancements.

Adding project to watched got way simpler, you can now do it on the project page using watch button:

Watch project

Another feature which will be liked by project admins is that they can now change project metadata without contacting me. This works for both project and component level:

Project settings

And adding some fancy things, there is new badge showing status of translations into all languages. This is how it looks for Weblate itself:

Translation status

As you can see it can get pretty big for projects with many translations, but you get complete picture of the translation status in it.

You can find all these features in upcoming Weblate 2.9 which should be released next week. Complete list of changes in Weblate 2.9 is described in our documentation.

Filed under: Debian English phpMyAdmin SUSE Weblate | 0 comments

by Michal Čihař (michal@cihar.com) at October 25, 2016 04:00 PM

Weekly phpMyAdmin contributions 2016-W42

Last week got again more focus on bug fixing. Mostly those were again hardenings on our infrastructure and Docker image, but there were some fixes as well. Overall the phpMyAdmin docker image got much better and it will be be even better with upcoming 4.6.5 release which adds some improvements to the main codebase.

Handled issues:

Filed under: English phpMyAdmin | 0 comments

by Michal Čihař (michal@cihar.com) at October 25, 2016 10:00 AM

October 24, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week8

In the last week, I could contribute slightly less as I spent some time working on the python library pcap_to_ditg (related to my research project at the university and unrelated to PMA as such). Friday and Saturday also saw slightly less activity as I was travelling home for the Diwali festivities upcoming in the next week.

While using the debugging feature of phpMyAdmin in reproducing some other issue, I managed to discover some issues with the debugging feature of phpMyAdmin as it was throwing a JS error while trying to look at the traces and arguments of the functions which were called without any arguments. I reported it and fixed the issue at #12639.

Since version 10.1.2, MariaDB has introduced password validation plugins (for ex. simple_password_check) for validating if the password provided while creating a new user satisfies the  minimum requirements or not. phpMyAdmin tried to create the new user using CREATE USER … IDENTIFIED VIA .. USING … where we used the hashed password which the validating plugins reject as they cannot check for the complexity from the hash. So, we now check if any of these plugins are active in MariaDB and provide a cleartext password in such cases.

I worked on a few JS issues which we have received regarding our TIME, TIMESTAMP, DATETIME, DATE fields’ input in phpMyAdmin’s Table Insert page and the Grid edit feature on Browse page, but the work on these is still on-going and they should be fixed in coming week(s).

Next week might have a similar focus on bug-fixing, some issue assessment of remaining unattended issues and some refactoring. I might find slightly less time next week due to festivities, but having spent slightly more than scheduled time in the first two weeks of this month, it should not be much of a problem overall.

Handled issues:
* #12650 Error when rename table with whitespace at start or end
* #12649 Bug in changing the datatype via change action
* #12533 Incorrect selected record statement counts for complex queris using group by and derived tables
* #12472 Setup issues
* #12366 Cannot create a new user (MariaDB)
* #12639 ‘Show trace’ in Console generates JS error for functions in query’s trace called without any arguments


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at October 24, 2016 03:53 AM

October 21, 2016

Deven Bansod

pcap_to_ditg Python library released

Yesterday, I packaged and released my first python library pcap_to_ditg‘s version 0.1.1.

The library can be used to convert the Packet capture files generated from Wireshark, TCPDump etc. into DITG script files. This would make it possible to read a trace file generated from any port of any topology and replay the traffic exactly onto your custom topology. I hope this would go on and help the network researchers while testing their prototypes in real traffic scenarios.

Since last semester, I had been working with Dr. K. Haribabu, who is an Assistant professor at BITS Pilani currently working on the research areas like Software Defined Networking (SDN), Hybrid and cost-effective SDN deployment, P2P networks etc. I co-authored a paper with him which was presented in July, 2016 at the International Network Conference 2016, Frankfurt, Germany. For the performance evaluation, we were in need of replicating real Network traffic and check how our prototype delivers and scales.

I researched and tried out various traffic generators mentioned in this list, but no one was fulfilling our requirements exactly. Moreover, even after one gets the real network traces (for ex, we used one here), since there is no prior knowledge of the topology of the network of the trace, it’s not very simple to replicate it as it is. So, I manually mapped the hosts and IPs in the traces to the hosts in our test topology and we decided that we would use the DITG script files to replay the traffic. Once the mapping is complete, the library would generate the script files for all our hosts, which can then be run as it is.

The library installation and usage details are available in README on Package Index page or on my Github (where mostly its future development should go on).

Share it with your friends if you know someone who might need to use it. Contributions in Pull Requests, Feature Requests, Bug reports etc. are always welcome (through Github tracker).


Filed under: Development, Re-Start Tagged: Hybrid SDN, Networks Lab, pcap_to_idt, Python Library, SDN

by Deven Bansod at October 21, 2016 09:50 AM

October 19, 2016

Michal Čihař

Gammu 1.37.90

Yesterday Gammu 1.37.90 has been released. This release brings quite a lot of changes and it's for testing purposes. Hopefully stable 1.38.0 will follow soon as soon as I won't get negative feedback on the changes.

Besides code changes, there is one news for Windows users - there is Windows binary coming with the release. This was possible to automate thanks to AppVeyor, who does provide CI service where you can download built artifacts. Without this, I'd not be able to do make this as I don't have single Windows computer :-).

Full list of changes:

  • Improved support Huawei K3770.
  • API changes in some parameter types.
  • Fixed various Windows compilation issues.
  • Fixed several resource leaks.
  • Create outbox SMS atomically in FILES backend.
  • Removed getlocation command as we no longer fit into their usage policy.
  • Fixed call diverts on TP-LINK MA260.
  • Initial support for Oracle database.
  • Removed unused daemons, pbk and pbk_groups tables from the SMSD schema.
  • SMSD outbox entries now can have priority set in the database.
  • Added SIM IMSI to the SMSD status table.
  • Added CheckNetwork directive.
  • SMSD attempts to power on radio if disabled.
  • Fixed processing of AT unsolicited responses in some cases.
  • Fixed parsing USSD responses from some devices.

Would you like to see more features in Gammu? You an support further Gammu development at Bountysource salt or by direct donation.

Filed under: Debian English Gammu | 0 comments

by Michal Čihař (michal@cihar.com) at October 19, 2016 04:00 AM

October 18, 2016

Michal Čihař

Weekly phpMyAdmin contributions 2016-W41

Last week was mostly focused on motranslator and removing it's usage of eval(). After introducing library to do the expression evaluation, I've learned that there is already existing library having all features we need - symfony/expression-language. There could be better way to learn this, but still lesson learned and I will evaluate existing libraries more carefully next time. Now the motranslator 2.0 is out without eval() and with dependency on symfony/expression-language.

Besides that there was some discussion about improving quality of our documentation translations by using automated checks. The set of such checks is already provided by Weblate, but it really doesn't cover RST markup and some improvements could be borrowed from the dennis tool.

Handled issues:

Filed under: English phpMyAdmin | 0 comments

by Michal Čihař (michal@cihar.com) at October 18, 2016 10:00 AM

October 17, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week7

The last week was again mostly focused on bug-fixing along with working on some fixes for the recently raised security issues (and so are not included in the issues listed below).

