May 24, 2017

Michal Čihař

Weblate 2.14.1

Weblate 2.14.1 has been released today. It is bugfix release fixing possible migration issues, search results navigation and some minor security issues.

Full list of changes:

  • Fixed possible error when paginating search results.
  • Fixed migrations from older versions in some corner cases.
  • Fixed possible CSRF on project watch and unwatch.
  • The password reset no longer authenticates user.
  • Fixed possible captcha bypass on forgotten password.

If you are upgrading from older version, please follow our upgrading instructions.

You can find more information about Weblate on, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on as official translating service for phpMyAdmin, OsmAnd, Turris, FreedomBox, Weblate itself and many other projects.

Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.

Filed under: Debian English SUSE Weblate

by Michal Čihař ( at May 24, 2017 08:00 AM

May 23, 2017

Michal Čihař

Weekly phpMyAdmin contributions 2017-W20

Last week I was again quite active on development side bringing several improvements to master branch.

The biggest news is probably that phpMyAdmin no longer relies on eval() function. We've used it to run advisory rules on server configuration, but that is now done using Symfony ExpressionLanguage (which we anyway need due to motranslator).

When looking at things this does pull in, I've noticed that there is mbstring polyfill, which can be used instead of the one we ship (and was never completed). Thanks to this the mbstring dependency is now optional, but still recommended for performance reasons.

Another quite visible change is adding JSON metadata to our themes. Right now it covers basic things like theme compatibility and authorship, but more can be added later. This is also covered in our documentation.

Handled issues:

Filed under: English phpMyAdmin

by Michal Čihař ( at May 23, 2017 10:00 AM

May 22, 2017

Michal Čihař

HackerOne experience with Weblate

Weblate has started to use HackerOne Community Edition some time ago and I think it's good to share my experience with that. Do you have open source project and want to get more attention of security community? This post will answer how it looks from perspective of pretty small project.

I've applied with Weblate to HackerOne Community Edition by end of March and it was approved early in April. Based on their recommendations I've started in invite only mode, but that really didn't bring much attention (exactly none reports), so I've decided to go public.

I've asked for making the project public just after coming from two weeks vacation, while expecting the approval to take some time where I'll settle down things which have popped up during vacation. In the end that was approved within single day, so I was immediately under fire of incoming reports:

Reports on HackerOne

I was surprised that they didn't lie - you will really get huge amount of issues just after making your project public. Most of them were quite simple and repeating (as you can see from number of duplicates), but it really provided valuable input.

Even more surprisingly there was second peak coming in when I've started to disclose resolved issues (once Weblate 2.14 has been released).

Overall the issues could be divided to few groups:

  • Server configuration such as lack of Content-Security-Policy headers. This is certainly good security practice and we really didn't follow it in all cases. The situation should be way better now.
  • Lack or rate limiting in Weblate. We really didn't try to do that and many reporters (correctly) shown that this is something what should be addressed in important entry points such as authentication. Weblate 2.14 has brought lot of features in this area.
  • Not using https where applicable. Yes, some APIs or web sites did not support https in past, but now they do and I didn't notice.
  • Several pages were vulnerable to CSRF as they were using GET while POST with CSRF protection would be more appropriate.
  • Lack of password strength validation. I've incorporated Django password validation to Weblate hopefully avoiding the weakest passwords.
  • Several issues in authentication using Python Social Auth. I've never really looked at how the authentication works there and there are some questionable decisions or bugs. Some of the bugs were already addressed in current releases, but there are still some to solve.

In the end it was really challenging week to be able to cope with the incoming reports, but I think I've managed it quite well. The HackerOne metrics states that there are 2 hours in average to respond on incoming incidents, what I think will not work in the long term :-).

Anyway thanks to this, you can now enjoy Weblate 2.14 which more secure than any release before, if you have not yet upgraded, you might consider doing that now or look into our support offering for self hosted Weblate.

The downside of this all was that the initial publishing on HackerOne made our website target of lot of automated tools and the web server was not really ready for that. I'm really sorry to all Hosted Weblate users who were affected by this. This has been also addressed now, but the infrastructure really should have been prepared before on this. To share how it looked like, here is number of requests to the nginx server:

nxing requests

I'm really glad I could make Weblate available on HackerOne as it will clearly improve it's security and security of hosted offering we have. I will certainly consider providing swag and/or bounties on further severe reports, but that won't be possible without enough funding for Weblate.

Filed under: Debian English SUSE Weblate

by Michal Čihař ( at May 22, 2017 10:00 AM

May 18, 2017

Michal Čihař

phpMyAdmin available in Packagist

For quite some time, we did provide Composer packages for phpMyAdmin, though they were available only in separate repository and not in the main Packagist repository, but now it's there!

The reason why we didn't do that was that it really doesn't integrate well with our release process - we release ready to use tarballs, while the VCS doesn't contain all things end users expect (eg. byte compiled localization files). Putting generated content to VCS didn't sound right and there is no option of using own tarballs on Packagist repo.

That's why we've ended up providing own channel with release tarballs. However this approach is not good either as that already bundles dependencies installable by composer, possibly causing problems when trying to upgrade these.

Therefore I've decided to generate separate VCS for composer packages. This way it doesn't pollute development VCS, but still Composer gets what it expects. The phpmyadmin/phpmyadmin is now using separate VCS and is updated daily using shell script. There might be some glitches during initial runs, so please report me any problems you see.

You can find more information on installing phpMyAdmin using Composer in our documentation.

Filed under: English phpMyAdmin

by Michal Čihař ( at May 18, 2017 10:00 AM

May 17, 2017

Michal Čihař

Weblate 2.14

Weblate 2.14 has been released today slightly ahead of the schedule. There are quite a lot of security improvements based on reports we got from HackerOne program, API extensions and other minor improvements.

Full list of changes:

  • Add glossary entries using AJAX.
  • The logout now uses POST to avoid CSRF.
  • The API key token reset now uses POST to avoid CSRF.
  • Weblate sets Content-Security-Policy by default.
  • The local editor URL is validated to avoid self-XSS.
  • The password is now validated against common flaws by default.
  • Notify users about imporant activity with their account such as password change.
  • The CSV exports now escape potential formulas.
  • Various minor improvements in security.
  • The authentication attempts are now rate limited.
  • Suggestion content is stored in the history.
  • Store important account activity in audit log.
  • Ask for password confirmation when removing account or adding new associations.
  • Show time when suggestion has been made.
  • There is new quality check for trailing semicolon.
  • Ensure that search links can be shared.
  • Included source string information and screenshots in the API.
  • Allow to overwrite translations through API upload.

If you are upgrading from older version, please follow our upgrading instructions.

You can find more information about Weblate on, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on as official translating service for phpMyAdmin, OsmAnd, Turris, FreedomBox, Weblate itself and many other projects.

Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.

Filed under: Debian English SUSE Weblate

by Michal Čihař ( at May 17, 2017 02:00 PM

May 16, 2017

Michal Čihař

Weekly phpMyAdmin contributions 2017-W19

Last week I finally got to doing something else than bug screening and fixing.

First of all the daily snapshots were improved in order to indicate the snapshot detail on our website, so that it's clear when it has been built and from which Git commit.

I've also looked at long outstanding issue of removing eval() usage from our codebase. The last piece where it has been used for Advisor and there is now my pull request to get rid of that.

Second long annoying thing is that we really don't have theme metadata in some easy to read format. Some of the information is set by PHP code and that's not really something you want to use to just get theme name, author or compatibility (actually the last bit is not really there). I've rewritten this to use JSON and there is pull request to implement the changes.

Probably both pull requests will land into master this week.

Handled issues:

Filed under: English phpMyAdmin

by Michal Čihař ( at May 16, 2017 10:00 AM

May 15, 2017

Michal Čihař

New projects on Hosted Weblate

Hosted Weblate provides also free hosting for free software projects. The hosting requests queue was over one month long, so it's time to process it and include new project.

This time, the newly hosted projects include:

We now also host few new Minetest mods:

If you want to support this effort, please donate to Weblate, especially recurring donations are welcome to make this service alive. You can do them on Liberapay or Bountysource.

Filed under: Debian English SUSE Weblate

by Michal Čihař ( at May 15, 2017 04:00 PM

May 14, 2017

Deven Bansod

Project Details: GSoC 2017 with phpMyAdmin

As I had posted earlier, my proposal for ‘Improving phpMyAdmin’s Selenium testsuite and Error Reporting Server’ got accepted in Google Summer of Code with phpMyAdmin.

The project aims to provide some added and improved functionality in the areas of functional/selenium testing and phpMyAdmin’s error reporting server.

The project details are presented under two broad headings:

  1. Tasks related to Error Reporting Server
  2. Tasks related to Selenium testing

Tasks related to Error Reporting Server

This involves implementing these tasks over the summer:

  1. Issue #98: Follow Github issue state
  • Current behaviour: No such option. Prior to migration of our issue tracker, the state of reports were synced with the linked SourceForge issues. On migration, this functionality has been lost.
  • Expected behaviour: The error reporting server should be able to follow state of linked issues and update state of the reports linked to that issue according to them.
  • Implementation Procedure:
    1. Github provides event webhooks for any repository which can be listened by a controller on our reporting server.
    2. Once an issue (close) event is received, the controller will set the state of all the reports linked with that issue to ‘closed’. This way we would not have to run a cron job, and this would ideally be tracking changes in real time.
    3. If the operation takes a lot of time, we might have to use queueing mechanisms to hold these event payloads received from Github.
    4. Security aspects have to be considered as mentioned here
  • Alternate Implementation Procedure:
    1. Github developer APIs provides a rich way of interacting with the issues on a repository. We could use the APIs provided, for example:
      GET /repos/:owner/:repo/issues/:number
      to get the current state of the linked issue for a report and update the same on server
    2. This can be implemented as a shell, which could be run as a cron-job using the console tool that CakePHP provides.

      2. Issue #31 : Provide email notification for new reports

  • Current Behaviour: New reports are not reported to the developers via emails. This leads to the developer manually checking the error reporting server to check, if new relevant reports have been added.
  • Expected behaviour: New report generation would be accompanied by emailing a small summary of the new report’s details to the developer community (maybe through a new ‘bugs’ mailing list).
  • Implementation Procedure:
    1. Cakephp3 has a core library included for custom emails through cakephp. The ReportsController.php, in its creation of the report, would also include a function call to mail the summary of new report’s details to the bugs mailing list.
      Reference –

      3. Issue #106 : Notifications handling

  • Current Behaviour: We don’t provide any option to clear all notifications. Moreover, there is not even a ‘Select all’ checkbox to select all the notifications on a page.
  • Expected behaviour: The missing ‘Clear all notifications’ button (and the corresponding action) should be provided so that the developer can start with a clean slate. Moreover, a ‘Check all’ checkbox would enable the developers to quickly filter and clear the notifications shown currently on the page
  • Implementation Procedure:
    1. We use Data tables to populate, order and enable search queries (though order and search are actually run in with SQL queries) in the tables on Notifications page.
    2. A check-all box can be added similar to what is present on the reports page
    3. The ‘Clear all notification button can added above the table header (may be right-aligned in the same row as ‘Action for Selected Notifications’)

      4. Issue #119 : Improve generated issues content

  • Current Behaviour: Once a report on the error reporting server is linked to an issue, a comment is posted with the error type, error message, exception type and the link to the report.
  • Expected behaviour: It would be really help the developers looking at the comment in the issue tracker if affected phpMyAdmin version, script name and number of incidents are also included in the generated comment.
  • Implementation Procedure:
    1. The changes have to made in the src/Controller/GithubController.php file
    2. We would have to fetch the required information related to the report from the database using appropriate models.
    3. This extra information can be included in the data being posted in the request to the Github server while posting the comment (while linking to existing issue) or while creating a new issue.

