The last week was mostly spent on bugfixing and cleanup after security releases. Hopefully the amount of security reports will go down now.
Most of the bug fixes were in the SQL parser which influences quite a lot of parts of phpMyAdmin. It is responsible for splitting queries on import, generating queries for export or linting the queries as users type them.
Additionally Debian packages were also updated, for both unstable and testing and for Ubuntu PPA.
Handled issues:
- #12067 Adding "JSON" option to dropdown
- #12047 Filtering databases on databases listing
- #12052 Filtering databases on databases listing, Issue #12047
- #12063 duplicate a table occur an error,for uft-8?
- #12064 Cross-site scripting (XSS) vulnerability in phpMyAdmin Version 4.5.4.1
- #11776 SQL Linter Problems
- #12025 Import reports false SQL error with MariaDB
- #12045 unrecognized keyword left in where clause #11975 (REMAINS UNSOLVED)
- #12041 Missing indexes and constratins in export
- #12028 "ALL" keyword not recognized
- #12054 MySQLDump .sql import in v4.5.5 fails becuase of escaped characters
- #12053 upload-release error
- #12055 Parse eror with 4.6.0-rc1 and master
- #12056 Invalid data stored in $_SESSION[' PMA_token '] if openssl_random_pseudo_bytes() fails
- #12015 create-release errors
- #12048 SQL parser doesn't honor vendor config
- #12024 Better icon for table hiding
- #12032 Icons added and code changed to display icons #12024
- #12037 Fix parse git data without gz support (bug 12030)
- #12030 Do not try to parse git data without gz support
- #12044 Fix example in
test/README.rst - #10 1.1 XSS in Static analysis of SQL query [PMASA-2016-10]
- #11 1.2 XSS in "Edit inline" of SQL query [PMASA-2016-11]
- #16 1.6 XSS Via HOST header [PMASA-2016-11]
- #17 1.7 XSS in file_echo.php by mime sniffing text/plain (only in old IE <= 8 & old Safari on windows) [PMASA-2016-11]
- #19 2. insecure CURL SSL Settings [PMASA-2016-13]
- #37 Fix DROP VIEW statement is not constructed properly by the parser, Issue #36
- #39 Fails to parser CREATE TABLE
- #36 DROP VIEW statement is not constructed properly by the parser
- #38 Recognize ALL when used with WHERE clause