Similar to last week, I also continued looking at previously unattended and unlabeled issues on the tracker. Some fixes for #12366 (which is about using password in CREATE USER statement while the *_password_check plugins in MariaDB are active) and #12472 (which is related to wrong DSN shown in phpMyAdmin setup page with config method) are currently made as PRs to get a review before merging them.

The issue #12610 would also be fixed once the new SQL parser is released and is updated to the recent version in the main repository. I have also made the fix for #12533 but I am waiting for a feedback from the original reporter to see if it has fixed the problem as expected.

Next week might focus on bug-fixing, some issue assessment of remaining unattended issues and some refactoring.

Handled issues:
* #12638 Enum values evaluated to zero in 4.6.4
* #12338 Designer reverts to first saved ER after EACH relation create or delete
* #12634 Drop DB error in import if DB doesn’t exist
* #12633 Add ENUM column fails
* #12625 Broken Edit links in query results of JOIN query
* #12630 Generating incorrect query for table creation
* #12350 Visiting url_params is string & not array
* #92 ON UPDATE option in a field definition of TIMESTAMP type with precision is not parsed appropriately


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at October 17, 2016 04:26 AM

October 14, 2016

Michal Čihař

New free software projects on Hosted Weblate

Hosted Weblate provides also free hosting for free software projects. I'm quite slow in processing the hosting requests, but when I do that, I process them in a batch and add several projects at once.

This time, the newly hosted projects include:

Filed under: Debian English SUSE Weblate | 0 comments

by Michal Čihař (michal@cihar.com) at October 14, 2016 04:00 PM

motranslator 2.0

Yesterday, the motranslator 2.0 has been released. As the version change suggests there are some important changes under the hood.

Full list of changes:

  • Consistently use camelCase in API
  • No more relies on using eval()
  • Depends on symfony/expression-language for calculations

As you can see, yesterday announced SimpleMath is not used in the end and I've moved to use existing library. Somehow I misunderstood library description and I thought that it works as PHP, what would be problem for us (or would bring need to add parenthesis around ternary operator as we did with eval()). But this is not the case and ternary operator behaves sane in ExpressionLanguage, so we're good too use it.

Anyway if you were using MoTranslator, it might be good idea to upgrade and check if API changes affect you.

Filed under: Debian English phpMyAdmin | 0 comments

by Michal Čihař (michal@cihar.com) at October 14, 2016 04:00 AM

October 13, 2016

Michal Čihař

Announcing SimpleMath

For quite some time we've been relying on using eval() function in phpMyAdmin in two places. One of them is gettext library, where we have to evaluate plural forms and second of them is MySQL configuration advisor, which does it's suggestions based on text file (the original idea was to make this file shared with other tools, but it never really worked out).

Using eval() in PHP is something what is better to avoid, but we were using it on data we ship, so it was considered safe. On the other side, there are hostings which deny using eval() altogether (as many of exploits are using this function), so it's better to avoid that. I've been looking for options for replacing eval() in motranslator (library we use for handling Gettext MO files) for quite some time, but never found library which would support all operators needed in Gettext plural formulas.

Yesterday I finally came to conclusion that writing own library to do this is best approach. This way it can in future extended to work with Advisor as well. Also we can make it pretty lightweight without additional dependencies (what was problem in some existing libraries I've found).

To make the story short, this is how SimpleMath was born. As of now, it has grown to version 0.2 (you can use Packagist to install it). For now it's really simple and it can be probably confused by various strange inputs, but it seems for work pretty well for our case. Currently supported features:

  • Supports basic arithmetic operations +, -, *, /, %
  • Supports parenthesis
  • Supports right associative ternary operator
  • Supports comparison operators ==, !=, >, <, >=, <=
  • Supports basic logical operations &&, ||
  • Supports variables (either PHP style $a or simple n)

Maybe it will be usable for somebody else as well, but even if not, it's the way for us to get rid of using eval() in our codebase.

Update

It seems that Symfony ExpressionLanguage Component is doing pretty much same, but more flexible and faster, so SimpleMath will be probably dead soon and we will switch to using Symphony component.

Filed under: Debian English phpMyAdmin | 4 comments

by Michal Čihař (michal@cihar.com) at October 13, 2016 04:00 AM

October 11, 2016

Michal Čihař

stardicter 0.10

Stardicter 0.10, the set of scripts to convert some freely available dictionaries to StarDict format, has been released today. There are mostly minor changes and it's time to push them out in official release.

There is one change worth mentioning though - the original site for English - Czech dictionary (http://slovnik.zcu.cz/) has stopped to work and has been moved to https://www.svobodneslovniky.cz/. Hopefully this new location will live at least as long as the original one and will bring back new contributors (honestly the original dictionary gained mostly spam entries in last months). The dictionary data are now hosted in Git repository on GitHub.

Filed under: Debian English StarDict | 0 comments

by Michal Čihař (michal@cihar.com) at October 11, 2016 04:00 PM

October 10, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week6

 

The last week started with some fixes for the recently raised security issues. As I am slightly new to the security fixes, the team would be reviewing those fixes, accepting them and/or suggesting changes.

Along with the security work, normal bug-fixing work was also on its schedule. I took up issue assessment and tried to reproduce and classify (using the Github tracker labels) the open issues which were not yet replied-to or were unlabeled yet. This would help the developers to actually keep track of any remaining important issue which might have been lingering due to it being missed the first time it was raised.

A bug in exporting of results of UNION and JOIN queries was fixed and it should work without any errors. The problem was mainly because some queries might actually not have the FROM clause, but we were running the alias replacement code for each and every query without making sure if the FROM clause actually exists or not.

Some time was spent on working towards the PR #12564 which is regarding replacing the custom escaping function with the MySQLi connector provided mysqli_real_escape_string. It has a lot of changes involved and almost every other test has to be modified a bit. Hopefully, I would be done with it by the end of this week.

Next week might focus again on bug-fixing, some issue assessment of remaining unattended issues and some refactoring.

Handled issues:
* #12624 “Continue Insertion with … Rows” copies content from last row
* #12623 Creating Table with Decimal only honors first value
* #12620 Error 500 click on any table to view data
* #12621 Bug with Decimal Columns
* #12619 Unable to export csv when using union select
* #12362 prefs_manage.php can leave an orphaned temporary file
* #12618 bug in 4.6.4: wrong “Preview SQL”
* #12569 Import.php throws error message twice on the screen
* #12440 Fix #12419 wrong description on GRANT option of table/routine privileges
* #12613 Precision is ignored for any field type
* #12179 saving a bookmark with several queries produces one entry per query in pma__bookmarks
* #12327 Create PHP code no longer works
* #12455 Query history stores separate entry for every letter typed
* #12612 Test failure since update to SQL parser 3.4.9
* #12080 Parse error using subquery in from list
* #12316 Exporting with JOIN removes everything between FROM and WHERE
* #11740 DELETE … USING
* #12100 SQL parser doesn’t understand CASE operator
* #12602 Wrong privileges grant on wildcard name for new user (missing escaping)
* #12189 Count for result is wrong when joining and outputting from only 1 table
* #91 Syntax error in ‘Discoverying query type’ example (missing semicolon)


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at October 10, 2016 05:06 AM

October 03, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week5

 

Even though the list of handled issues seems a bit smaller for this week, the week was in no way less intensive than the previous ones. A large number of issues namely #12455, #12569, #12179, #12327, #12316, #12080, #11740, sql-parser’s #52 are in queue to be fixed along with the ones reported below which are already fixed.