      5. Issue #120 : Simplify Issue states

  • Current Behaviour: Since we used to track the issue state from SourceForge through a cron job, we had adapted to the issue states available in SourceForge’s issue tracker and had added corresponding issue state for our reports.
  • Expected behaviour: Since we have moved to Github issue tracker, we would need only three states namely: opened, closed and forwarded. Opened is the default when a new report is generated, it is set to forwarded when the report is linked to a new or existing issue. Once an issue gets closed on Github, the linked reports are also marked as closed.
  • Implementation Procedure:
    1. The changes would be involved to the $state array in the src/Model/ReportsTable.php
    2. Then changes would be required in the flow which creates a new issue and/or links a report to an existing issue on Github, so that the state of the linked report can be changed to forwarded.
    3. The other change required would be that the state of the report should be updated once we receive a issue-closed event from the Github webhook.

      6. Issue #123 : Allow search by filename

  • Current Behaviour: We allow the search in data tables on reports page based on exception name, message, phpMyAdmin version affected, state, exception type.
  • Expected behaviour: The search functionality does not help much when the exception name and the message are very similar but are actually present in different files. We should have a column stating the filename and allow search by that column to help distinguish such reports.
  • Implementation Procedure:
    1. Adding a column involves changes to the template, the view action in src/Controller/ReportsController.php by changing the $aColumns array.
    2. Moreover, the searchable property for this newly added column in the data table would be automatically enabled. (It can be disabled by specifying in the webroot/js/custom.js aoColumnDefs field, but we don’t have to touch it in this case)

      7. Issue #74 : Read-only public interface

  • Current Behaviour: For accessing the error reporting server, one needs to have commit access to the phpmyadmin/phpmyadmin repository on Github. This prevents contributors (non-team members) to access the application. Currently, any issue on the tracker that has been forwarded from a report on error reporting server might be incomprehensible (or at least a pain to work on a fix for) to any non-team developer, since (s)he can’t even take a look at the actual report/incidents.
  • Expected behaviour: We should allow for public read-only interface so that anyone can take a look at the error reports. This would enable democratization of the technology and help in increasing the developer engagement in the community.
  • Implementation Procedure:
    1. The reports main page (i.e. the index action in ReportsController) can remain as it is, while the view action can be changed to have the action buttons like ‘Mark same as’, ‘Create new issue’, ‘Link to an existing issue’ made conditional on whether the user is logged in (ideally only team members)
    2. The currently unused function ‘canCommitTo’ in the Github API can be used to check whether the user is authorized to access the report actions. Moreover, the $whitelist in src/AppController.php would have to be altered to allow for anonymous users to access the read-only interface

      8. Issue #129 : Use cleaner alternative syntax for control structures in View templates

  • Current Behaviour: The templates, in the current code, use the standard syntax for the control structures that is used in the .php files. It makes it very inconvenient to read and comprehend the code, since there are a lot of braces and they may not be correctly indented etc.
  • Expected behaviour: Use alternative syntax in template files
  • Implementation Procedure:
    1. Rewrite the control structures in the template files using the alternative syntax, of course, without breaking any existing functionality.

Tasks related to Selenium testing

These tasks are broadly divided into 2 major sub-lists:

  1. Fixing existing tests: This involves fixing the existing set of broken selenium tests. This would help in making the overall test suite reliable, so that it can be run on every  commit.


S. No.

Test name Current status
1 CreateDropDatabaseTest Works
2 CreateRemoveUserTest Works
3 DbEventsTest Inconsistent
4 DbOperationsTest Broken
5 DbProceduresTest Broken
6 DbStructureTest Broken
7 DbTriggersTest Broken
8 ExportTest Broken
9 LoginTest Works
10 NormalizationTest Broken
11 PrivilegesTest Broken
12 ServerSettingsTest Broken
13 TableBrowseTest Broken
14 TableCreateTest Broken
15 TableInsertTest Broken
16 TableOperationsTest Broken
17 TableStructureTest Broken
18 TableTrackingTest Broken
19 XSSTest Broken
20 ImportTest Broken


Assuming that each test and its test-cases can be fixed in a day’s work (on an average), fixing all the current tests would require 3 weeks of time.

Adding new tests: The selenium testsuite will be extended to common operations by adding a new set of tests and improve the selenium testsuite coverage.

S. No. Feature Covered Expected duration
1 Typing and executing SQL query – Server SQL 1-2 day(s)
2 Typing and executing SQL query – Database SQL 1-2 day(s)
3 Typing and executing SQL query – Table SQL 1-2 day(s)
4 Granting an user access to a database 1-2 day(s)
5 Import tests 1-2 week(s)
6 Exports tests (expand to test more options, for Server-level, Db-level, table-level) 4 days


I would be posting weekly updates every Monday, about the work undertaken during the previous week as soon as the coding period starts.

Looking forward to another exciting summer with phpMyAdmin. đŸ™‚

Filed under: GSoC 2017, phpMyAdmin Tagged: GSoC, Open Source, phpMyAdmin

by Deven Bansod at May 14, 2017 03:22 AM

May 13, 2017

'Manish Bisht'

Google Summer of Code’ 17 with phpmyadmin

This summer, I was selected for the prestigious Google Summer of Code ’17 program with the phpmyadmin organization. phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQL over the Web. phpMyAdmin supports a wide range of operations on MySQL and MariaDB. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc) can be performed via the user interface, while you still have the ability to directly execute any SQL statement.


phpmyadmin currently has a large number of open issues (~210 at time of writing this). To maintain and improve phpmyadmin core project the numbers of issues should be lower down. This project aims to resolving the major issues and improvements to be done in phpmyadmin. I have selected a list of issues on which I will be working this summer.

Community Bonding

Before the beginning of the official program period, Google allows students one month to get familiar with the organization they will contribute to, to get familiar with the programming practices, source code, get doubts cleared etc. phpMyAdmin is a PHP project that provides wide range of operations that can be performed via the user interface. The project code is available on GitHub at this link


Week 1–4

Improve responsive/mobile interface

As the world is going more mobile everyday, so It would be a good idea to make phpMyAdmin responsive, so it works on smartphones and tablets too instead of desktop only.

Consolidate tablesorter libraries

Currently phpmyadmin have two javascript plugins for table sorting so it’s better to replace it with simply one. I will be replacing jquery.sortableTable.js with jquery.tablesorter.js

Nice view for JSON data

It will add the feature to have an easy view of the JSON data of a column of a table. Right now it shows in only one line, without any kind of format, so we can have an option to show when you are viewing a table with JSON data or when editing a nice JSON view.

Also, If the team decides they still don’t want to pursue the responsive interface enhancement, I’m prepared to replace that part of my summer with the solving these issues.

Support for large monitors

For this one I will set the right padding to the div that contains [Edit inline], [Edit], etc options for the very large screens.

Inconsistency with submit buttons

I will show all the buttons on the right side. And its implementation part is also similar to the above task

Error popup

The problem with this is we are unable to copy/paste stuff because as soon as we click on the popup it is closed.

Add export option to drop user security definers from views

For the last one during export option I have to make a change so that the security definition should not be included in the export file.

Week 5–8

Remove inline javascript

There are several places which uses inline javascript (onclick, onsubmit and onchange). These should be removed and placed into javascript files. After removal we can get rid of ‘unsafe-inline’ for scripting in CSP.

Disable charset conversion when importing with SET NAMES

According to the communication on issue link the charset handling seems to be broken on the import

Import/Export Progress bar-1 and Import/Export Progress bar-2

It would be really nice to have a progress bar showing import and export progress in real time in terms of percentage and having some more detailed information like which step/table it is processing.

Password “No” shown for user not in user table

When a user has access to a db (or table), but is not in the user table he’s shown as not having a password. Even after successfully running the query delete from mysql.user where user = ‘test’ I was still able to login with the test account.

Week 9–12

Configuration storage — fallback to default table names when pmadb config is set

The PMA should fallback to default table names if controluser + pmadb options are set while other like ‘relation’, ‘column_info’ are NOT in

Facilitate drag and drop of columns between tables

I will implement this feature by allowing user to drag and drop the existing column from the “structure page” as well as from the navigation tree table column entry, to the “New” column entry in the navigation tree columns section of the target table.

Update 1

I will work on the forked repository and submit the Pull Request as soon it is completed. I will also post the weekly update about the project on medium. This is my GSoC’17 proposal.

by Manish Bisht at May 13, 2017 02:41 PM

May 09, 2017

Michal Čihař

Weekly phpMyAdmin contributions 2017-W18

Last week I finally got back to work after mostly two weeks of vacation, so there was quite a lot of things to do. I've merged several pull requests, gone through incoming bugs and generally did some cleanup in our issue trackers.

I've also worked on new daily snapshots of our code, which are now available for download of for use from Docker Hub.

Handled issues:

Filed under: English phpMyAdmin

by Michal Čihař ( at May 09, 2017 10:00 AM

May 05, 2017

Deven Bansod

Selected for GSoC 2017 with phpMyAdmin

The list of accepted projects for Google Summer of Code (GSoC), 2017 was published yesterday. My proposal on ‘Improving phpMyAdmin’s Selenium testsuite and Error Reporting Server’ submitted to phpMyAdmin has been selected.

This is the second time that I would be participating in GSoC and my second time with phpMyAdmin. This time I would be mentored by Michal ÄŒihaĹ™. I would soon be adding a separate blog post about the project details.

Congratulations to all those whose proposals were selected. Cheers!

Looking forward to a great summer ahead with phpMyAdmin again! đŸ™‚

Filed under: GSoC 2017, phpMyAdmin Tagged: GSoC, Open Source, phpMyAdmin

by Deven Bansod at May 05, 2017 07:04 PM

Michal Čihař

New daily snapshots for phpMyAdmin

We have stopped providing daily snapshots for phpMyAdmin pretty much at time we've moved to GitHub, which allowed to download any branch as zip file. However since introduction of Composer to manage our dependencies, additional steps were required to get working copy of phpMyAdmin out of the snapshots.

Since today the ready to use snapshots are available again. They will be updated every day and are built in exactly same way as our releases, so all you need to do is download them and start using.

These snapshots can be also used from Docker - the phpMyAdmin image now has brand new tags edge-4.7 and edge-4.8 which are updated with every snapshot and contain latest changes from development branches.

Filed under: English phpMyAdmin

by Michal Čihař ( at May 05, 2017 04:00 PM

April 15, 2017

'Manish Bisht'

This is how you should make a GOOD Resume

After getting a lots of questions from my friends and social channels about “how to make my resume”. These are my suggestions to make your resume GOOD that can help you to get your dream job or Internship. You are free to use these suggestions and make changes according to your needs.

KISS — Keep it Simple and Stupid

What to include ?

Everything that you want to tell to your recruiter. This is the sequence that I should suggest you to follow keeping below points in mind but you can definitely reorder it.

