I'd especially like to see improvements in the Italian translation which was one of the first in Weblate beginnings, but hasn't received much love in past years.
Last week was really focused on fixing issues on phpMyAdmin itself. Some of them also lead to me to bigger cleanups, for example in theme management code, which is now not relying on session cache.
Another important improvements were focused on improving SSL support in phpMyAdmin. It is now able to automatically detect if server enforces SSL and enable it in such case. There is also improved documentation about configuring SSL.
- #12354 Suggest SSL connection when logging in
- #13505 Main page is mostly links
- #13507 Theme per server
- #13510 Unable to automate cookie login with phpMyAdmin 4.7+
- #13415 The logo is so ugly
- #13442 No edit user action?
- #13430 Alignment issues in original theme
- #13436 Autodetect SSL-only server and use SSL
- #13382 Edit Index Issue
- #13263 Cosmetic: How to disable the accordion effect on the left menu?
- #13450 Copy a table to another database which has an index with a comment fails
- #13321 Column values (modified by triggers / virtual) don't change using inline editing
- #13478 Bool2Text output transformation seems broken
- #13468 Warning: set_time_limit() has been disabled for security reasons
- #13471 Warning: ini_set()/ini_get() has been disabled for security reasons
- #13501 mysql not using more that 48 % of total RAM .
- #13489 Markup in SQL tab live preview error popup
- #13492 PHP Error ->HTTP 500 Error
- #13499 Move Theme object out of session
- #13472 Unable to login to PHPMyAdmin after installation
- #13387 broken link to table of binary fields (every second three)
- #13469 Notice: Undefined index: TABLE_COMMENT
- #13474 Configuration option to disable automatic page reload
- #13289 How to reenable $cfg['EditInWindow'] ?
- #13484 Reduce runkit dependency in testsuite
- #13497 Can not open table with JSON field (ver phpmyadmin all 4:22.214.171.124-2ubuntu2 )
Having publicly running web application always brings challenges in terms of security and in generally in handling untrusted data. Security wise Weblate has been always quite good (mostly thanks to using Django which comes with built in protection against many vulnerabilities), but there were always things to improve in input validation or possible information leaks.
When Weblate has joined HackerOne (see our first month experience with it), I was hoping to get some security driven core review, but apparently most people there are focused on black box testing. I can certainly understand that - it's easier to conduct and you need much less knowledge of the tested website to perform this.
One big area where reports against Weblate came in was authentication. Originally we were mostly fully relying on default authentication pipeline coming with Python Social Auth, but that showed some possible security implications and we ended up with having heavily customized authentication pipeline to avoid several risks. Some patches were submitted back, some issues reported, but still we've diverged quite a lot in this area.
Second area where scanning was apparently performed, but almost none reports came, was input validation. Thanks to excellent XSS protection in Django nothing was really found. On the other side this has triggered several internal server errors on our side. At this point I was really happy to have Rollbar configured to track all errors happening in the production. Thanks to having all such errors properly recorded and grouped it was really easy to go through them and fix them in our codebase.
Last week was quite busy and that can be seen from number of issues. Some of them are coming from our error reporting server, where I've focused on the most frequently happening ones for last releases. Still there is about 30000 reports to handle there.
- #13479 Odd behavior with "Rename exported databases/tables/columns" stuck
- #13487 Undefined property: PhpMyAdmin\SqlParser\Components\CaseExpression::$expr
- #13485 Error when linting RENAME query
- #13486 PHP error when parsing invalid CREATE FUNCTION
- #13483 Notice in SQL parser
- #13481 Update common.inc.php
- #13480 $_COOKIE variable has been set to empty when 'pmaCookieVer' empty
- #13482 Problem with tempdir and open_basedir settings
- #13409 prepare stmt and execute statement is not working in 4.6.6
- #13412 problem in editing column
- #13215 Status page: Monitor page load slow and Advisor page look broken
- #13351 Export throws a bunch of Notices, fails to export
- #13475 Export SQL structure Fatal error when 'Enclose table and column names with backquotes' is not checked
- #13476 Fix more selenium tests
- #13404 phpMyAdmin Error Failed to store CSRF token in session! Probably sessions are not working properly
- #13473 Drag and drop import broken: Token mismatch error
- #13465 Cant create relation
- #13470 Division by zero
- #13467 Warning: file_exists(): open_basedir
- #13458 Refactored view_create to use Twig templates.
- #13462 Fix Database-related selenium tests
- #13464 Refactor ZipExtension and ZipFile to use ZipArchive
- #13365 Refactor ZipExtension and ZipFile to use ZipArchive
- #13445 Browse spacing issue
- #13437 Cannot check for newest version
- #13440 Fork bomb when using multiple hosts
- #158 Add recognizer for SET Statements
- #176 Fix #175: Broken phpMyAdmin version string stripping
- #140 Stacktrace truncation
- #107 Error in handling js reports
- #138 Truncation on too long full report
- #174 Needs too much memory
- #137 Truncation on too long error message
- #157 Tries to set null linenumber
Last week was a bit shorted for me due to public holidays, but still there is new release of SQL parser and some other minor bug fixes.
Last week was really about solving bug and pull request. I've managed to go through many of long pending pull requests and most of them were merged either directly or with additional fixes.
I always feel bad when it takes too long to merge pull request, but most of them were actually waiting for some fixes which didn't arrive and I had to fix them on my own. This is often what happens to GSoC students pull requests once they realize they were not accepted in the end...
- #13431 Move classes to PhpMyAdmin namespace
- #13428 master giving Internal server error 500
- #13411 Move classes to PhpMyAdmin namespace
- #13398 Missing 'DST Root CA X3' in cert bundle
- #13313 Double character encoding removed
- #13339 Enhance layout Table Operations
- #13317 JSON data shown in JSON format while editing
- #13400 $cfg['Servers'][$i]['SignonScript'] is broken
- #13145 Table Ops layout
- #13369 Table Ops layout #13145 -- modified js function and removed dynamic a…
- #12944 Nice view for JSON data
- #13330 Removed inline mouseover/mouseout to toggle sort icon.
- #13102 Fixes error in designer #13032
- #12979 Foreign keys table layout
- #13095 fix vertical alignment in table cell layout. Fixes #12979
- #13093 Fixed time selection for TIME type
- #12948 TIME columns doesn't allow hour value > 23
- #12899 Variables table unreadable
- #12940 enhancing server variables table view
- #13071 #13058 Improve Captcha error message if service is unreachable
- #13058 Improve Captcha error message if service unreachable
- #13101 upgraded google recpatcha with google invisble recaptcha
- #13086 Replacing Google reCAPTCHA with Invisible reCAPTCHA
- #13407 Make grid editor NULL checkbox text clickable
- #13189 A 404 error occurred while importing the data script timeout
- #13364 Rewrite URL constructing during import
- #13402 Use non-breaking space entity instead of newline in the links on the browse page
- #13413 fix brackets
- #13391 fopen(./log/auth.log): failed to open stream: Permission denied
- #13392 Problems with entering the PhpMyAdmin
- #13396 inconsistent function name httprequestcurl
- #115 Call to undefined function ctype_digit()
- #169 Avoid IP leakage in traces
- #167 Add a read-only public interface for non-team contributors
- #166 Run Github issue state synchronization through CakePHP shell interface
- #164 Sync Report status based on linked Github issue's state
- #158 Empty state when reporting issue to GitHub
- #163 Adjust report state based on Github issues state while linking/delinking