A major breakthrough for this week’s parser activity was that the SQL parser would now (once the PR #90 is merged) be able to parse the queries which have sub-queries in the FROM clause. This had been a long-standing bug in the parser and had been reported multiple times both in the main repository’s as well as SQL parser’s tracker.

The parsing for CASE expressions in SELECT statements and for various forms of the DELETE statement would also be added once #88 and #87 are merged. An issue with wrong replacement and then building of a SQL statement that did not have FROM clause at all was causing a problem while exporting results of such a statement and was fixed.

Next week might divide the focus between some security issues, regular bug-fixing and I might take up some refactoring if the time permits.

Handled issues:
* #12189 Count for result is wrong when joining and outputting from only 1 table
* #12609 LIMIT and OFFSET don’t work with JOIN statement
* #12600 Error after creating ENUM fielda
* #12579 phpMyAdmin’s export of a Select statment without a FROM clause generates Wrong SQL
* #12404 Remove collation options
* #12589 BUG: wrong SQL generated for DECIMAL field length


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at October 03, 2016 05:55 AM

September 27, 2016

Michal Čihař

Weekly phpMyAdmin contributions 2016-W38

Last week was again mostly spent on reviewing pull requests and screening issues. This little housecleaning work is sometimes surprisingly time consuming :-).

Besides that I've again reviewed potential security weaknesses in our process reported by Emanuel Bronshtein. This lead to various hardenings in our Docker container, Debian packages or our website. There are still places to improve, but we're getting better with every commit.

Additionally there was release for motranslator and SQL parser, both of these are now properly listed on GitHub releases page.

Handled issues:

Filed under: English phpMyAdmin | 0 comments

by Michal Čihař (michal@cihar.com) at September 27, 2016 10:00 AM

September 26, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week4

 

Last week, the focus of the work was again divided between the bugs in the main repository and the SQL parser.

Some bugs with Export of view definitions was fixed and later was found to be actually a bug in parser’s building of CREATE statement. We also moved to disabling the Drag-and-drop import on the Insert Rows page if the page has a file type input so that the users could use Chrome’s default drag-drop feature which allows them to drop files directly on the input.

Some refactoring work was also undertaken which mainly was regarding removal of unnecessary embedding token parameter and its value by default in the links in navigation. This was no longer needed since the team had previously decided to check for the token in only POST requests.

Next week would mostly again focus on SQL parser’s bugs which have been tracked in the main repository and I may also try and fix some long outstanding bugs in the main repository.

Handled issues:
* #12587 Enum Types are replaced with 0
* #12461 Can’t Execute SQL With Sub-Query Due To “LIMIT 0,25” Inserted At Wrong Place
* #12577 ‘Forgets’ current table after a custom SQL execution
* #12321 Wrong query in errormessage
* #12382 Bug in zoom search
* #12575 New index Confirm adds whitespace around the field name
* #12242 Edit routine detail dialog does not fill “Return length” field in mysql functions
* #12572 $cfg[‘AllowArbitraryServer’] = true has no effect
* #12298 View definitions not exported
* #12300 Export selective tables by-default dumps Events also
* #12487 Drag and drop import prevents file dropping to blob column file selector on the insert tab
* #12526 Remove ‘token’ parameter from Navigation links
* #12530 Function “Edit routine” crashes when the current user is not the definer, even if privileges are adequate
* #12554 Absence of scrolling makes it impossible to read longer text values in grid editing
* #12565 German Translation under Replication is wrong


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at September 26, 2016 07:04 AM

September 20, 2016

Michal Čihař

wlc 0.6

wlc 0.6, a command line utility for Weblate, has been just released. There have been some minor fixes, but the most important news is that Windows and OS X are now supported platforms as well.

Full list of changes:

  • Fixed error when invoked without command.
  • Tested on Windows and OS X (in addition to Linux).

wlc is built on API introduced in Weblate 2.6 and still being in development. Several commands from wlc will not work properly if executed against Weblate 2.6, first fully supported version is 2.7 (it is now running on both demo and hosting servers). You can usage examples in the wlc documentation.

Filed under: Debian English SUSE Weblate | 0 comments

by Michal Čihař (michal@cihar.com) at September 20, 2016 04:00 PM

Weekly phpMyAdmin contributions 2016-W37

Last week was heavily focused on reviewing incoming code, mostly on our SQL parser. Thanks to several contributions we have made it even better.

The SQL parser s releases now include list of changes, so you can easily see what has been changed. While touching the SQL parser code, I've added some missing bits in testsuite code coverage and we're now really close to 100%.

Another useful thing for our library users is API documentation which is now available at https://develdocs.phpmyadmin.net/. It covers all libraries we've recently released (motranslator, sql-parser and shapefile).

Handled issues:

Filed under: English phpMyAdmin | 0 comments

by Michal Čihař (michal@cihar.com) at September 20, 2016 12:00 PM

September 19, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week3

 

Like the previous two weeks, I focused on fixing issues with the SQL parser in the first part of the week, while the later part of the week was focused on bug-fixing in the phpMyAdmin repository.

Some PRs that I had made two weeks back in the SQL parser got merged last week after a few alterations. Michal realized there was a bug in parsing the syntax of INSERT INTO … SELECT … ON DUPLICATE KEY as the call to parse SELECT statement would not break on finding the ON DUPLICATE KEY keywords. A different condition check had to added for this special case in parsing of Select statement. Spatial extension support (for ex. POINT, GEOMETRY datatypes) was added to the SQL parser.

Some bugs related to bad export and bad SQL generated in copying the databases with Generated/Virtual columns were indirectly  related to the SQL parser and were fixed. There are some differences in MySQL and MariaDB regarding the implementation of virtual columns, but we chose an approach which would work fine with both the DBMSs.

Next week might be a little break from direct SQL parser’s issues and might focus on parser issues originating from the main repo along with other bugs that have not been attended in the main repository.

Handled issues:
* #12272 Adding a new row with default enum goes to no selection when you want to add more then 2 rows
* #12320 Copy a user does not copy user group
* #12221 Bad table export in case of generated columns
* #12518 Unable to copy database with virtual generated columns… / MySQL Error #3105
* #12558 Cannot redeclare pma_tableheader()
* #12473 Code can throw unhandled exception
* #12549 Action : copy table with new prefix doesn’t keep the auto increment value
* #11628 INSERT … ON DUPLICATE KEY
* #48 REPLACE INTO … SELECT … not implemented
* #78 INSERT … SELECT … ON DUPLICATE KEY UPDATE broken
* #59 Non-reserved keywords should be allowed as a field name
* #72 Query with keyword field name built wrong
* #73 INSERT … SELECT Syntax
* #50 Unrecognized keyword ON, DUPLICATE and KEY
* #74 SET NAMES … Syntax
* #51 SET statement not properly parsed
* #55 Missing spatial extension support


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at September 19, 2016 05:25 AM

September 13, 2016

Michal Čihař

Weekly phpMyAdmin contributions 2016-W36

by Michal Čihař (michal@cihar.com) at September 13, 2016 10:00 AM

September 12, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week2

Last week was a second in working towards my phpMyAdmin contract. It was mostly focused on fixing some issues with the SQL Parser. I also handled some bugs with the main repository which included #12545, which was actually fixed in SQL Parser’s repository as it was more of a parser issue in building of the CREATE statement.