For Beginners

  1. Name and Contact Details.
  2. Education
  3. Projects
  4. Skills and/or Technologies known
  5. Languages known (position specific)
  6. Honors and Awards

For Experienced Peoples

  1. Name and Contact Details.
  2. Work Experience
  3. Education
  4. Projects
  5. Skills and/or Technologies known
  6. Languages known (position specific)
  7. Honors and Awards

Plus point (Common)

  1. Freelancing work
  2. Online Portforlio
  3. Volunteer or nonprofit work
  4. Internships

Plus point for Developers

  1. Open Source Contributions
  2. Competitive Programming
  3. Contest Participation/Winners in regular contests or Hackathons
  4. GitHub Profile Link
  5. Host all your projects online

Plus point for Designers

  1. Behance Profile Link
  2. Creativity (Make resume info-graphic)

Plus point for Marketing

  1. Google Certifications

I don’t know much about this field. :)

What NOT to include?

Content that seems that looks irrelevant for the position you are applying. For Example if you lives in Jaipur and writes “I know Hindi” then it doesn’t make any sense as almost all people knows it. It’s just consuming the useful space.

One Page Resume

Now most of you will ask why ?

Short Answer

Do you really think that the recruiters will be going to read your entire resume ? Big “NO” because every company receives lots of applications daily so like every people they also don’t have time to read it from the starting till the end.

Long Answer

Recruiters do not read your resume. They just scan it for 15–30 second. When your resume is too long, then you have written everything about you and it may possible that you have include things that not required or irrelevant. Now two things can happen in those 15–30 seconds, the recruiter sees the best/good part in your resume or some irrelevant stuff. If the worst case happen they will see the worst part and makes their decision as no hire. It will dilute your best/good part from your resume. Lengthy resumes do not make you more impressive. And if you think you can’t get your resume to just one page, trust me, you can! You just need to think about what is really important for a recruiter to see.

Introduction and Contact Details

This should be the very first part of your resume. As it will helps recruiters to know more about you and how they can contact you. Name, Mobile Number and E-Mail is must to be mentioned in this section. Also make sure your email looks professional not like At least your first name should be included in your email. You can also place the links to your social profiles or that can be included in footer. This thing is optional but it depends for example you are developer or graphic designer then they expect GitHub and Behance profile links respectively.

No Objectives

The company already knows that because you applied for a particular position. It will just waste useful space. Also it may limit your profile to considered it for other positions that might be interesting for you.

Use a Resume Template with Columns

Use a template that has multiple columns. It makes your resume easier to read and saves space.

Use Tables

Use tables with 0(zero) border to manage content on resume.

Short Bullets

If there are paragraphs then they is a high possibility that they will just skip it. They are also normal persons so who wants to reads those paragraphs. So adding bullets points increases readability. Make sure that all the bullet point start with action verbs like organised, developed etc. Here are the list of Action Verbs.

Accomplishment Oriented

Your bullets should focus on your accomplishments rather than your responsibilities.


Whenever possible, you should quantify your accomplishments. For example If you won an award, out of how many people?


Add all your education related stuff in this section. Name of College/School, Session and percentage/GPA (percentage/GPA is optional try to not mention it if you have too low percentage/GPA). Make it more organised either write percentage for all schools/colleges or for none because mentioning the good percentage/GPA and not mentioning the bad ones makes the negative impact. This section can also includes the courses that you have taken online. For most of the good recruiters this section doesn’t plays important role in their decision. (For IIT, NIT, IIM etc sometimes it works because they also know how hard it is to get into those institutes)


Select top 2–3 projects to list on your resume. These can be academic required project or independent projects. They do not need to be completed or launched either. As long as you’ve done a good amount of work on them, that’s good enough! because in your Interviews they will defiantly going to ask questions on it.

Additional Experience

You can put additional experience, like leadership activities or awards, in a section like this (changing the name of the section depending on what you list). Be careful here to focus on what really matters.

Skills and Technologies (Only for technical positions)

It’s a good idea to list your skills and technologies that you know, but remember that anything you list here interviewer will going to test it. Also mention it with level of expertise For Example C++ (Proficient), C# (Prior Experience), etc


If you know any language that will help company in any way then make sure to mention it with more details like can talk in English or can write in English. For Example if you are applying for automobile companies that are Germany based and you know German then it is worth mentioning it.


This isn’t really necessary, but if you are applying for a job and want them to know you have interests related to the job this would be a good place to mention them. I would suggest you to keep this section at the very end of the resume.

Make it easy for Applicant tracking system

An applicant tracking system (ATS) is a software application that enables the electronic handling of recruitment needs. Now a days most of the companies uses it as everyone wants automation. So add things in organised way is that it can be easy for machine to filter details about you.

NOTE: Images can’t be parsed through these systems so make sure not to include images in your resume.

Extra Tips

1. Never lie on resume

Never lie on your resume because if you do this and get caught then company will be definitely going to blacklist you. They will never going to take the second chance.

2. Choose your fonts wisely

It is generally a good idea to stick to simple and readable fonts. If you make it hard for them to read then they will make it hard for you to get the job. ;)

3. Keep document size as A4

It will be easy for take print out and will easy for the company too when they take printout after sending them through email (I have once made this mistake after that I have changed default page settings to A4).

4. Grammar and spelling

If you’re applying for a job as a designer, does it matter how well you write? The simple answer is yes. Spelling and grammar mistakes will make you appear uneducated, ignorant and/or lazy

5. Make it early and then update monthly

If you are not planing to apply in next 1 month then also I will suggest you to start making it early. Because the resume that is made day earlier is far better then the one that is made few time ago and modified multiple times. Try to modify resume on regular basic and add more relevant and exciting things to it.

6. Remove repetitive information

Never write the same thing multiple times in your resume even not your name. Trust me this is not your exam answer sheet where you write the same thing multiple times to get passed ;)

7. Use space wisely

Play with page margins, borders and font sizes because you only have one page to write.

This is the link to my current resume Hope this post helps you to make your resume better.

Need help in something else. Feel free to ping me anywhere. I am not too hard to reach. Please do your homework before reaching out to me so you don’t end up asking some random question. :)

by Manish Bisht at April 15, 2017 03:14 PM

April 13, 2017

Michal Čihař

Weblate 2.13.1

Weblate 2.13.1 has been released quickly after 2.13. It fixes few minor issues and possible upgrade problem.

Full list of changes:

  • Fixed listing of managed projects in profile.
  • Fixed migration issue where some permissions were missing.
  • Fixed listing of current file format in translation download.
  • Return HTTP 404 when trying to access project where user lacks privileges.

If you are upgrading from older version, please follow our upgrading instructions.

You can find more information about Weblate on, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on as official translating service for phpMyAdmin, OsmAnd, Aptoide, FreedomBox, Weblate itself and many other projects.

Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.

Filed under: Debian English SUSE Weblate

by Michal Čihař ( at April 13, 2017 04:00 AM

April 06, 2017

'Manish Bisht'

Google Developer Day 2017 Ahmadabad, India (Cloud Track) — Summary

Google Developer Days are interactive conferences, providing the latest updates on Google technologies and open platforms for developers and industry leaders. Google Developer Days 2017 will be held throughout year at various cities in India. They are excited to share their thoughts on innovative technologies and encourage developers to build the next big mobile, web, cloud or machine learning solutions.


The event started with the welcome note by Manoranjan Padhy(Community Manager — Google Developer Relations, India)

Session #1

The first session was on Google Cloud Platform by Romin Irani(Google Developer Expert — Cloud Platform) He started with telling key updates from Google Cloud Next 2017 Event.

100 announcements (!) from Google Cloud Next '17

Then he gives the update about new website of Google for all its open source projects. Here is the link

Google Open Source -

Here is the link of the shared presentation.

Google Cloud Platform - Updates - Next 2017 - Dev Day AHM

#Session 2

Next session was by Rohit Gupta(Solution Engineer — Google Cloud Platform) on Big Data. This was the very interactive session. He told us why Google is data oriented company through his own example.

Also he also told us that the “Hadoop” most trending thing in Data Science was derived from the “MapReduce” research that was done by Google.

Google Research Publication: MapReduce

#Session 3

Next session was on Firebase overview by Manoranjan Padhy(Community Manager — Google Developer Relations, India). He showed us how to get started with Firebase and how to use the API to store the data. He also showed the example of the Chat Application on Firebase.

Firebase Web Codelab

#Session 4

Next session was by Romin Irani(Google Developer Expert — Cloud Platform) on Machine Learning then the more updates about the Google cloud machine learning APIs

Announcing Google Cloud Video Intelligence API, and more Cloud Machine Learning updates | Google Cloud Big Data and Machine Learning Blog | Google Cloud Platform

As most of the peoples are from startups so he gives an update about Google Cloud Machine Learning Startup Competition

Google Cloud Machine Learning Startup Competition | Google Cloud Platform

And at the last the new Google Cloud Platform Community

Google Cloud Platform Community | Google Cloud Platform Community | Google Cloud Platform

Here is the link of the shared presentation.

Introduction to Cloud ML APIs - Dev Day AHM - March 2017

#Session 5

Then an another session by Manoranjan Padhy on Tenserflow. He tell us the things how to start Machine Learning with tenserflow. Tenserflow requires maths as an prerequisite.

If you want to use already created Machine Learning models then you can use Google Cloud Machine Learning and if you want to build your own Machine Learning model then use tenserflow.


#Session 6

Next session was again on Firebase by Manoranjan Padhy(Community Manager — Google Developer Relations, India) This session was more on server less development which doesn’t means there are no servers but it means we don’t have to manage them.

Firebase | App success made simple

#Session 7

Next session was by Rohit Gupta(Solution Engineer — Google Cloud Platform) on GCP Deveoper and Management tools.

He tell us why we never see “We are on maintenance” like messages on Google products. The difference between 99.99% and 99.999% up-time. Google Storage is 99.999999999999% reliable which means their is very low chances of losing your files if you save it in Google storage like drive, Google Photos. so this session was quite Interesting. He tell us about various new tools that Google internally use in their products.


Stackdriver - Hybrid Monitoring | Google Cloud Platform

Google also learns from other technology companies. And recently they learnt from Netflix a new way to deploy the updates that are more reliable and very less chances of failure.

Research at Google

At the last the event ended with the open house discussion with the GDG Ahmadabad team and Networking with GDG Ahmadabad teams and Speakers.

by Manish Bisht at April 06, 2017 02:15 PM

April 01, 2017

'Manish Bisht'

My Software Engineering Internship Interview Experience for Summer 2017 with Google Japan

On 9 December, 2016 It was my last fifth semester practical exam so after giving that one of my friend asked for the videos of Udacity FrontEnd Nanodegree I opened my laptop and here is the email from Google Japan with subject “ Google Japan — Next steps on your application” I was so excited thinking that yes finally my resume passed from their ATS (When you apply in any company the resume is saved in their Application Tracking System which is used by the recruiter to select candidates by searching through all the resumes using some keywords because no one has that much time to look through every resume because they receive more than 75,000 job applications every week).

This is not the first time I have applied in Google I have applied in my second year also for the EP Intern but received no response from them because I think I was late that time because they complete all interns hiring by January for summers as answers written on Quora. So I check their job portal in every 15–20 days and apply for the positions relevant to me and update my resume on the monthly basis. I have received response after applying more than 30+ times through their portal so Yes, patience pays…

As the first step in the process I have to fill one survey form asking some basic details. After that on 16 December, 2016 received the email with subject “ Google Japan — Confirmation of Online Quiz”. They have scheduled the online test on 20 December, 2016 and I have to submit the code on the portal. It was something like Google APAC but with no scoreboards.

On 20 December, 2016 There were 2 questions on the quiz out of which I am able to pass 33/101 test cases for first question and 11/100 test cases for second question. The questions were of medium level out of which one was on graph. Also It was written on the on instructions that they will make the next steps based on the code that I have submitted and my resume.

