Michal Čihař - Archive for 1/2016

As you can now see on phpMyAdmin's security page, we've managed to spend 9 security announcements on todays release. Hopefully it won't continue that bad in rest of the year.

Anyway receiving such extensive report was really challenging for us - correctly tracking and fixing all reported issues, discovering which versions are affected. This proven to be quite difficult given that most of the affected code has been refactored meanwhile. But I'm quite happy we've managed to fix ll issues on three supported branches in two weeks.

Another challenge (especially for Isaac) was that this all came with change of our release manager, so forgive us some minor problems with the releases (especially not updated changelogs), we will do it better next time!

PS: Updated packages are on their way to Debian and phpMyAdmin PPA.

PS2: It seems we've messed few more things, so expect quick followup releases for older versions.

Last week consisted mostly of code fixes. For example the code for checking latest phpMyAdmin turned out to be buggy under some PHP configurations. But most work for last week is not yet public, you will see it in upcoming security releases.

All handled issues:

• #11874 Warn if no means of obtaining the version information are found
• #11873 Notice
• #11855 "set password" on MariaDB 10.1
• #11849 Designer cannot export schema in PDF (master)

It has been quite some time since last python-gammu release and it's time to push fixes to the users.

This is really just a bugfix release collecting minor fixes and fixes testsuite with recent Gammu versions.

Full list of changes:

• Compatibility with Gammu >= 1.36.7

Last week was mostly focused on refactoring. I've completely rewritten user interface language selection and related metadata handling. The code is object based and fully covered by testsuite, what was impossible with previous one.

Besides that, there was usual amount of bug fixes and few improvements to the phpMyAdmin container for Docker.

All handled issues:

• #11855 "set password" on MariaDB 10.1
• #11848 Language selection refactoring [WIP]
• #11847 Language selection refactoring
• #11845 Login form is missing - Content Security Policy
• #11835 Failed to load resource
• #16 Improve apk usage
• #15 Version Tags
• #14 Make php server PID 1

Going back to real weekly report, this time covering first week of 2016.

The biggest task was focused on codebase cleanup. As Microsoft is ending support for old Internet Explorer version, we've decided to do same thing for next major release. This allowed us to remove some compatibility code and also upgrade jQuery to 2.x branch, which removes support for older browsers as well.

To continue in the cleanup tasks, I've revisited most of array iterating places and removed not needed reset() calls or generally cleanup up related code.

Besides working directly on the code, I've improved our infrastructure a bit as well and we now have developer documentation online at https://develdocs.phpmyadmin.net/. It is generated using phpdox, but suggestions to improve it are welcome.

All handled issues:

• #11833 Drop support for older MSIE
• #11828 PMA flushes privileges which disables skip-grant-tables
• #11826 'Edit view' reports SQL Syntax errors when username contains '-'
• #11820 Main pane scroll is too high; can't see things across top of page
• #11815 Fix handling of databases with dot in a name
• #11798 Table engine detection fails with dot in database name
• #11790 Include interface language in the error report
• #13 Allows to set the user-facing URL, fixes #12
• #12 Login redirects to port-qualified url

It seems that I did mess it up with last version of Enca and it was not possible to install it without error. Now comes hotfix which fixes tat.

If you don't know Enca, it is an Extremely Naive Charset Analyser. It detects character set and encoding of text files and can also convert them to other encodings using either a built-in converter or external libraries and tools like libiconv, librecode, or cstocs.

Full list of changes for 1.18 release:

• fix installation of devhelp documentation

Still enca is in maintenance mode only and I have no intentions to write new features. However there is no limitation to other contributors, join the project at GitHub :-).

You can download from http://cihar.com/software/enca/.

Okay, this report is not weekly and is a bit late, but anyway here comes report covering last two weeks in 2015.

As you might expect there were some days off, but still quite some work has been done. I've focused on encoding conversions and usage of mb_* functions. One of results was cleanup PR and some opened questions. The PR is already merged meanwhile and we will probably make again the mbstring dependency options. Rest was pretty much just bug fixing.

Fixed issues:

• #11788 Problems with error message conversion
• #11787 Errors from iconv
• #11786 Kanji encoding errors
• #11785 Internal encoding different than UTF-8
• #11784 Warning: zip_close() expects parameter 1 to be resource
• #11783 ReferenceError: PMA_messages is not defined
• #14 Offer just the latest theme version for a specific phpMyAdmin version

Last version of Enca has been released more than year ago and now it's time for new release. There are various compatibility fixes which have been committed to the Git repository meanwhile.

If you don't know Enca, it is an Extremely Naive Charset Analyser. It detects character set and encoding of text files and can also convert them to other encodings using either a built-in converter or external libraries and tools like libiconv, librecode, or cstocs.

Full list of changes for 1.17 release:

• Fixed conversion of GB2312 encoding with iconv
• Fixed iconv conversion on OSX
• Documentation improvements
• Fixed execution of external converters with ACLs
• Improved test coverage to 80%

Still enca is in maintenance mode only and I have no intentions to write new features. However there is no limitation to other contributors :-).

You can download from http://cihar.com/software/enca/.