Apart from the ones mentioned in the list below, I also worked on some other issues and have made the PRs #70, #71, #75 and #12544, #12548, which would fix a few more issues once merged.

Next week would have its focus divided on similar lines with major contributions towards the SQL Parser bug-fixing and some small fixes in the main repository as well.

Handled issues:
* #12551 Can’t set Decimal Places on Columns
* #12545 Partition export INNODB syntax error “MAXVALUEENGINE=,”
* #12546 can’t export all tables to .sql file
* #12531 Properly flag queries as DROP DATABASE
* #49 CREATE TABLE table_copy LIKE table;
* #53 ALTER TABLE table COMMENT=’Comment of table’;
* #10 ignore missed semicolons
* #65 Allow two indexes on same column
* #61 Add dependency on mbstring extension to composer file


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at September 12, 2016 04:21 AM

September 05, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week1

This week (or rather a half-week since I started only on Thursday, 1st Sept) was the first as a part of my phpMyAdmin contractor position. This post describes the major contributions that I did over this week. I would be regularly posting (mostly on Mondays) about the work carried out as a part of the contract in the previous week.

Last week, I started out with some fixes in the main repository along with focusing on the SQL parser trying to understand the parser’s codebase as I was completely new to its development.

After the decision to not include the ‘Token’ parameter in the GET requests URLs was committed, some functionalities, which used AJAX requests, were broken as the token parameter was not passed in their POST request, leading to a ‘Token mismatch’ error. I fixed this by inspecting all the Ajax POST requests that the code makes and adding a ‘Token’ parameter, if it did not exist.

I worked on the SQL parser and tried to reproduce and fix some basic errors in parsing of statements. Since I was not very sure of the fixes, I have made a couple of PRs (#66 and #67) and I hope someone can help me by reviewing it before merging.

While trying to reproduce the issue related to incomplete flagging of DROP DATABASE statements in SQL parser, I realized that in fact the parser would identify those statements correctly but the flags wer not being used appropriately inside phpMyAdmin’s codebase. I have made a PR (#12532) to fix this as well.

Next week’s focus would be similar with divided focus on some bugs and refactoring issues from phpMyAdmin and on resolving some issues with the SQL parser. Hopefully more issues would be fixed once the PRs I have made are merged.

Handled issues:
* #12534 Option for the dropped column is not removed from ‘after_field’ select, after the column is dropped
* #12535 Decimals get removed when editing the field
* #12529 Error with ‘enum’ type fields
* #12523 Add ‘token’ Parameter in all POST requests (Fix ‘Token mismatch’ errors)
* #12474 Broken links in Setup forms Navigation
* #12494 Can’t add new user
* #12525 SQL Error while adding enum column
* #54 Properly flag queries as DROP DATABASE


Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at September 05, 2016 09:05 AM

September 01, 2016

Deven Bansod

Accepted as phpMyAdmin Contract Developer!

I had taken a long break from posting, my last post being about my inclusion into the phpMyAdmin’s development team and its Project Leadership Committee (PLC).

I am writing this post to share a great news that I have been accepted for the position of Contract Developer at phpMyAdmin and would be starting the contract work from tomorrow i.e. September 1st, 2016.

The original notification that phpMyAdmin is looking to hire a contract developer for working on the project’s code was posted on June 9th, 2016. I had made an application for the position (I was temporarily removed from the phpmyadmin’s mail alias, so that the application process is completely fair for all applicants). I got a confirmation of my selection from Tony Sebro at Conservancy on June 15th.

The date of commencement of the contract is September 1st, 2016 and the contract spans for 1 year. My time would be divided amongst variety of tasks with major focus on bug-fixing and refactoring of the codebase, while I would occasionally deal with the security issues that are raised through our security team. I may also take up implementation of some small new features as and when the time permits. I would be posting weekly reports (as I did in my GSoC 2015) here on the blog describing my work during a particular week.

Madhura and Michal both have (Michal is currently working, too) previously worked as Contract developer’s at phpMyAdmin and they surely have set high standards of work. I would surely try to match their set standards.

I am excited and nervous to begin the journey. Wish me luck!🙂


Filed under: Contract Weekly Report, phpMyAdmin, Re-Start Tagged: Contract Developer, Excitement, phpMyAdmin

by Deven Bansod at September 01, 2016 05:10 AM

April 08, 2016

Madhura Jayaratne

phpMyAdmin work during twenty fifth, twenty sixth and twenty eighth weeks

This is my final blog post reporting about the work I have carried out under the phpMyAdmn developer contract. However, I will continue to contribute to phpMyAdmin in a voluntary basis.

During the period, my focus was solely on bus fixes. This was mostly due to the continuous stream of bugs we were receiving and most of the bugs were related to the newly released 4.6 version. 

Following are the bugs fixes during the period.

issue #12092 Rename exported databases/tables doesn't seem to work
issue #12099 Undefined index: controllink
issue #12094 PHP Fatal error: Call to undefined function __()
issue #12116 Fulltext indexes are not copied when using copy database function
issue #12125 Cannot highlight a column if I scroll down from the top of the table
issue #12132 Can not open table with JSON field
issue #12143 Cannot login with certain password

Additionally, I attended to the following bugs.

issue #12088 Improper comment creation and escaping with Percona 5.7 (` instead of ', extra "AS")
issue #12091 Import file does not working when data have \' (4.6.0rc2)
issue #12101 Change or remove "Slave replication" "Reset slave"
issue #12104 Copy Database no longer working
issue #12115 Relations vs Orphans
issue #12139 Import Export error
issue #12130 Error for Browser when got error 500
issue #12149 Class 'PMA_Util' not found

Moreover, I attended to following pull requests as well.

issue #12113 Add new server variables
issue #12136 Fix offering JSON datatype in incompatible MySQL versions

by Madhura (noreply@blogger.com) at April 08, 2016 03:27 AM

March 13, 2016

Madhura Jayaratne

phpMyAdmin work during twenty third and twenty fourth weeks

I  engaged in a mix of bug fixes and improvements (including refactoring) during the fortnight. The bugs fixed and attended are as follows.

Bugs fixed
issue #12073 Hide edit and delete buttons when the results are not related to a table
issue #12085 Like search strings being escaped incorrectly

Bugs attended
issue #12071 Syntax error in PMA, not at command line client
issue #12074 Invalid export
issue #12087 Add support for JSON data type (in MySQL 5.7)

I went on to refactor the code that handled bookmarks. I used object orientation and updated the existing unit tests to suit the refactored code. Moreover, I updated the metro theme to be compatible with the upcoming 4.6.0 version, so phpMyAdmin has, at least, one additional theme compatible with the new version.

Refactoring
Clean up dead code
Refactor bookmark handling code

Other improvements
Update metro theme to be compatible with 4.6.0

by Madhura (noreply@blogger.com) at March 13, 2016 02:21 AM

March 01, 2016

Madhura Jayaratne

phpMyAdmin work during twenty first and twenty second weeks

The work carried out during the two weeks was very diverse. I attended bug fixes (primarily), feature requests, documentation and questions, security issues, pull requests and code improvements in general.