Finally today 22 December, 2016 2:21 P.M. got the email with subject “ Google Japan — Update on your application” This was the rejection email from them. :(

I missed the awesome opportunity this year and will try again next year

For those who want to prepare for the Internship/Full Time this resource ( is more than enough to crack interviews at Google. Here Google doesn’t means only Google it means the company which builds cool products using the concepts of Computer Science in a highly creative way.

by Manish Bisht at April 01, 2017 11:23 AM

March 14, 2017

December 25, 2016

'Raghuram Vadapalli'

CS224d: A great startpoint for Deep Learning in NLP

Even though I am in in Search and Information Extraction Lab, my research work focuses more on NLP. If you are into NLP, you will know that most of the major recent advances in NLP are using Deep Learning. Initially, I had a very tough time understanding most of the papers which used Deep NLP techniques such as LSTMs, Recursive Neural Networks, Attention models etc. This is when I came across this course offered by Richard Socher at Stanford. I am not done with this course completely yet, but doing a part of it itself gave me a lot of confidence. Best part about it is that all their assignments and material, which are very elegantly designed, are publicly available. Hopefully, this will also help someone who has similar interests.

You can find more details about it on its homepage.


by Raghuram Vadapalli at December 25, 2016 09:31 AM

December 02, 2016

'Raghuram Vadapalli'

Installing CUDA on Ubuntu 16.04

So, I came across this problem while installing tensorflow GPU version. Any deeplearning framework’s GPU version needs you to have CUDA installed prior to it. You will have to download the drivers from here . The site simply says to run the file as sudo to install. But wait. If you proceed like this on Ubuntu 16.04, there is a very good chance you will end up with a black screen when you reboot the system. Follow these steps to have a safe CUDA installation:

  • ./ -extract=~/Downloads/nvidia_installers
  • cd ~/Downloads/nvidia_installers
    sudo ./ --no-opengl-files
  • sudo ./
    sudo ./
  • Check if it is installed properly by using:
  • In case driver stops working in future, just run the first command again
    sudo ./ --no-opengl-files

    That should fix it most of the times.

  • In case you already installed the way mentioned on the site and are seeing a black screen, just go to command line interface using ctrl+alt+F2. Login and do
    sudo apt-get --purge remove nvidia-*

    And reboot. Now you should get your display back. Install CUDA as mentioned here.

by Raghuram Vadapalli at December 02, 2016 01:31 PM

November 29, 2016

'Raghuram Vadapalli'

POS tagging using limited labeled data

Hello, this is my first blog post. Any suggestions regarding improvements are very welcome.

Formally, this is called semi-supervised POS tagging.

What is POS tagging?


If you have some acquaintance with NLP, then you will most probably know what POS tagging is. Basically, given a sentence, you have to label each word with its part-of-speech tag. This can simply be put as a sequence labeling task. You can read more about POS tagging here.

HMM and POS tagging

The first approach for POS tagging is to use an HMM with Viterbi algorithm, which is basically a dynamic programming technique to speed up HMM for POS tagging.  You can read more about HMM and Viterbi following the links given. But for giving a high-level view, we should find the sequence of tags which maximizes the probability P(t1, t2, … tn | w1, w2, … wn). Not going completely into derivation which involves Markov assumption and some probability manipulation, the above expression can be converted to finding tag sequence which maximises

Π P(wk|tk) P(tk|tk-1).

P(wk|tk) is called emission probability as it is the probability of wk occurring given that tk occurred. P(tk|tk-1) is called transition probability as this determines the probability of next tag, given the previous tag. This is a good tutorial for this technique.


The method discussed above is called supervised because the emission and transmission probabilities are usually calculated from training data by counting bigram frequencies:

P(wk|tk) = count(wk, tk)/count(tk)

P(tk|tk-1) = count(tk, tk-1)/count(tk-1)

But, what if we don’t have bigram counts of all possible bigrams, which is clearly the case in real world data. One basic approach is to use some smoothing technique, but we will be looking at a different approach here. It is clear that we don’t have exhaustively labeled data (all possible bigram counts). So, we make use of limited labeled data and word similarities to find the tags, which is why we call it semi-supervised.

Clustering and two-level HMM

Finally, we come to the actual solution. We first cluster the words in the train data into some k no of clusters. k can be fixed by experimenting. For this, we need vector representations of words. We can obtain vector representations by building a cooccurrence matrix and reducing the dimensionality by using SVD. A simpler way would be to use Word2Vec or GloVe vectors. But the problem with them is that they are general and may not be very relevant to the domain of our data. Anyway, it won’t make much of a difference. Now, we have n clusters – k1, k2 …, kn.

To visualize, our HMM looks like following:


As you can see, the first level of HMM is to get the cluster sequence from the word sequence. As discussed in the previous section, this will require two probabilities – emission and transition. There is no problem with transition probability as the count based approach earlier can still be used (all possible cluster bigram counts are mostly present). But, emission probability cannot be count-based as all possible cluster-word pair counts may not be available. This is the place the clustering and word vectors prove useful. The inverse of the euclidean distance between word vector and mean vector of a cluster can be considered as emission probability:

P(wi | kj) = ||vector(wi)-mean(kj)||-1

Now, we obtained cluster sequence. From this, we have to obtain the tag sequence. This part is the second level of HMM. Similar to the first level, transition probabilities can remain count-based as all tag bigram counts are usually available. Now comes the most tricky part of the entire approach – emission probabilities of cluster-tag. We already have tags for all the words in training data. We now calculate embedding for a tag as the mean of vectors of all words with that tag. Once we have tag embeddings, emission probabilities of tag-cluster can be obtained as the inverse of the euclidean distance between the mean of cluster and tag embedding.

P(ki | tj) = ||vector(tj)-mean(ki)||-1

vector(ti) = 1/n ∑ vector(wj)  such that tag(wj) =  ti

Points to note while implementing

  • While doing Viterbi, during every iteration, you will have to multiply three probabilities – emission, transition, and probability from the previous word. Since these are very small values, multiplying them over and over makes them even smaller. So, instead of multiplying them, we have to add their log probabilities which yield the same result:

    log ( P(wi | kj) * P(ki | ki-1) * dp(ki-1) ) = log P(wi | kj) + log P(ki | ki-1) + log dp(ki-1)

  • For every probability, we have to apply softmax before using as measures like inverse of euclidean distance are very arbitrary and does not obey rules or probability.

  • Failing to do any of the above will result in putting all tags same or a repetition of a sequence of tags.

by Raghuram Vadapalli at November 29, 2016 11:25 AM

November 28, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week13


Last week saw the release of phpMyAdmin 4.6.5 (and which included two minor fixes in 4.6.5) and security releases and

The 4.6.5 release had two minor but irritating issues: one with  mysqli_real_escape_string() being passed improper parameters and was reproducible when $cfg['only_db'] or $cfg['hide_db'] are set, other one was about user being forced to input a partition count on new table create page. The fixes have been made and are released as a part of

Majority of last week was spent on refactoring and templating of various PMA_getHtml* functions apart from regular issue assessment.

Handled issues:

Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at November 28, 2016 04:03 AM

November 21, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week12

Last week I continued with regular bug-fixing and issue investigation.

The bug reported some months back about Long Request URI in the AJAX call while browsing the results of Database search was fixed. It was partially because everything was being embedded in the href attribute of the link which was changed to use the HTML5’s data-* attributes and the Request method was changed to POST (originally GET).

Some issues (#12360, #12361) with self-injections in some scripts was also fixed and a bug reported in the SQL parser repository (#62) some months back turned out to be already fixed covered with a lot of fixes that have been made over the last three months. Though there is an issue left with

Meanwhile, while working on some issue-related files in the codebase, I tried to clean up some old commented debugging calls as well.

Next week should be ideally focused on fixing some security issues and the regular bug-fixing.

Handled issues:

Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at November 21, 2016 03:06 AM

November 14, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week11

Last week, I started by looking at some security issues and made fixes for them. The rest of the week was focused on regular bug-fixing and issue assessment.

I worked on the issue to detect wrong ordering of clauses in the queries (#22) while being parsed by the SQL parser. There were some fixes in the main repository, too. The visual query builder used to generate a wrong query in case a foreign key with more than one columns was present between the tables (#12652) and was fixed by #12689.

There was fix (#12685) for an old issue (#12257) with the Table search page being very slow, as we were issuing an extra COUNT(*) queries (for helping us decide which UI to show) which might be very slow if tables have a large number of rows. It was fixed by implementing a work around for the COUNT(*) queries to get the necessary information.

I finally got all the tests and assertions to pass with the replacement of Util::sqlAddSlashes with escapeString function of the Database Interface (which in turn calls  the inbuilt mysqli_real_escape_string ) in PR #12564, which also fixed the issue related to corrupted export of SQL (#12453). Some other minor fixes were also made and are listed in the list below.

Next week should be ideally focused on fixing some security issues, bug-fixing and some refactoring if time permits.

Handled issues:
* #12695 wrong data shown
* #12691 unnecessary ksort call in PMA_getPlugins function
* #12439 Fix html header for user properties editor
* #12542 Missing table name in account privileges editor
* #12453 exported SQL is corrupted
* #12257 search page very slow
* #12652 Visual query builder fails with foreign keys referencing more than one column
* #12687 decimal(12,2) error – rounds to decimal (12)
* #12681 Symbol $ in table names passed incorrect from “designer” to “table structure editor”
* #12651 Enter key on grid editor date field
* #12674 Unable to rename tables that start with a period
* #12684 ENUM (‘Y’,’N’)
* #22 switched WHERE and LIMIT not detected

Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at November 14, 2016 05:00 AM

November 07, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week10


Last week was slightly calmer on the work side, since I fell ill once I got back to campus. But during the later part of the week, I worked on getting the tests to work in the old PR that was originally made to replace the custom escape functions by the escape functions like mysqli_real_escape_string provided by the PHP-MySQL connectors. This is being tracked at PR #12564 and once merged, it would also fix the issue #12453.

Meanwhile I have made some PRs (#12678, #12683) which once merged would go on to fix #12674 (which is about preventing incorrect identifiers as table names and database names) and #12681 (which is about incorrect link to table structure if table name contains $ symbol).

This week I also took out some time to refactor a small Language selection display and converted it into a template. Also, quite a lot of commits are being made in the PR #12564 itself, since a lot of tests have to be fixed. Along with this, some time was spent on

Next week I would continue to look at the bug-fixing and might also look at some security issues if the time permits.

Handled issues:
* #12680 No bind for enum values while edit table structure
* #12679 Value fields contain .php files instead of the raw value
* #12670 not bug but idea: upgrade from within phpMyAdmin
* #12671 Your Stable 4.6.4 version of phpmyadmin got a bug with enum table creation

Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at November 07, 2016 06:36 AM

October 31, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week9

Last week was focused on bug-fixing in main repository and refactoring and adding some tests to the SQL parser. The parser library has now has reached unit test coverage of 99.75% as reported by the tool. The rest of week in which I had thought I would find less time, in fact turned out to be quite normal and I made and pushed fixes for some newer issues as well
as some issues which had been opened since a few months. I also reviewed a pull request adding a grey color for NULL cells in the result set to make it more recognizable.

Some issues in the SQL parser, for example, an issue with incorrect parsing of various types of JOINs and improper lexing of begin labels in the stored procedure statements were also fixed during the week’s bug-fixing.

Next week, I might take a look at the security issues along with the regular bug-fixing and taking up some refactoring work if the time permits. Since, I would be travelling back to campus on Monday and Tuesday, my activity might be slightly less over these two days, but I hope I would be able to make up for it during the remaining part of the week.

