Michal Čihař - Blog Archives for phpMyAdmin

Last week contributions were mostly focused on fixing bugs. It's a bit hard to pinpoint something out of these, but most of them were really old, but not easy to trigger.

For example there were some javascript errors which were not easily reproducible, but turned out to be affecting quite a lot of our users. It turned out to be affecting only some variants of TIMESTAMP fields, what none of the reports did mention.

I've also switched all our libraries to use ApiGen 4 for generating docs as ApiGen 5 is way slower and is looking for new maintainer in the same time.

Handled issues:

• #13613 create_release error
• #13848 Error 500 rejected when grouping only in the newest version
• #13861 Error while running tests
• #13867 Try to use more recent phpunit-selenium
• #13856 JavaScript TypeError "Cannot read property 'settings'"
• #13869 Troubling use of filters
• #13865 Wrong max upload filesize in some translations
• #13868 Clean elses
• #142 phpMyAdmin can not connect to MySQL when user "REQUIRE SSL"
• #143 Hard to handle many servers with PMA_VERBOSES/PMA_HOSTS/PMA_PORTS
• #183 Refactoring tests
• #23 on the readme.md Gettext compatability usage add these

Last week was a bit calmer, the most visible part probably being release of the SQL parser with several fixes with improved SQL context handling.

Handled issues:

• #13855 User authentication via PAM not working.
• #13851 Database EXPORT does not double single-quotes in columns containing a single quote
• #13853 Call to undefined method PMA\\libraries\\Util::sqlAddSlashes()
• #13728 PhpMyAdmin\SqlParser\Exceptions\LoaderException: Specified context does not exist.

Looking at list of handled issues, last week was extremely productive. Many of that are issues where I've been working on them for long time and I've managed to complete them last week. For example the user preferences cleanup to store less things in cookies or common.inc.php cleanup.

I've also gone through open pull requests and merged the ones which made sense or were basically good to merge, but needed some cleanups.

There was also some fun with phpseclib 2.0.8 which was mistakenly released from master branch instead of 2.0, what lead to API breakage. Fortunately this was really just a mistake and 2.0.9 reverted these changes.

Handled issues:

• #13846 Broken with phpseclib 2.0.8
• #13706 Remove jQuery and jQuery UI sources from repository
• #13840 Warning in get_scripts
• #13839 Remove get_scripts wrapper to download javascript
• #11688 Proposal: decrease cookies usage.
• #13466 Share user settings for persistent choices made in the UI
• #13847 Move collation connection setting to user preferences
• #13823 fix #13727 Copied table data add "1" after column name which had order by parameter
• #13397 hide side menu in standard
• #13480 $_COOKIE variable has been set to empty when 'pmaCookieVer' empty
• #13816 Can't expand nav bar past a certain width
• #13780 make navigation database name and icon are in the same horizontal line
• #13551 User configuration handling (base code)
• #13751 More descriptive text for ASC/DESC sort order
• #13737 Fix for password change issues on Galera cluster
• #13736 Fix table column name
• #13727 Copied table data add "1" after column name which had order by parameter
• #13813 fix #13727 by removing <small> elements which contains the number of ordered by columns"
• #13842 Export don't show all character sets character set windows-1250 missing in newer phpmyadmins
• #13821 Confirm when closing tab/window with an unsaved query
• #13838 Deprecation of "referral" directive
• #13841 Notice in get_scripts
• #13832 Two-factor: should it fail if configured but dependencies missing?
• #13824 Empty fields in query
• #12930 Export sql return \r\n on text fields
• #13038 column is missing json type
• #13421 Remove blank text nodes from edit/copy/delete table cells in table rows
• #13790 Horizontal scrollbars not present in Chrome ... big problem when table has lots of columns
• #11731 Split up common.inc.php
• #13827 Two-factor: better reporting for missing dependencies
• #12485 Error: The secret passphrase in configuration (blowfish_secret) is too short.
• #13768 how to solve the 1045 error
• #13815 Can't expand database tree node
• #13835 Error: Token mismatch

Last week was mostly spent on improving two factor authentication support. It turned out that Firefox 57 behaves differently than Firefox 56 with U2F extension. Also it behaves differently than Chrome (which was broken as well by the way). Anyway all of these should work fine, but there still seem to be some issues with the two factor auth, but those will be certainly addressed in next weeks.