The bugs fixed and attended during the period are,
Bugs fixed
issue #11964 Undefined index: TABLE_COMMENT in database structure page
issue #11969 Missing confirmation while dropping a view in view_operations.php
issue #11977 Table name is not recognized by parser in DROP INDEX statement
issue #11979 DECLARE not accepted as valid SQL
issue #12017 Cannot easily select multiple tables when exporting
Fix SQL syntax highlighting in database search page

Bugs attended
issue #11965 Deprecation Notice: StringReader has a deprecated constructor
issue #11982 Row count wrong when grouping joined tables

Additionally, following feature request was implemented and code improvements were performed.

Feature requests
issue #12017 Cannot easily select multiple tables when exporting

Improvements
Use back quotes around table names in confirmation messages
Fix coding style violations

Meanwhile, I also attended to pull requests submitted mainly bu GSoC aspirants.

Pull requests attended
issue #32 Fix Row count wrong when grouping joined tables, phpmyadmin/phpmyadmin#11982
issue #12036 Fix for wrong mysql_upgrade message on Users tab with Percona Server 5.7

Documentation and Questions
issue #11970 Can you add an option to remove UUID for primary keys?
issue #11972 Missing documentation for $cfg['Servers'][$i]['favorite'] and $cfg['NumFavoriteTables']

Towards the end of the month, we received two detailed reports on vulnerabilities in phpMyAdmin and I contributed by coordinating, and fixing the vulnerabilities.

Security issues
issue #12 1.3 XSS in tbl_type parameter [PMASA-2016-12]
issue #13 1.4 XSS in normalization.php [PMASA-2016-12]
issue #14 1.5 XSS in normalization.js [PMASA-2016-12]
issue #15 1.6 XSS in normalization.js [PMASA-2016-12]
issue #25 XSS in normalization.js [PMASA-2016-12]
issue #26 XSS in User accounts page [PMASA-2016-11]
issue #27 XSS in Central columns page [PMASA-2016-12]
issue #28 XSS in Zoom search [PMASA-2016-11]

by Madhura (noreply@blogger.com) at March 01, 2016 04:10 AM

February 14, 2016

Madhura Jayaratne

phpMyAdmin work during nineteenth and twentieth weeks

During the nineteenth and twentieth weeks, I was away from work between 2nd Feb to 10th Feb. However, during the rest of the days, I engaged in both code refactoring and bus fixes. Early on the fortnight, I refactored the server binary logs page to use the MVC architecture. This included introducing a controller class, using templating and updating unit tests.

Code refactoring
Refactor server binary logs page to use MVC architecture

In terms of bugs, following bugs were fixed and more bugs were attended.

Bugs fixed 
issue #11909 Can't insert row into table that contains generated column
issue #11911 Inserts via tbl_change.php in VARBINARY columns does not allow using HEX() and MD5()
issue #11923 Errors on Structure tab when user only has select access on certain columns
issue #11942 Change column action takes ages

Bugs attended
issue #11922 Browse fails with users who have only column privileges for some columns
issue #11434 Class 'SqlParser\Lexer' not found (OS X)

by Madhura (noreply@blogger.com) at February 14, 2016 11:03 PM

February 01, 2016

Madhura Jayaratne

phpMyAdmin work on sixteenth week

I was continuing on my year-end break on fifteenth week and did not work during the week, except for 2 hours on 4th January. So this report includes work carried out during the sixteenth week.

During the week, I concentrated solely on bug fixes since there were a sizable number of bugs being reported. Most of the bugs fixed were regressions. For example, #11771 and #11846 were only present in latest git version and was due to refactoring and JS library updates respectively.

The complete list of bugs fixed and investigated are as follows,

Bugs Fixed
issue #11771 Transformation column path problem
issue #11772 Table pagination does nothing when session expired
issue #11810 'Add to central columns' in tbl_structure.php (per column button) nothing happens
issue #11814 SQL comment and variable stripped from bookmark on save
issue #11840 Index comments not working properly
issue #11846 Grid editing window is disabled the second time
issue #11854 Undefined property: stdClass::$releases at version check when disabled in config

Bugs Investigated
issue #11712 "Browse Foreign Values" Search broken across databases in 4.5.2
issue #11713 Not receiving notifications for updates
issue #11842 Fractional timestamp not supported
issue #11843 Fractional timestamp causes corrupted SQL export

by Madhura (noreply@blogger.com) at February 01, 2016 09:04 PM

phpMyAdmin work during seventeenth and eighteenth weeks

My work during these two weeks concentrated pretty much on the security vulnerabilities that were reported. We received two lengthy reports on a number of security vulnerabilities which included cross-site scripting, full path disclosure, weaknesses in token generation and comparison etc. Altogether these vulnerabilities resulted in 9 PMASAs taking into the different combinations of phpMyAdmin versions they affected.

I contributed by fixing some vulnerabilities, testing security patches, porting some fixes done by others developers to older branches, preparing PMASAs and coordinating with the reporter, CVE team and phpMyAdmin security team.

The latter part of the fortnight was spent on fixing two regressions introduced by the security releases. 
issue #11891 Error with PMA 4.0.10.13 with PHP 5.2
issue #11892 Error with PMA 4.4.15.3

Moreover, following bug was fixing during the two weeks.
issue #11881 Full processlist lost on refresh


by Madhura (noreply@blogger.com) at February 01, 2016 09:04 PM

January 02, 2016

Madhura Jayaratne

phpMyAdmin work during twelfth, thirteenth and forteenth weeks

With my personal engagements and summer break, I worked only for 13 hours during the three weeks. During the period, I was mostly engaged with refactoring work and improving the unit testing. 

Continuing from the last couple of weeks, I refactored the server plugins page to use the MVC architecture. Code segments that were previously in a library file were moved to a controller class and instance variables were introduced as required. The view was changed to use templating and unit tests were updated to match the new classes.

I also went on to improve the unit testing by introducing a parent class to all the unit tests. With the new class, configuration values are reset to their default values for each test class. The idea was to make unit tests independent from changes made to configuration values in other unit tests. Meanwhile, unnecessary configuration values assignments in tests were removed.

Additionally, following bugs were investigated during the period.

Bugs Investigated
issue #11743 Display routine-specific privileges under Database > Privileges
issue #11751 Bug when export template is selected

by Madhura (noreply@blogger.com) at January 02, 2016 12:22 PM

December 12, 2015

Madhura Jayaratne

phpMyAdmin work during tenth and eleventh weeks

During the two weeks most I attended a mix of bug fixing, implementing new features, refactoring and unit test improvements.

I did not realize that some of the unit tests were not running as part of the test suite unit Michal pointed out and included them. However, this caused quite some test failures as most of the recently added and updated tests had not been running. These were fixed at the very beginning of the period.

Unit Testing
Fix unit test failures related to refactoring

Quite a number of bugs were fixed during the two weeks and some more were investigated. Following are the list of bug fixes attended.