Handled issues:
* #12665 Cannot add a foreign key – fields not listed
* #12195 Row_format = fixed not visible
* #12228 SQL parser indicates error for Event definitions using BEGIN..END
* #12344 inapt error symbol when labeling a loop in a routine
* #12661 Error inserting into pma__history after timeout
* #12610 Export of tables with Timestamp/Datetime/Time columns defined with ON UPDATE clause with precision fails
* #12622 Javascript error from Designer
* #12664 Create Bookmark broken
* #12637 Use of a Timestamp column with a value greater than 23:00:00 is not allowed by PMA 4.6.4
* #12543 NULL results in dataset are colored grey
* #12662 Null results in dataset now colored grey (#12543)
* #12454 Query history not updated in console until page refresh
* #12365 Error on displaying total number of records when executing a select query on a table which contains large number of records
* #12656 Server selection not working
* #64 Error #57 fixed.
* #57 inapt error symbol when labeling a loop in a routine
* #93 “Natural” not recognized

Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at October 31, 2016 04:51 AM

October 24, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week8

In the last week, I could contribute slightly less as I spent some time working on the python library pcap_to_ditg (related to my research project at the university and unrelated to PMA as such). Friday and Saturday also saw slightly less activity as I was travelling home for the Diwali festivities upcoming in the next week.

While using the debugging feature of phpMyAdmin in reproducing some other issue, I managed to discover some issues with the debugging feature of phpMyAdmin as it was throwing a JS error while trying to look at the traces and arguments of the functions which were called without any arguments. I reported it and fixed the issue at #12639.

Since version 10.1.2, MariaDB has introduced password validation plugins (for ex. simple_password_check) for validating if the password provided while creating a new user satisfies the  minimum requirements or not. phpMyAdmin tried to create the new user using CREATE USER … IDENTIFIED VIA .. USING … where we used the hashed password which the validating plugins reject as they cannot check for the complexity from the hash. So, we now check if any of these plugins are active in MariaDB and provide a cleartext password in such cases.

I worked on a few JS issues which we have received regarding our TIME, TIMESTAMP, DATETIME, DATE fields’ input in phpMyAdmin’s Table Insert page and the Grid edit feature on Browse page, but the work on these is still on-going and they should be fixed in coming week(s).

Next week might have a similar focus on bug-fixing, some issue assessment of remaining unattended issues and some refactoring. I might find slightly less time next week due to festivities, but having spent slightly more than scheduled time in the first two weeks of this month, it should not be much of a problem overall.

Handled issues:
* #12650 Error when rename table with whitespace at start or end
* #12649 Bug in changing the datatype via change action
* #12533 Incorrect selected record statement counts for complex queris using group by and derived tables
* #12472 Setup issues
* #12366 Cannot create a new user (MariaDB)
* #12639 ‘Show trace’ in Console generates JS error for functions in query’s trace called without any arguments

Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at October 24, 2016 03:53 AM

October 21, 2016

Deven Bansod

pcap_to_ditg Python library released

Yesterday, I packaged and released my first python library pcap_to_ditg‘s version 0.1.1.

The library can be used to convert the Packet capture files generated from Wireshark, TCPDump etc. into DITG script files. This would make it possible to read a trace file generated from any port of any topology and replay the traffic exactly onto your custom topology. I hope this would go on and help the network researchers while testing their prototypes in real traffic scenarios.

Since last semester, I had been working with Dr. K. Haribabu, who is an Assistant professor at BITS Pilani currently working on the research areas like Software Defined Networking (SDN), Hybrid and cost-effective SDN deployment, P2P networks etc. I co-authored a paper with him which was presented in July, 2016 at the International Network Conference 2016, Frankfurt, Germany. For the performance evaluation, we were in need of replicating real Network traffic and check how our prototype delivers and scales.

I researched and tried out various traffic generators mentioned in this list, but no one was fulfilling our requirements exactly. Moreover, even after one gets the real network traces (for ex, we used one here), since there is no prior knowledge of the topology of the network of the trace, it’s not very simple to replicate it as it is. So, I manually mapped the hosts and IPs in the traces to the hosts in our test topology and we decided that we would use the DITG script files to replay the traffic. Once the mapping is complete, the library would generate the script files for all our hosts, which can then be run as it is.

The library installation and usage details are available in README on Package Index page or on my Github (where mostly its future development should go on).

Share it with your friends if you know someone who might need to use it. Contributions in Pull Requests, Feature Requests, Bug reports etc. are always welcome (through Github tracker).

Filed under: Development, Re-Start Tagged: Hybrid SDN, Networks Lab, pcap_to_idt, Python Library, SDN

by Deven Bansod at October 21, 2016 09:50 AM

October 17, 2016

Deven Bansod

Weekly phpMyAdmin contributions 2016 – Week7

The last week was again mostly focused on bug-fixing along with working on some fixes for the recently raised security issues (and so are not included in the issues listed below).

Similar to last week, I also continued looking at previously unattended and unlabeled issues on the tracker. Some fixes for #12366 (which is about using password in CREATE USER statement while the *_password_check plugins in MariaDB are active) and #12472 (which is related to wrong DSN shown in phpMyAdmin setup page with config method) are currently made as PRs to get a review before merging them.

The issue #12610 would also be fixed once the new SQL parser is released and is updated to the recent version in the main repository. I have also made the fix for #12533 but I am waiting for a feedback from the original reporter to see if it has fixed the problem as expected.

Next week might focus on bug-fixing, some issue assessment of remaining unattended issues and some refactoring.

Handled issues:
* #12638 Enum values evaluated to zero in 4.6.4
* #12338 Designer reverts to first saved ER after EACH relation create or delete
* #12634 Drop DB error in import if DB doesn’t exist
* #12633 Add ENUM column fails
* #12625 Broken Edit links in query results of JOIN query
* #12630 Generating incorrect query for table creation
* #12350 Visiting url_params is string & not array
* #92 ON UPDATE option in a field definition of TIMESTAMP type with precision is not parsed appropriately

Filed under: Contract Weekly Report, phpMyAdmin Tagged: Contract Developer, phpMyAdmin, Weekly Report

by Deven Bansod at October 17, 2016 04:26 AM

April 08, 2016

Madhura Jayaratne

phpMyAdmin work during twenty fifth, twenty sixth and twenty eighth weeks

This is my final blog post reporting about the work I have carried out under the phpMyAdmn developer contract. However, I will continue to contribute to phpMyAdmin in a voluntary basis.

During the period, my focus was solely on bus fixes. This was mostly due to the continuous stream of bugs we were receiving and most of the bugs were related to the newly released 4.6 version. 

Following are the bugs fixes during the period.

issue #12092 Rename exported databases/tables doesn't seem to work
issue #12099 Undefined index: controllink
issue #12094 PHP Fatal error: Call to undefined function __()
issue #12116 Fulltext indexes are not copied when using copy database function
issue #12125 Cannot highlight a column if I scroll down from the top of the table
issue #12132 Can not open table with JSON field
issue #12143 Cannot login with certain password

Additionally, I attended to the following bugs.

issue #12088 Improper comment creation and escaping with Percona 5.7 (` instead of ', extra "AS")
issue #12091 Import file does not working when data have \' (4.6.0rc2)
issue #12101 Change or remove "Slave replication" "Reset slave"
issue #12104 Copy Database no longer working
issue #12115 Relations vs Orphans
issue #12139 Import Export error
issue #12130 Error for Browser when got error 500
issue #12149 Class 'PMA_Util' not found

Moreover, I attended to following pull requests as well.

issue #12113 Add new server variables
issue #12136 Fix offering JSON datatype in incompatible MySQL versions

by Madhura ( at April 08, 2016 03:27 AM

March 13, 2016

Madhura Jayaratne

phpMyAdmin work during twenty third and twenty fourth weeks

I  engaged in a mix of bug fixes and improvements (including refactoring) during the fortnight. The bugs fixed and attended are as follows.

Bugs fixed
issue #12073 Hide edit and delete buttons when the results are not related to a table
issue #12085 Like search strings being escaped incorrectly

Bugs attended
issue #12071 Syntax error in PMA, not at command line client
issue #12074 Invalid export
issue #12087 Add support for JSON data type (in MySQL 5.7)

I went on to refactor the code that handled bookmarks. I used object orientation and updated the existing unit tests to suit the refactored code. Moreover, I updated the metro theme to be compatible with the upcoming 4.6.0 version, so phpMyAdmin has, at least, one additional theme compatible with the new version.

Clean up dead code
Refactor bookmark handling code

Other improvements
Update metro theme to be compatible with 4.6.0

by Madhura ( at March 13, 2016 02:21 AM

March 01, 2016

Madhura Jayaratne

phpMyAdmin work during twenty first and twenty second weeks

The work carried out during the two weeks was very diverse. I attended bug fixes (primarily), feature requests, documentation and questions, security issues, pull requests and code improvements in general.

The bugs fixed and attended during the period are,
Bugs fixed
issue #11964 Undefined index: TABLE_COMMENT in database structure page
issue #11969 Missing confirmation while dropping a view in view_operations.php
issue #11977 Table name is not recognized by parser in DROP INDEX statement
issue #11979 DECLARE not accepted as valid SQL
issue #12017 Cannot easily select multiple tables when exporting
Fix SQL syntax highlighting in database search page

Bugs attended
issue #11965 Deprecation Notice: StringReader has a deprecated constructor
issue #11982 Row count wrong when grouping joined tables

Additionally, following feature request was implemented and code improvements were performed.

Feature requests
issue #12017 Cannot easily select multiple tables when exporting

Use back quotes around table names in confirmation messages
Fix coding style violations

Meanwhile, I also attended to pull requests submitted mainly bu GSoC aspirants.

Pull requests attended
issue #32 Fix Row count wrong when grouping joined tables, phpmyadmin/phpmyadmin#11982
issue #12036 Fix for wrong mysql_upgrade message on Users tab with Percona Server 5.7

Documentation and Questions
issue #11970 Can you add an option to remove UUID for primary keys?
issue #11972 Missing documentation for $cfg['Servers'][$i]['favorite'] and $cfg['NumFavoriteTables']

Towards the end of the month, we received two detailed reports on vulnerabilities in phpMyAdmin and I contributed by coordinating, and fixing the vulnerabilities.

Security issues
issue #12 1.3 XSS in tbl_type parameter [PMASA-2016-12]
issue #13 1.4 XSS in normalization.php [PMASA-2016-12]
issue #14 1.5 XSS in normalization.js [PMASA-2016-12]
issue #15 1.6 XSS in normalization.js [PMASA-2016-12]
issue #25 XSS in normalization.js [PMASA-2016-12]
issue #26 XSS in User accounts page [PMASA-2016-11]
issue #27 XSS in Central columns page [PMASA-2016-12]
issue #28 XSS in Zoom search [PMASA-2016-11]

by Madhura ( at March 01, 2016 04:10 AM

February 14, 2016

Madhura Jayaratne

phpMyAdmin work during nineteenth and twentieth weeks

During the nineteenth and twentieth weeks, I was away from work between 2nd Feb to 10th Feb. However, during the rest of the days, I engaged in both code refactoring and bus fixes. Early on the fortnight, I refactored the server binary logs page to use the MVC architecture. This included introducing a controller class, using templating and updating unit tests.

Code refactoring
Refactor server binary logs page to use MVC architecture

In terms of bugs, following bugs were fixed and more bugs were attended.