Handled issues:

• #13829 Two factor: U2F doesn't work in Chrome
• #13832 Two-factor: should it fail if configured but dependencies missing?
• #13826 Errors with two-factor authentication
• #13830 Two factor: U2F doesn't work in Firefox 57 with U2F enabled
• #13825 Two-factor user interface when dependencies are missing
• #13820 Daily snapshots are no longer updating
• #140 Added description of PMA_PORTS

Last week was equally spent on refactoring, bugfixing and infrastructure. We're looking for replacement our oldish server and it seems that rented server or virtual hosts seems to be best fit for us these days. Still there are quite some choices to consider.

I've done quite some development as well - I'm most happy with Util::linkOrButton refactoring which helped to cleanup the code quite a lot, but there were other fixes and improvements as well.

Handled issues:

• #13436 Autodetect SSL-only server and use SSL
• #13817 Simplify handling of long URLs in Util::linkOrButton
• #13649 Refactor Util::linkOrButton
• #13814 Undefined index: page on Engines tab
• #13812 min php version 5.5.9
• #13797 Remove sprites from the themes
• #13803 Can't export query result with Shift-JIS encoding
• #13805 Broken help links in Variables tab
• #13804 Latest version for composer

Last week was pretty calm, with some minor fixes in the SQL parser and several merged pull requests.

Handled issues:

• #13802 Use PSR-1 for PHPUnit TestCase
• #181 Use PSR-1 for PHPUnit TestCase
• #182 creating table in query
• #22 Use PSR-1 for PHPUnit TestCase
• #20 Use PSR-1 for PHPUnit TestCase
• #1 Use PSR-1 for PHPUnit TestCase

Most of last week was spent on bringing U2F and 2FA to phpMyAdmin. Besides that it was really just minor bug fixing.

We've had one pull request for the 2FA already open, however it was not really in quality to be merged and the original author really didn't come back to address our concerns. I was thinking to start over from his work, but in the end I've decided to start from scratch and come with code which will make easier to implement additional second authentication factors in the future.

Anyway what is now there is support for HOTP/TOTP authentication (Google Authenticator and similar) and FIDO U2F hardware tokens. The latter has been tested with TREZOR, but should work with any compliant device.

Handled issues:

• #13344 Correct location information for locales from Twig templates
• #13787 Second authentication factor
• #6197 Enhance security by adding support for 2-factor-authentication via Google Authenticator
• #13517 Select only visible / filtered results
• #13781 Delete filtered databases deletes ALL databses !
• #13783 Error message on the User accounts page
• #13784 Many messages shown on database privilege page.
• #13777 Removing inline CSS

Last week was mostly focused on code cleanup. I've done quite some fixups in the database interface layer, which now has easier to use API and no more relies on global variables to store database links. Pretty much similar was done in the authentication layer, where many of the methods had names coming from historical reasons rather than their current functionality.

Handled issues:

• #13776 Cannot add decimal
• #13774 Symbol "\" lost in the code editor.
• #13770 Database interface cleanups
• #13771 Scrutinizer Auto-Fixes
• #13764 Authentication API cleanup

Last week was mostly focused on refactoring and code cleanup. This time I've worked on authentication plugins, which now fully handle authentication (previously it was partly done in the mighty common.inc.php).

Handled issues:

• #13762 Redirecting issue on changelog.php
• #13758 single-sign-on: mysqli_real_escape_string() expects parameter 1 to be mysqli, boolean given
• #12965 Fatal error when working with bookmarked queries in a different database
• #13761 Bookmark::getList function has a logical bug in the query conditions
• #13746 Add word wrap in export option heading-2 (H2)
• #13760 config.inc.php add more server,host not current
• #13755 RFC: Create CODE_OF_CONDUCT.md
• #13748 Table name hides column descriptions when creating table
• #13749 Fix for table names being obscured when changing table structure
• #13745 In mobile Export page is not responsive
• #13729 Differentiate between no default and empty string default.
• #137 Add app.json
• #177 wrong error row number

Last week I've continued on cleaning up common.inc.php, but there were other bug fixes as well. Most notable probably being fixing SQL parser to better handle CREATE TABLE queries defining partitions.

Handled issues:

• #13731 Export as CSV returns HTML
• #13514 Index - Options issue
• #13170 Collecting usage statistics.
• #13127 Dashboard page UI : Settings/Information panels can be customizable
• #13725 Copy partitioned table
• #176 Update CreateStatement.php
• #174 Partition by tables