Bug Fixes
issue #11701 Show create procedure SQL
issue #11706 Database export template not saving compression option
issue #11710 Unable to add/remove `on update CURRENT_TIMESTAMP` option while editing a timestamp field
issue #11724 Temporary fix for live data edit of big sets is not working
issue #11728 CSV import skip row count after
issue #11732 Exporting feature does not work with union table
Exclude db name in SQL when relations are made between table in the same db
Buffer pool and InnoDB status details are not shown for InnoDB

Bug Investigations
issue #11722 Excel import improper handling of dates/times
issue #11732 "Browse Foreign Values" Search broken across databases in 4.5.2
issue #11734 No result shown, if writing statement, comment, single select

Inbility to reorder parameters of routines had bothered me in the past. So, as requested in issue #11701, I implemented the ability to do this.

Feature Enhancements
issue #11701 Allow changing parameter order of routines

Moreover, continueing the refactoring effert from last fortnight I went on to refactor server engines page. This involed introducing a controller class and using templating to adhere to MVC pattern. Unit tests were also updated to match the new classes.

Refactoring
Refactor server engines page to use MVC pattern 

by Madhura (noreply@blogger.com) at December 12, 2015 10:51 PM

November 29, 2015

Madhura Jayaratne

phpMyAdmin work during eighth and ninth weeks

Last two weeks were dedicated completely to code refactoring where I converted a couple of server level page to MVC architecture. This is a continuation of what started during the last GSoC where we started to take up MVC architecture.

I started with server_variables.php page and created a new controller named ServerVariablesController to handle all interactions from the page. Refactoring included moving the HTML generation to 'View' (using templating) and organizing previous functions into methods and introducing instance variables where appropriate. 

Server databases page was also refactored in a similar manner. Additionally, the functionalities of display_create_database.lib.php, db_create.php and build_html_for_db.lib.php were integrated into the new controller. Moreover, some functionalities that supported both ajax and non-ajax behavior (that used to facilitate scenarios with JavaScript disabled) was simplified. Towards the end of the period, server charsets page was refactored in a similar manner.

Code refactoring
Refactor server variables page to use MVC architecture
Refactor server databases page to use MVC architecture
Simplify database dropping
Merge the functionalities of display_create_database.lib.php, db_create.php and build_html_for_db.lib.php into ServerDatabasesController
Refactor server charsets page to use MVC architecture
Organize controllers into a better package hierarchy

I also engaged in fixing coding style violations, both introduced by refactoring as well as the ones that already existed. Further, I updated the test suite to account for newly introduced controller classes and now removed functions.

Coding style improvements
Fix coding style violations

Unit testing
Update unit tests for new controller classes

by Madhura (noreply@blogger.com) at November 29, 2015 08:05 PM

November 23, 2015

Madhura Jayaratne

phpMyAdmin work during sixth and seventh weeks

During the two week I attended to a combination of bugs, features/improvements, code refactoring as well as code quality improvements. However, most of the time was spent on bugs as there were number of bugs being reported. Following are the bugs fixed and investigated during the two weeks.

Bugs fixed
issue #11476 Errors instead of git info when PHP has no gzip support
issue #11630 Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given
issue #11632 Exporting GIS visualization ignores start and row count
issue #11639 Bug with the MainBackground Color
issue #11647 Restrict configuration NavigationTreeDbSeparator to strings
Indicate when there are no parameters for parameter binding in SQL query box
Profiling checkbox is missing

Bugs investigated
issue #11637 "AS" from the main table of the query is being deleted when you are exporting a query
issue #11651 Issue while creating tables
issue #11659 Totally turn off autocomplete and sql syntax check

Among the new features implemented, issue #11641, which requested to disable one of the relational features, was discussed during the team meeting and it was suggested to use a special value for the same configuration directive to disable the feature. This was implemented targeting future 4.6 release. Additionally, as part of minimizing the upload footprint, GIS features were adjusted to function without bulky OpenLayers library. Moreover, profiling chart now uses the generic charting mechanism which facilitate moving to a new charting library with less hassle.

New features/Improvements
issue #11641 Ability to disable the navigationhiding Feature
issue #11654 Use a slider for Internal relations
Make OpenLayers library optional for GIS visualization
Link license.php
Use generic charting mechanism for profiling chart as well

Additionally, following refactoring and code quality improvement work was carried out during the period.

Code Refactoring
Refactoring GIS visualization page
Move controllers to appropriate packages

Code quality
Fix style violations in JS code

by Madhura (noreply@blogger.com) at November 23, 2015 12:35 AM

November 11, 2015

Deven Bansod

Cherry on the cake!

As I had posted in the last post, I successfully completed my Google Summer of Code 2015 with phpMyAdmin and today, I was unanimously accepted into the development team of phpMyAdmin, which is also its Project Leadership commitee (PLC).

I will continue to contribute to the project with new features, bug-fixes, testing patches and more, thus giving back to the community as much as I can.

Finally, I would like to thank the whole team for extending the invite. I am indeed honored to be a part of the team.🙂

Looking forward to meeting the whole team in person!

 


Filed under: phpMyAdmin Tagged: phpMyAdmin, Team Invite

by Deven Bansod at November 11, 2015 06:11 PM

November 08, 2015

Madhura Jayaratne

phpMyAdmin work during first and second weeks

I started my second year as a contract developer for phpMyAdmin project on 1st of October 2015. However, this year I have limited my hours, working only on part time basis. I hope to work for 20 hours a week. Since there were only two days on the first week I am combining the work done on the first week with that of the second. 

The first two weeks was totally focused on bug fixes since there was a constant steam of bugs from the newly released 4.5 version. Most of the bugs were related to the rewritten parser and I got good insight on the new parser while trying to fix some of these bugs. Following are the bugs fixed.

Bug fixes
issue #11521 Notice of undefined variable when performing SHOW CREATE
issue #11522 Strange behavior on table rename
issue #11526 Foreign key to other database's tables fails
issue #11539 Rename table does not result in refresh in left panel
issue #11544 Notices about undefined indexes on structure pages of information_schema tables
issue #11546 "Visualize GIS data" seems to be broken
issue #11548 Confirm box on "Reset slave" option
Fix notices while changing from HASH type to RANGE type
UI does not support inserting multiple values for JSON functions
Tracking does not make sense for information_schema
Fix cookies clearing on version change

Moreover, following bugs were investigated during the period.

Bugs investigated
issue #11515 Multi source replication is not recognized
issue #11538 Copy multiple tables to database
issue #11536 Format of exports looses SQL on 2nd export
issue #11547 "distinct" removed from query while query result export to excel

I plan to spend more time on refactoring in the coming weeks.

Leave days - 7th Oct

by Madhura (noreply@blogger.com) at November 08, 2015 07:36 AM

November 01, 2015

Madhura Jayaratne

phpMyAdmin work during third, fourth and fifth weeks

I did not engage in phpMyAdmin development work during the fourth week while I was less active during the third week due to personal engagements. So, here is a combined blog post for third, fourth and fifth weeks.

During the period I worked on fixing the bugs reported by users as well as those reported by the automated error reporting mechanism. I cleaned up automatically reported errors by exporting them to GitHub tracker, linking them where necessary and by fixing them. Following are the bugs fixed and investigated during the period. 