Bugs fixed 
issue #11909 Can't insert row into table that contains generated column
issue #11911 Inserts via tbl_change.php in VARBINARY columns does not allow using HEX() and MD5()
issue #11923 Errors on Structure tab when user only has select access on certain columns
issue #11942 Change column action takes ages

Bugs attended
issue #11922 Browse fails with users who have only column privileges for some columns
issue #11434 Class 'SqlParser\Lexer' not found (OS X)

by Madhura ( at February 14, 2016 11:03 PM

February 01, 2016

Madhura Jayaratne

phpMyAdmin work on sixteenth week

I was continuing on my year-end break on fifteenth week and did not work during the week, except for 2 hours on 4th January. So this report includes work carried out during the sixteenth week.

During the week, I concentrated solely on bug fixes since there were a sizable number of bugs being reported. Most of the bugs fixed were regressions. For example, #11771 and #11846 were only present in latest git version and was due to refactoring and JS library updates respectively.

The complete list of bugs fixed and investigated are as follows,

Bugs Fixed
issue #11771 Transformation column path problem
issue #11772 Table pagination does nothing when session expired
issue #11810 'Add to central columns' in tbl_structure.php (per column button) nothing happens
issue #11814 SQL comment and variable stripped from bookmark on save
issue #11840 Index comments not working properly
issue #11846 Grid editing window is disabled the second time
issue #11854 Undefined property: stdClass::$releases at version check when disabled in config

Bugs Investigated
issue #11712 "Browse Foreign Values" Search broken across databases in 4.5.2
issue #11713 Not receiving notifications for updates
issue #11842 Fractional timestamp not supported
issue #11843 Fractional timestamp causes corrupted SQL export

by Madhura ( at February 01, 2016 09:04 PM

phpMyAdmin work during seventeenth and eighteenth weeks

My work during these two weeks concentrated pretty much on the security vulnerabilities that were reported. We received two lengthy reports on a number of security vulnerabilities which included cross-site scripting, full path disclosure, weaknesses in token generation and comparison etc. Altogether these vulnerabilities resulted in 9 PMASAs taking into the different combinations of phpMyAdmin versions they affected.

I contributed by fixing some vulnerabilities, testing security patches, porting some fixes done by others developers to older branches, preparing PMASAs and coordinating with the reporter, CVE team and phpMyAdmin security team.

The latter part of the fortnight was spent on fixing two regressions introduced by the security releases. 
issue #11891 Error with PMA with PHP 5.2
issue #11892 Error with PMA

Moreover, following bug was fixing during the two weeks.
issue #11881 Full processlist lost on refresh

by Madhura ( at February 01, 2016 09:04 PM

January 02, 2016

Madhura Jayaratne

phpMyAdmin work during twelfth, thirteenth and forteenth weeks

With my personal engagements and summer break, I worked only for 13 hours during the three weeks. During the period, I was mostly engaged with refactoring work and improving the unit testing. 

Continuing from the last couple of weeks, I refactored the server plugins page to use the MVC architecture. Code segments that were previously in a library file were moved to a controller class and instance variables were introduced as required. The view was changed to use templating and unit tests were updated to match the new classes.

I also went on to improve the unit testing by introducing a parent class to all the unit tests. With the new class, configuration values are reset to their default values for each test class. The idea was to make unit tests independent from changes made to configuration values in other unit tests. Meanwhile, unnecessary configuration values assignments in tests were removed.

Additionally, following bugs were investigated during the period.

Bugs Investigated
issue #11743 Display routine-specific privileges under Database > Privileges
issue #11751 Bug when export template is selected

by Madhura ( at January 02, 2016 12:22 PM

December 12, 2015

Madhura Jayaratne

phpMyAdmin work during tenth and eleventh weeks

During the two weeks most I attended a mix of bug fixing, implementing new features, refactoring and unit test improvements.

I did not realize that some of the unit tests were not running as part of the test suite unit Michal pointed out and included them. However, this caused quite some test failures as most of the recently added and updated tests had not been running. These were fixed at the very beginning of the period.

Unit Testing
Fix unit test failures related to refactoring

Quite a number of bugs were fixed during the two weeks and some more were investigated. Following are the list of bug fixes attended.

Bug Fixes
issue #11701 Show create procedure SQL
issue #11706 Database export template not saving compression option
issue #11710 Unable to add/remove `on update CURRENT_TIMESTAMP` option while editing a timestamp field
issue #11724 Temporary fix for live data edit of big sets is not working
issue #11728 CSV import skip row count after
issue #11732 Exporting feature does not work with union table
Exclude db name in SQL when relations are made between table in the same db
Buffer pool and InnoDB status details are not shown for InnoDB

Bug Investigations
issue #11722 Excel import improper handling of dates/times
issue #11732 "Browse Foreign Values" Search broken across databases in 4.5.2
issue #11734 No result shown, if writing statement, comment, single select

Inbility to reorder parameters of routines had bothered me in the past. So, as requested in issue #11701, I implemented the ability to do this.

Feature Enhancements
issue #11701 Allow changing parameter order of routines

Moreover, continueing the refactoring effert from last fortnight I went on to refactor server engines page. This involed introducing a controller class and using templating to adhere to MVC pattern. Unit tests were also updated to match the new classes.

Refactor server engines page to use MVC pattern 

by Madhura ( at December 12, 2015 10:51 PM

November 29, 2015

Madhura Jayaratne

phpMyAdmin work during eighth and ninth weeks

Last two weeks were dedicated completely to code refactoring where I converted a couple of server level page to MVC architecture. This is a continuation of what started during the last GSoC where we started to take up MVC architecture.

I started with server_variables.php page and created a new controller named ServerVariablesController to handle all interactions from the page. Refactoring included moving the HTML generation to 'View' (using templating) and organizing previous functions into methods and introducing instance variables where appropriate. 

Server databases page was also refactored in a similar manner. Additionally, the functionalities of display_create_database.lib.php, db_create.php and build_html_for_db.lib.php were integrated into the new controller. Moreover, some functionalities that supported both ajax and non-ajax behavior (that used to facilitate scenarios with JavaScript disabled) was simplified. Towards the end of the period, server charsets page was refactored in a similar manner.

Code refactoring
Refactor server variables page to use MVC architecture
Refactor server databases page to use MVC architecture
Simplify database dropping
Merge the functionalities of display_create_database.lib.php, db_create.php and build_html_for_db.lib.php into ServerDatabasesController
Refactor server charsets page to use MVC architecture
Organize controllers into a better package hierarchy

I also engaged in fixing coding style violations, both introduced by refactoring as well as the ones that already existed. Further, I updated the test suite to account for newly introduced controller classes and now removed functions.

Coding style improvements
Fix coding style violations

Unit testing
Update unit tests for new controller classes

by Madhura ( at November 29, 2015 08:05 PM

November 23, 2015

Madhura Jayaratne

phpMyAdmin work during sixth and seventh weeks

During the two week I attended to a combination of bugs, features/improvements, code refactoring as well as code quality improvements. However, most of the time was spent on bugs as there were number of bugs being reported. Following are the bugs fixed and investigated during the two weeks.

Bugs fixed
issue #11476 Errors instead of git info when PHP has no gzip support
issue #11630 Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given
issue #11632 Exporting GIS visualization ignores start and row count
issue #11639 Bug with the MainBackground Color
issue #11647 Restrict configuration NavigationTreeDbSeparator to strings
Indicate when there are no parameters for parameter binding in SQL query box
Profiling checkbox is missing

Bugs investigated
issue #11637 "AS" from the main table of the query is being deleted when you are exporting a query
issue #11651 Issue while creating tables
issue #11659 Totally turn off autocomplete and sql syntax check

Among the new features implemented, issue #11641, which requested to disable one of the relational features, was discussed during the team meeting and it was suggested to use a special value for the same configuration directive to disable the feature. This was implemented targeting future 4.6 release. Additionally, as part of minimizing the upload footprint, GIS features were adjusted to function without bulky OpenLayers library. Moreover, profiling chart now uses the generic charting mechanism which facilitate moving to a new charting library with less hassle.

New features/Improvements
issue #11641 Ability to disable the navigationhiding Feature
issue #11654 Use a slider for Internal relations
Make OpenLayers library optional for GIS visualization
Link license.php
Use generic charting mechanism for profiling chart as well

Additionally, following refactoring and code quality improvement work was carried out during the period.

Code Refactoring
Refactoring GIS visualization page
Move controllers to appropriate packages

Code quality
Fix style violations in JS code

by Madhura ( at November 23, 2015 12:35 AM

November 08, 2015

Madhura Jayaratne

phpMyAdmin work during first and second weeks

I started my second year as a contract developer for phpMyAdmin project on 1st of October 2015. However, this year I have limited my hours, working only on part time basis. I hope to work for 20 hours a week. Since there were only two days on the first week I am combining the work done on the first week with that of the second. 

The first two weeks was totally focused on bug fixes since there was a constant steam of bugs from the newly released 4.5 version. Most of the bugs were related to the rewritten parser and I got good insight on the new parser while trying to fix some of these bugs. Following are the bugs fixed.

Bug fixes
issue #11521 Notice of undefined variable when performing SHOW CREATE
issue #11522 Strange behavior on table rename
issue #11526 Foreign key to other database's tables fails
issue #11539 Rename table does not result in refresh in left panel
issue #11544 Notices about undefined indexes on structure pages of information_schema tables
issue #11546 "Visualize GIS data" seems to be broken
issue #11548 Confirm box on "Reset slave" option
Fix notices while changing from HASH type to RANGE type
UI does not support inserting multiple values for JSON functions
Tracking does not make sense for information_schema
Fix cookies clearing on version change

Moreover, following bugs were investigated during the period.

Bugs investigated
issue #11515 Multi source replication is not recognized
issue #11538 Copy multiple tables to database
issue #11536 Format of exports looses SQL on 2nd export
issue #11547 "distinct" removed from query while query result export to excel

I plan to spend more time on refactoring in the coming weeks.

Leave days - 7th Oct

by Madhura ( at November 08, 2015 07:36 AM

November 01, 2015

Madhura Jayaratne

phpMyAdmin work during third, fourth and fifth weeks

I did not engage in phpMyAdmin development work during the fourth week while I was less active during the third week due to personal engagements. So, here is a combined blog post for third, fourth and fifth weeks.

During the period I worked on fixing the bugs reported by users as well as those reported by the automated error reporting mechanism. I cleaned up automatically reported errors by exporting them to GitHub tracker, linking them where necessary and by fixing them. Following are the bugs fixed and investigated during the period. 

Bugs Fixed
#11551 Fatal error when switched to master from QA_4_5
#11594 'only_db' config option bug when db names contain underscore and are grouped
#11603 Namespace clash for class Error
#11606 PMA_Util not found when changing password
#11607 Unable to change password from Login information tab
#11610 Undefined variable: res_rel
#11611 Warning while exporting schema to PDF
#11612 Undefined index: new_row_format
#11614 Undefined variable: db
#11617 Getting real row count is not allowed for views
#11622 Reloading privileges is not allowed

Bugs Investigated
#11556 Cannot create table, please enter a valid length keeps coming up
#11568 Erroneous handling of tables with FKs to other databases
#11577 Table aliases ignored when using intellisense
#11583 Cross DB foreign key constraints results in undefined offsets

A security issues was reported during the period and I contributed by coordinating and generating security announcements.

Security Issues
Content spoofing Issue in phpMyAdmin

Additionally, I engaged in some code refactoring and code quality improvements. Refactoring was on `DatabaseStructureController` as highlighted by Marc due to long method lengths. Moreover, unit tests related to PHP classes were renamed to be consistent with the corresponding names of the classes they are testing.