Bugs Fixed
#11551 Fatal error when switched to master from QA_4_5
#11594 'only_db' config option bug when db names contain underscore and are grouped
#11603 Namespace clash for class Error
#11606 PMA_Util not found when changing password
#11607 Unable to change password from Login information tab
#11610 Undefined variable: res_rel
#11611 Warning while exporting schema to PDF
#11612 Undefined index: new_row_format
#11614 Undefined variable: db
#11617 Getting real row count is not allowed for views
#11622 Reloading privileges is not allowed

Bugs Investigated
#11556 Cannot create table, please enter a valid length keeps coming up
#11568 Erroneous handling of tables with FKs to other databases
#11577 Table aliases ignored when using intellisense
#11583 Cross DB foreign key constraints results in undefined offsets

A security issues was reported during the period and I contributed by coordinating and generating security announcements.

Security Issues
Content spoofing Issue in phpMyAdmin

Additionally, I engaged in some code refactoring and code quality improvements. Refactoring was on `DatabaseStructureController` as highlighted by Marc due to long method lengths. Moreover, unit tests related to PHP classes were renamed to be consistent with the corresponding names of the classes they are testing.

Refactoring and code quality improvements
Refactor DatabaseStructureController
Fix issues reported by PHPCS
Fix issues reported by JSLint

Unit testing
Rename and organize test classes

Feature enhancements
Add supported file format for Archive storage engine

by Madhura (noreply@blogger.com) at November 01, 2015 10:00 AM

September 27, 2015

Madhura Jayaratne

phpMyAdmin work during fiftieth and fifty first weeks

During these two weeks I worked relatively lesser number of hours and had to take a couple of days off. So, I am combining the work done during the two weeks to a single blog post.

During the two weeks I concentrated mostly on feature enhancements. Two major features were implemented during the period. First of them is the ability to specify the routine level privileges and I noticed that this feature is missing when I went though the MySQL GRANT syntax. Even though this sounded easier when I started working on it, it took two full days to complete the feature. This was mostly due to the code quality of the related code segments. So, I'd put server_privileges.php file as one of the key places where refactoring can help.

The second major feature is the UI to define partition definitions. Existing create table UI has only a text area to define the partition definition. Someone who is not familiar with partition syntax would not be able to do this with the old UI. The new UI allows specifying partitioning parameters and parameters for each partitions. Additionally, I worked on making the metro theme compatible with the 4.5 version. I had accumulated commits for this for sometime. During the two week I did the final touches and the pull request was merged.

Feature enhancements
Issue #11479 Allow setting routine wise privileges
Issue #11490 UI for defining partitioning in create table window
Pull #6 Metro theme for future version 4.5
Add server plugins page
Minor UI improvements to the User accounts page

Additionally, following bugs were fixed during the two weeks.

Bugs fixed
Issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
Issue #11475 Warnings linked to Drizzle
Issue #11487 Warning when entering Query
Issue #11491 Propose table structure broken
Do not suggest upgrading when there is no compatible versions

Leave days : 17th, 23rd

by Madhura (noreply@blogger.com) at September 27, 2015 09:53 PM

September 14, 2015

Madhura Jayaratne

phpMyAdmin work during forty eighth and forty ninth weeks

I am combining two weeks of work into this blog post. I took 3 days off work (on 1st, 7th and 11th of September) and this is mostly why I am combining work of two weeks.

Following are the bugs fixed and investigated during the period.

Bugs fixed
Issue #11445 MySQL 5.7 and Status page for an unprivileged user
Issue #11446 MySQL 5.7 and Variables page for an unprivileged user
Issue #11450 Validation fails when using functions
Issue #11451 Designer-Bug in move.js on multiple server configuration
Issue #11454 Find and replace is broken
Issue #11457 414 Request-URI Too Large
Issue #11461 Foreign key constraints for InnoDB tables with upper-case letters disabled

Bugs investigated
Issue #11453 Paste command is gone in 4.4
Issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
Issue #11470 Impossible to cancel "Drop files here" overlay

Issue #11445 and #11446 was due to permission changes introduced in MySQL 5.7 which prevented unprivileged users from issuing SHOW commands. Issue #11454 was a regression in upcoming 4.5 version this was fixed for the release candidate. Issue #11461 was tricky to fix, however only affected the apple users.

With regard to feature enhancements, the major change was the removal of Drizzle support. Development of Drizzle has been abandoned for years and hence support for Drizzle will be removed from version 4.6.  Most of the development work of issue #6297 was carried out during earlier weeks. However, it was during this period the pull request got merged.

Feature enhancements
Issue #6297 Use GET only for read only operations
Issue #11456 Disabled storage engines
Remove Drizzle support from master branch
Mark default storage engine

A security vulnerability was reported after some time during the two weeks. The vulnerability was in code related to reCaptcha test which is an additional opt-in security feature provided in phpMyAdmin.

Security fixes
Fix reCaptcha bypass

by Madhura (noreply@blogger.com) at September 14, 2015 12:43 PM

August 29, 2015

Madhura Jayaratne

phpMyAdmin work during forty fourth and forty fifth weeks

I took leave on first three days off on forty fourth week to visit Anuradhpura and here I am combining the work done on the rest of the two days with the work done on the forty fifth week in to a single blog post.

During the two weeks I continued to QA the development version to identify any bugs arising from the ongoing developments. So, most of the bugs were fixed in the master branch. Additionally I fixed two incompatibilities with PHP7 in the stable version of phpMyAdmin. Both these incompatibilities were in third party libraries we use and these libraries were upgraded and tested.

Bugs fixed
#11345 Token mismatch error
#11349 Table list doesn't expand when current table on different page
#11364 JS error when trying to navigate to db structure page after db creation failed
#11382 Selecting values for set field throws JS error
#11389 ReCaptcha produce deprecated messages under PHP 7
#11387 phpseclib < 2.0 produces deprecated messages on PHP 7
Fix - Counting real number of rows always return zero
Fix - Index list not updated upon dropping a column

Bugs investigated
#11384 Query formatting adds space between ! and =

The highlight in terms of feature enhancements is the improved partition support. Now you can view all the details related to table partitions and sub partitions in the table structure page. Moreover, all the partition operations can be performed from there. 

Additionally, I improved the cache invalidation on version upgrade. With the new page loading introduced in version 4.0, phpMyAdmin cached the JS files and fired the relevant event on loading a page. Now these cached files are invalidate upon version upgrade.

Feature enhancements
Improved partition support
Clear internal cache at script handler upon version upgrade
Minor UI improvements to the db operations page
Do not attach index table unnecessarily
Refactor db_designer.php

Code quality improvements
Create separate controllers from table and database structure pages
Organize templates into a meaningful structure
Fix coding style issues reported by PHPCS

by Madhura (noreply@blogger.com) at August 29, 2015 11:14 PM

phpMyAdmin work during forty sixth and forty seventh weeks

During this period I moved from Colombo to Melbourne, Australia. So, I had to take couple of days off on both weeks for preparation work as well as settling down in Australia. Hence, I am combining the work done during these two weeks to a single blog post.

The bugs fixed during the time includes bugs from both stable version and the upcoming 4.5 version. 