Refactoring and code quality improvements
Refactor DatabaseStructureController
Fix issues reported by PHPCS
Fix issues reported by JSLint

Unit testing
Rename and organize test classes

Feature enhancements
Add supported file format for Archive storage engine

by Madhura ( at November 01, 2015 10:00 AM

September 27, 2015

Madhura Jayaratne

phpMyAdmin work during fiftieth and fifty first weeks

During these two weeks I worked relatively lesser number of hours and had to take a couple of days off. So, I am combining the work done during the two weeks to a single blog post.

During the two weeks I concentrated mostly on feature enhancements. Two major features were implemented during the period. First of them is the ability to specify the routine level privileges and I noticed that this feature is missing when I went though the MySQL GRANT syntax. Even though this sounded easier when I started working on it, it took two full days to complete the feature. This was mostly due to the code quality of the related code segments. So, I'd put server_privileges.php file as one of the key places where refactoring can help.

The second major feature is the UI to define partition definitions. Existing create table UI has only a text area to define the partition definition. Someone who is not familiar with partition syntax would not be able to do this with the old UI. The new UI allows specifying partitioning parameters and parameters for each partitions. Additionally, I worked on making the metro theme compatible with the 4.5 version. I had accumulated commits for this for sometime. During the two week I did the final touches and the pull request was merged.

Feature enhancements
Issue #11479 Allow setting routine wise privileges
Issue #11490 UI for defining partitioning in create table window
Pull #6 Metro theme for future version 4.5
Add server plugins page
Minor UI improvements to the User accounts page

Additionally, following bugs were fixed during the two weeks.

Bugs fixed
Issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
Issue #11475 Warnings linked to Drizzle
Issue #11487 Warning when entering Query
Issue #11491 Propose table structure broken
Do not suggest upgrading when there is no compatible versions

Leave days : 17th, 23rd

by Madhura ( at September 27, 2015 09:53 PM

September 14, 2015

Madhura Jayaratne

phpMyAdmin work during forty eighth and forty ninth weeks

I am combining two weeks of work into this blog post. I took 3 days off work (on 1st, 7th and 11th of September) and this is mostly why I am combining work of two weeks.

Following are the bugs fixed and investigated during the period.

Bugs fixed
Issue #11445 MySQL 5.7 and Status page for an unprivileged user
Issue #11446 MySQL 5.7 and Variables page for an unprivileged user
Issue #11450 Validation fails when using functions
Issue #11451 Designer-Bug in move.js on multiple server configuration
Issue #11454 Find and replace is broken
Issue #11457 414 Request-URI Too Large
Issue #11461 Foreign key constraints for InnoDB tables with upper-case letters disabled

Bugs investigated
Issue #11453 Paste command is gone in 4.4
Issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
Issue #11470 Impossible to cancel "Drop files here" overlay

Issue #11445 and #11446 was due to permission changes introduced in MySQL 5.7 which prevented unprivileged users from issuing SHOW commands. Issue #11454 was a regression in upcoming 4.5 version this was fixed for the release candidate. Issue #11461 was tricky to fix, however only affected the apple users.

With regard to feature enhancements, the major change was the removal of Drizzle support. Development of Drizzle has been abandoned for years and hence support for Drizzle will be removed from version 4.6.  Most of the development work of issue #6297 was carried out during earlier weeks. However, it was during this period the pull request got merged.

Feature enhancements
Issue #6297 Use GET only for read only operations
Issue #11456 Disabled storage engines
Remove Drizzle support from master branch
Mark default storage engine

A security vulnerability was reported after some time during the two weeks. The vulnerability was in code related to reCaptcha test which is an additional opt-in security feature provided in phpMyAdmin.

Security fixes
Fix reCaptcha bypass

by Madhura ( at September 14, 2015 12:43 PM

August 29, 2015

Madhura Jayaratne

phpMyAdmin work during forty fourth and forty fifth weeks

I took leave on first three days off on forty fourth week to visit Anuradhpura and here I am combining the work done on the rest of the two days with the work done on the forty fifth week in to a single blog post.

During the two weeks I continued to QA the development version to identify any bugs arising from the ongoing developments. So, most of the bugs were fixed in the master branch. Additionally I fixed two incompatibilities with PHP7 in the stable version of phpMyAdmin. Both these incompatibilities were in third party libraries we use and these libraries were upgraded and tested.

Bugs fixed
#11345 Token mismatch error
#11349 Table list doesn't expand when current table on different page
#11364 JS error when trying to navigate to db structure page after db creation failed
#11382 Selecting values for set field throws JS error
#11389 ReCaptcha produce deprecated messages under PHP 7
#11387 phpseclib < 2.0 produces deprecated messages on PHP 7
Fix - Counting real number of rows always return zero
Fix - Index list not updated upon dropping a column

Bugs investigated
#11384 Query formatting adds space between ! and =

The highlight in terms of feature enhancements is the improved partition support. Now you can view all the details related to table partitions and sub partitions in the table structure page. Moreover, all the partition operations can be performed from there. 

Additionally, I improved the cache invalidation on version upgrade. With the new page loading introduced in version 4.0, phpMyAdmin cached the JS files and fired the relevant event on loading a page. Now these cached files are invalidate upon version upgrade.

Feature enhancements
Improved partition support
Clear internal cache at script handler upon version upgrade
Minor UI improvements to the db operations page
Do not attach index table unnecessarily
Refactor db_designer.php

Code quality improvements
Create separate controllers from table and database structure pages
Organize templates into a meaningful structure
Fix coding style issues reported by PHPCS

by Madhura ( at August 29, 2015 11:14 PM

phpMyAdmin work during forty sixth and forty seventh weeks

During this period I moved from Colombo to Melbourne, Australia. So, I had to take couple of days off on both weeks for preparation work as well as settling down in Australia. Hence, I am combining the work done during these two weeks to a single blog post.

The bugs fixed during the time includes bugs from both stable version and the upcoming 4.5 version. 

Bugs fixed
#11404 "Switch to copied table" doesn't work
#11408 Export breaks when field name is 0
#11410 SPATIAL index option is not clickable
#11414 Unclear export options / organization / hierarchy
#11421 Stored-proc / routine - broken parameter parsing
#11436 CREATE DATABASE should be enabled by default on server exports
Remove unnecessary title after slider initialization
Fix missing template in table search page
Fix function based search for geometry columns in table search page
Fix GIS editor in table insert/edit page
Fix x coordinates of points which was the repetition of y coordinates
Respect the Auto increment checkbox in SQL export
Fix missing name for configuration read_as_multibytes
Fix - Do not export `sys` database when exporting server
Add missing 'sql_create_database' configuration to setup and user preferences

Additionally, following bugs were investigated.

Bugs investigated
#11433 '%' does not work as it is with sprintf
#11434 Class 'SqlParser\Lexer' not found

With regards to the feature enhancements, there were no major features implemented during the period. However, a number of smaller enhancements were carried out. I also went on to do some language improvements where a number of sentences that used title case were converted to sentence case to be compliant with phpMyAdmin language guide. Moreover, I started working on supporting JSON data type introduced in MySQL 5.7.8. However, this had to be postponed due to bugs in PHP with respect to JSON data type.

Feature enhancements
Improvements to partition details on table structure page
Spatial indexes with multiple columns are not allowed
Organize SQL export options
Make the SQL exports compatible for side by side comparison with old exports
Allow editing unless it's a static variable. Allow editing new dynamic variables added in MariaDB and newer versions of MySQL
Minor UI improvements in zoom search page
Language improvements - Use sentence case as per phpMyAdmin language guide

Feature requests investigated
#11438 Support JSON data type

by Madhura ( at August 29, 2015 11:14 PM

August 23, 2015

Dan Ungureanu

Last week

This was the last week of the Google Summer of Code program. The organizers of the program advised us to do documentation and wrap-up the project. I went over my proposal to check that all objectives were met and I have also been looking through and my code and tried spotting any errors. Most of the errors fixed were reported by Scrutinizer.

Another task I took care of was to submit my final evaluation and prepare the code samples I have to submit next week.

I would like to thank to the phpMyAdmin team and my mentor, Marc Delisle, for giving me the opportunity to participate in Google Summer of Code and spending their time with me. I believe this is one of the best work experiences I ever had and I am proud of the library I wrote, the way it turned out and how I integrated it in phpMyAdmin.

I hope that time will permit me to continue contributing to phpMyAdmin.

To see my work over the summer, you can check out my library repository or the pull requests I submitted.

August 23, 2015 12:00 AM

August 16, 2015

Dan Ungureanu

Week 12

This week, most of my work was done on sql-parser. I fixed a couple of bugs, wrote tests for the new features introduced over the last weeks, updated documentation (wiki as well) and moved the tools for tests and contexts generation to the sql-parser repository.

Next week is the last week week of Google Summer of Code and I will focus on fixing bugs and miscellaneous improvements (documentation and refactoring mostly).

To see my progress, you can check out my library repository or some of the pull requests I submitted this week.

August 16, 2015 12:00 AM

August 09, 2015

Dan Ungureanu

Week 11

This week I found and fixed a a couple of bugs and rewrote an important part of the import mechanism of phpMyAdmin.

One of the most challenging tasks of this week was probably implementing the new import mechanism. The fact that it has to process so much data made performance a top priority.

At first, I tried using the standard lexer to delimit statements, but I failed. For huge queries (that are also buffered) parsing the query over and over again to check if a statement finished was too slow. I decided to write a specialized parser (BufferedQuery) that tries to parse only the most important parts of the query (comments, strings and delimiters) in order to be able to split the statements and execute them separately. At this moment is performs well and also fixes bug #11339 which was reopened due to some edge case not being handled correctly.

For the next week, I planned on finishing the query builder and write tests.

To see my progress, you can check out my library repository or some of the pull requests I submitted this week.

August 09, 2015 12:00 AM

August 02, 2015

Dan Ungureanu

Week 10

This week I found and fixed a a couple of bugs, wrote a new formatting component in the parsing library and rewrote a part of the import mechanism to use the library I wrote.

One of the most challenging tasks of this week was probably writing the formatting library. I tried a couple of designs and ended up rewriting this component for about five times. None of them worked as I expected and sometimes they relied on some cheap hacks to get the job done, thing I didn’t like at all. At this moment, the component relies on the tokens provided by the lexer and takes into account a couple of settings to format the code.

The other components of the library got some improvements as well, mostly bug fixes. I really hope that during next week I will get to write some tests and finish the query builder.

To see my progress, you can check out my library repository or some of the pull requests I submitted this week.

August 02, 2015 12:00 AM

August 01, 2015

Madhura Jayaratne

phpMyAdmin work during forty third week

During the week I mostly focused on fixing bugs. I attended to a mix of bugs that were prevalent in current stable version as well as those arose due to ongoing development targeting the next major release. 

Among the older bugs, I went on to investigate a couple of bugs related to replication features. Since I did not have a replication setup I first created such as investigated the bugs that had been reported. Bug #10307 which reported how cross database replication was broken due to the use of fully qualified table names was fixed. Other replication related bugs, which were also quite old, were mostly out of date.

Bugs that were fixed and investigated during the week are

Bugs fixed
#10307 Replication broken when using cross-database master/slave config and phpMyAdmin
#11322 Missing null checkbox when grid editing a null cell
#11324 JS error while opening a new page in Desginer
#11326 Exported schema includes all the tables of the database
#11328 Exporting table generates AUTO_INCREMENT=; for new tables
#11334 Table creation time, last update and last check column are empty
#11336 Exporting a table exports database level events
Fix various broken features due to refactoring in database structure page
Fix retrieve default storage engine correctly

Bugs investigated
#10435 Revoking non-existent Grant Option breaks MySQL 5.6 Replication
#10622 "Loading" doesn't disappear when stopping replication slave
#11325 Exporting database schema to PDF is broken
#11327 Default value for BIT column exported as b

When analyzing the JS errors reported in error reporting server, it was evident that quite a lot of them were due to caching issues on upgrading to a new phpMyAdmin version. This was addressed during the week and hopefully these issues will no longer occur.

Avoid caching JS and CSS files across phpMyAdmin versions
Upgrade TCPDF to version 6.2.9
UI improvements to replication and binary log pages
Improvements to the feature allowing to export databases and tables into separate files

by Madhura ( at August 01, 2015 04:16 AM

July 28, 2015

Madhura Jayaratne

phpMyAdmin work during forty second week

During this week I attended to a mix of bug fixes and feature enhancements.

I installed upcoming MySQL 5.7 and paid attention to areas in phpMyAdmin that needs to be updated to work with 5.7. First of all I noticed that I am unable to create phpMyAdmin configuration storage table since TIMESTAMP columns in them lacked a default value and this is not allowed in MySQL 5.7. Moreover I attended to a couple of UI bugs I happen to notice while I was working. Following are the bugs that were fixed.

Bugs fixed
#1808 "Improve table structure" generates invalid SQL
#1817 Creating configuration storage tables fail in MySQL 5.7
UI fixes in error reporting feature
Fix legend for table SQL page
Fix gutter style for normal and dark console themes

On the feature enhancement front, the major work was to improve the rtl language support. There were quite a number of instances that were broken even in the current stable version. Since Arabic is not shipped currently due to lack of translation, these were fixed in master branch. While some of these were style changes, others involved changing the DOM structure. Additionally, I attended to some UI improvements as well as improvements targeting MySQL 5.7

Feature enhancements
UI improvements in the 'Variables' and 'SQL' pages
Allow linking MySQL 5.7 document links
Terminology improvements in the 'User accounts' and 'Privileges' pages
Document SQL parameter binding feature
Improve support for rtl languages
Update ChangeLog links
Mark MySQL 5.7 'sys' schema as a system schema

Since GSoC work is ongoing, we could observer an increase in coding style violations reported by PHPCS. During the week, I attended to these violations as well.

Code quality improvements
Fix PHP coding style violations reported by PHPCS

P.S. This was a four day week with me taking leave on Thursday.

by Madhura ( at July 28, 2015 06:33 AM

July 26, 2015

Dan Ungureanu

Week 9

During the past week I tried to improve the overall quality of the code base which consisted of writing a couple of tests, fixing over 200 of Scrutinizer’s issues and also fixed some old bugs regarding the parser. The library got some updates as well, including more rules to check for errors in queries, support for transactions and improved support for UNIONs.

I wish I wrote more tests during this week, but for the next one I will try to focus more on that and increase the overall code coverage.

To see my progress, you can check out my library repository, some of the pull requests #11319, #1816, #1811, #1807 or the bugs I fixed #4962, #5437, #6118.

July 26, 2015 12:00 AM

July 22, 2015

Madhura Jayaratne

phpMyAdmin work during the forty first week

During this week I attended to bug fixes, new features as well as general coding improvements. 

The highlight of the week in terms bug fixes was the ability to use error reporting server. It was not usable for a long time and now that the situation has improved to Smitha, I attended to a number of bugs reported there. I noticed that a large number of bugs were due to caching issue while upgrading. This affected relational features on PHP front while a number of JS issues reported were also due to this. I also engaged in reporting issues and sending pull requests to improve the error reporting server. Bugs fixed and attended during the week are

Bugs fixed
#4979 Problem when import *.ods file
#4980 Cannot read property 'status' of null
#4981 Uncaught TypeError: Cannot read property 'attr' of null
#4984 Undefined <feature>work upon upgrade to new version
#4985 Column headers move when scrolling

Bugs investigated
#4983 Theme configurations not defined
#4986 First stack trace item missing in PHP error reports

The highlight in terms of new feature is the support for virtual columns. Support for virtual columns was initially requested for MariaDB. However my earlier attempt to implement the feature was abandoned due to lack of parser support. Virtual columns are featured in upcoming MySQL 5.7 as well and since the column expression can be extracted from information_schema in MySQL I could add support for MySQL virtual columns without parser update. After discussing this on developer mailing list GSoC student who is working on the parser rewrite added support for virtual columns to the new parser and with this I went on to extend the feature for MariaDB as well.

Feature requests implemented
#1517 Support for MariaDB virtual/persistent columns
Support MySQL 5.7.5 virtual columns

Feature requests investigated
#1658 Better Performance

To the latter part of the week I worked on improving coding style which had deteriorated a bit during the last couple of months.

Coding improvements
Centralize querying for SHOW CREATE TABLE statements
Documentation improvements on upgrading
Fix PHP coding style violations reported by PHPCS

Forty first week of my work was a four day week with me taking 16th of July as day off.

by Madhura ( at July 22, 2015 07:40 AM

July 19, 2015

Dan Ungureanu

Week 8

During the past week I worked on the linter and in order to provide better analysis I had to improve the library by creating new rules that check for errors.

At this moment, any code that is written in the SQL query box or in the console goes through the library which analyzes it and provides feedback. I hope that this feature will help many users spot their errors even before executing their queries and improve their work flow. Some of the errors are pretty difficult to detect and the overhead involved isn’t worth it, which means that not all errors are detected by the library. I tried to focus on syntax as much as possible.

During the next week, I will try improve the localization of the library, make error strings translatable and increase the overall code coverage. I am not sure to which extent I will be increase the code coverage, but I hope that I will be able to increase it by at least a few percents.

To see my progress, you can check out my library repository or some of the pull requests (#1788 & #1799) I submit this week.

July 19, 2015 12:00 AM

July 17, 2015

Madhura Jayaratne

phpMyAdmn work during the fortieth week

The fortieth week of work was mostly spent on fixing the bugs in the upcoming 4.5 version. 

While implementing the export templates I noticed that lock_table directive is not repopulated similar to other directive when back button is click and this was fixed. Further, quite a lot of the links to new system variables in phpMyAdmin's Variables page  was missing, and these were also added. Bug #4854 was fixed allowing users to use multiple servers in parallel. Earlier this was not possible and a series of fixes such as introducing IV per server finally led to this fix.

Here is the list of bugs fixed and investigated.

Bugs fixed
#4854 "Error: Token mismatch" when using multiple servers in parallel
#4973 Show a warning when a user account allowing any user from localhost to connect (partial fix)
#4976 Timepicker CSS issues in Original theme
#4978 Cancelled page settings changes do not revert the UI
Correctly set lock_table directive when repopulating on back button click
All columns listed for xaxis are selected in query charts
Saved chart image does not have a proper name or an extension
Add missing links Variables page to MySQL documentation for system variables
Fix height of the selection box of monitor charts
Remove menu options that do not make sense for visual query builder
Remove unused parameter causing notices

Bugs investigated
#4864 Tried to set secure cookie on non-secure connection

Among feature improvements, the most notable one is the use of native tabs in server plugin page in place of the jQuery tabs. Additionally, the process list was updated to show additional columns for MariaDB and as discussed during the last team meeting names of some of the pmadb directives were changed. 

Feature requests implemented
#1685 mariadb processlist
Underscores are preferred to separate words in configuration storage table names/directives
Use phpmyadmin's secondary tabs instead of jQuery tabs in server plugins page
Set indeterminate for export checkboxes when either data or structure is not selected

Feature requests investigated
#1684 Use GET only for read only operations

by Madhura ( at July 17, 2015 02:16 AM

July 12, 2015

Dan Ungureanu

Week 7

During the past week I finished replacing the old parser. The remaining part of the code that required replacing was small, so I had enough time to also test it and so far it works fine.

There were fragments of code that relied on regular expressions for analysis and some of those were replaced during the process, but I believe that some of the remaining regular expressions won’t be replaced, because they perform good and faster than the parser would.

Most of the bugs I were aware of and tested with the new parser seem to be fixed. For the next week I planned on fixing the remaining bugs and implementing new features regarding the parser. I will improve the parsers to provide better, strict error messages so I can built the linter on top of it.

To see my progress, you can check out my library repository or the pull request I submit for phpMyAdmin and was merged today.

July 12, 2015 12:00 AM

July 07, 2015

Madhura Jayaratne

phpMyAdmin work during thirty eighth and thirty ninth weeks

I had to take two days off on the thirty ninth week of work. So, here I am combining it with the previous week to report what I have been up to. Continuing from the last couple of weeks we saw a decline in the number of bugs reported, indicating that the releases are much stable.

Due to the above reason I spent more time on feature requests and general coding improvements. I went on to clean the feature request tracker by investigating the feature requests and implementing them when they made sense. Here are the features implemented during the week.

Feature requests implemented
#689  Column privileges and update
#812  Store export definitions for reuse
#1531 Cant use external config file
#1552 CSV import: Allow "Columns escaped with" to be optional
#1561 Being able to use multiple servers at the same time when using cookie auth
Get default_fk_check_value on demand rather than checking the value in every script
Remove configuration storage data related to a user upon deleting the user
Upgrade CodeMirror to version 5.4.0

Additionally, following feature requests were investigated

Feature requests investigated
#757  Dropdown for special SQL like SUM, AVG and GROUP BY
#1270 Allow specifying mime types and transformations in queries
#1390 Export tables list must be ordered by constraints
#1682 Add quick action features

From the general coding improvements front, following were done.

General code improvements
OOP improvements in navigation panel
Match export parameters with the names of corresponding config values
Fix JavaScript variable scope error reported by Codacy

Even though reported in low numbers, following bugs were fixed and investigated.

Bugs fixed
#4916 Autocomplete either doesn't function at all or auto completes the original table name when joining multiple aliased tables
#4963 Improve/restore non-unique index row editing
#4966 MySQL errors are not shown when DebugSQL is enabled
#4967 Field named '0' is not recognized
#4969 Autoload from prefs_storage not behaving properly
Show build query dialog in full screen view also
Missing selected/entered values when editing active options in visual query builder
Remove character set from create_tables_drizzle.sql

Bugs investigated
#4964 New version using older files
#4968 Combine create / alter table statements
#4972 Bug when processing binary data

by Madhura ( at July 07, 2015 02:40 PM

July 05, 2015

Dan Ungureanu

Week 6

During this week I continued replacing code that was related to the old parsing library. The new library suffered a lot of changes too. Some of the most important are: implemented a builder, improved lots of statements, the library takes into consideration the SQL mode in some operations, lots of fixes, improved the documentation and the code coverage is now over 98%.

One of the most important tasks accomplished this week is that I finished refactoring sql.lib.php, DisplayResults.class.php, Table.class.php and a huge part of the code related to export.

I hope that the next week I will finish refactoring the old code and fix as many bugs as possible.

To see my progress, you can check out my library repository or the pull request I submit for phpMyAdmin.

July 05, 2015 12:00 AM


Planet phpMyAdmin aggregates blogs of following phpMyAdmin contributors.

Last updated

May 25, 2017 01:00 AM
All times are UTC.


[RSS 1.0 Feed] [RSS 2.0 Feed] [Atom Feed] [FOAF Subscriptions] [OPML Subscriptions] [Venus]