Bugs fixed
#11404 "Switch to copied table" doesn't work
#11408 Export breaks when field name is 0
#11410 SPATIAL index option is not clickable
#11414 Unclear export options / organization / hierarchy
#11421 Stored-proc / routine - broken parameter parsing
#11436 CREATE DATABASE should be enabled by default on server exports
Remove unnecessary title after slider initialization
Fix missing template in table search page
Fix function based search for geometry columns in table search page
Fix GIS editor in table insert/edit page
Fix x coordinates of points which was the repetition of y coordinates
Respect the Auto increment checkbox in SQL export
Fix missing name for configuration read_as_multibytes
Fix - Do not export `sys` database when exporting server
Add missing 'sql_create_database' configuration to setup and user preferences

Additionally, following bugs were investigated.

Bugs investigated
#11433 '%' does not work as it is with sprintf
#11434 Class 'SqlParser\Lexer' not found

With regards to the feature enhancements, there were no major features implemented during the period. However, a number of smaller enhancements were carried out. I also went on to do some language improvements where a number of sentences that used title case were converted to sentence case to be compliant with phpMyAdmin language guide. Moreover, I started working on supporting JSON data type introduced in MySQL 5.7.8. However, this had to be postponed due to bugs in PHP with respect to JSON data type.

Feature enhancements
Improvements to partition details on table structure page
Spatial indexes with multiple columns are not allowed
Organize SQL export options
Make the SQL exports compatible for side by side comparison with old exports
Allow editing unless it's a static variable. Allow editing new dynamic variables added in MariaDB and newer versions of MySQL
Minor UI improvements in zoom search page
Language improvements - Use sentence case as per phpMyAdmin language guide

Feature requests investigated
#11438 Support JSON data type

by Madhura (noreply@blogger.com) at August 29, 2015 11:14 PM

Deven Bansod

GSoC 2015 : Successfully completed!

Last night, the results for Google summer of Code, 2015 – Final evaluations were declared! And yes! I got through successfully!

It was a majestic to see that mail from the melange site telling me that I have passed. After 3 awesome months with phpMyAdmin and under a great mentor in Isaac, it was indeed a great moment to get a confirmation that my work has been accepted.

I have been continuing to contribute to phpMyAdmin in whatever way I am able. Now that 4.5.0 – beta1 released, I expect some bugs might come up from GSoC 2015’s students code. I will keep trying to fix some bugs, implement some features and more. Let’s see how it unfolds!

And yes,  the payments would be in order(:P) now that I have completed the program successfully🙂

I cannot forget to thank my friends Varad, Prannoy, Biplab, Rajath, Vipul, Ajinkya for their invaluable support.
Thanks Isaac, Marc and the whole phpMyAdmin team for giving me a chance to work on a GSoC project with phpMyAdmin. Totally enjoyed working with all you guys.


Filed under: GSoC 2015, phpMyAdmin, Re-Start Tagged: Final Evaluations, GSoC 2015, phpMyAdmin

by Deven Bansod at August 29, 2015 01:01 PM

August 23, 2015

Dan Ungureanu

Last week

This was the last week of the Google Summer of Code program. The organizers of the program advised us to do documentation and wrap-up the project. I went over my proposal to check that all objectives were met and I have also been looking through and my code and tried spotting any errors. Most of the errors fixed were reported by Scrutinizer.

Another task I took care of was to submit my final evaluation and prepare the code samples I have to submit next week.

I would like to thank to the phpMyAdmin team and my mentor, Marc Delisle, for giving me the opportunity to participate in Google Summer of Code and spending their time with me. I believe this is one of the best work experiences I ever had and I am proud of the library I wrote, the way it turned out and how I integrated it in phpMyAdmin.

I hope that time will permit me to continue contributing to phpMyAdmin.

To see my work over the summer, you can check out my library repository or the pull requests I submitted.

August 23, 2015 12:00 AM

August 16, 2015

Dan Ungureanu

Week 12

This week, most of my work was done on sql-parser. I fixed a couple of bugs, wrote tests for the new features introduced over the last weeks, updated documentation (wiki as well) and moved the tools for tests and contexts generation to the sql-parser repository.

Next week is the last week week of Google Summer of Code and I will focus on fixing bugs and miscellaneous improvements (documentation and refactoring mostly).

To see my progress, you can check out my library repository or some of the pull requests I submitted this week.

August 16, 2015 12:00 AM

August 09, 2015

Dan Ungureanu

Week 11

This week I found and fixed a a couple of bugs and rewrote an important part of the import mechanism of phpMyAdmin.

One of the most challenging tasks of this week was probably implementing the new import mechanism. The fact that it has to process so much data made performance a top priority.

At first, I tried using the standard lexer to delimit statements, but I failed. For huge queries (that are also buffered) parsing the query over and over again to check if a statement finished was too slow. I decided to write a specialized parser (BufferedQuery) that tries to parse only the most important parts of the query (comments, strings and delimiters) in order to be able to split the statements and execute them separately. At this moment is performs well and also fixes bug #11339 which was reopened due to some edge case not being handled correctly.

For the next week, I planned on finishing the query builder and write tests.

To see my progress, you can check out my library repository or some of the pull requests I submitted this week.

August 09, 2015 12:00 AM

August 02, 2015

Deven Bansod

GSoC 2015 : Weekly Report #12 : RFE #1396

Week #12

Task(s) completed: RFE #1396 : Support MySQL 5.6 SHA256 secure password

Tasks worked upon: None

Scheduled Deadline: 9th August

Completed on: 28th July

Details:

1. I had started working on and completed the last feature on the timeline i.e. RFE #1396 : Support MySQL 5.6 SHA256 secure password last week. You can find the description of the feature at a previous post[0].

You can find the PR at [1] .

Isaac reviewed it and merged but later he realized a problem[2] and we fixed it in here[3].

Isaac is reviewing the fix currently.

Links:
[0] : https://devenbansod.wordpress.com/2015/07/20/gsoc-2015-weekly-report-10-rfe-1396-others/
[1] : https://github.com/phpmyadmin/phpmyadmin/pull/1792
[2] : https://github.com/phpmyadmin/phpmyadmin/pull/1792#issuecomment-125289202
[3] : https://github.com/phpmyadmin/phpmyadmin/pull/11330


Filed under: GSoC 2015, phpMyAdmin, Weekly Reports Tagged: #12, GSoC 2015, phpMyAdmin, Weekly Report

by Deven Bansod at August 02, 2015 07:15 PM

Dan Ungureanu

Week 10

This week I found and fixed a a couple of bugs, wrote a new formatting component in the parsing library and rewrote a part of the import mechanism to use the library I wrote.

One of the most challenging tasks of this week was probably writing the formatting library. I tried a couple of designs and ended up rewriting this component for about five times. None of them worked as I expected and sometimes they relied on some cheap hacks to get the job done, thing I didn’t like at all. At this moment, the component relies on the tokens provided by the lexer and takes into account a couple of settings to format the code.

The other components of the library got some improvements as well, mostly bug fixes. I really hope that during next week I will get to write some tests and finish the query builder.

To see my progress, you can check out my library repository or some of the pull requests I submitted this week.

August 02, 2015 12:00 AM

Subscriptions

Planet phpMyAdmin aggregates blogs of following phpMyAdmin contributors.

Last updated

December 06, 2016 12:30 AM
All times are UTC.

Feeds

[RSS 1.0 Feed] [RSS 2.0 Feed] [Atom Feed] [FOAF Subscriptions] [OPML Subscriptions] [Venus]

Planetarium