Michal Čihař - Blog Archives for phpMyAdmin

Weekly phpMyAdmin contributions 2016-W41

Last week was mostly focused on motranslator and removing it's usage of eval(). After introducing library to do the expression evaluation, I've learned that there is already existing library having all features we need - symfony/expression-language. There could be better way to learn this, but still lesson learned and I will evaluate existing libraries more carefully next time. Now the motranslator 2.0 is out without eval() and with dependency on symfony/expression-language.

Besides that there was some discussion about improving quality of our documentation translations by using automated checks. The set of such checks is already provided by Weblate, but it really doesn't cover RST markup and some improvements could be borrowed from the dennis tool.

Handled issues:

motranslator 2.0

Yesterday, the motranslator 2.0 has been released. As the version change suggests there are some important changes under the hood.

Full list of changes:

  • Consistently use camelCase in API
  • No more relies on using eval()
  • Depends on symfony/expression-language for calculations

As you can see, yesterday announced SimpleMath is not used in the end and I've moved to use existing library. Somehow I misunderstood library description and I thought that it works as PHP, what would be problem for us (or would bring need to add parenthesis around ternary operator as we did with eval()). But this is not the case and ternary operator behaves sane in ExpressionLanguage, so we're good too use it.

Anyway if you were using MoTranslator, it might be good idea to upgrade and check if API changes affect you.

Announcing SimpleMath

For quite some time we've been relying on using eval() function in phpMyAdmin in two places. One of them is gettext library, where we have to evaluate plural forms and second of them is MySQL configuration advisor, which does it's suggestions based on text file (the original idea was to make this file shared with other tools, but it never really worked out).

Using eval() in PHP is something what is better to avoid, but we were using it on data we ship, so it was considered safe. On the other side, there are hostings which deny using eval() altogether (as many of exploits are using this function), so it's better to avoid that. I've been looking for options for replacing eval() in motranslator (library we use for handling Gettext MO files) for quite some time, but never found library which would support all operators needed in Gettext plural formulas.

Yesterday I finally came to conclusion that writing own library to do this is best approach. This way it can in future extended to work with Advisor as well. Also we can make it pretty lightweight without additional dependencies (what was problem in some existing libraries I've found).

To make the story short, this is how SimpleMath was born. As of now, it has grown to version 0.2 (you can use Packagist to install it). For now it's really simple and it can be probably confused by various strange inputs, but it seems for work pretty well for our case. Currently supported features:

  • Supports basic arithmetic operations +, -, *, /, %
  • Supports parenthesis
  • Supports right associative ternary operator
  • Supports comparison operators ==, !=, >, <, >=, <=
  • Supports basic logical operations &&, ||
  • Supports variables (either PHP style $a or simple n)

Maybe it will be usable for somebody else as well, but even if not, it's the way for us to get rid of using eval() in our codebase.


It seems that Symfony ExpressionLanguage Component is doing pretty much same, but more flexible and faster, so SimpleMath will be probably dead soon and we will switch to using Symphony component.

Weekly phpMyAdmin contributions 2016-W40

Last week was pretty short for me, only two days at computer, so amount of work done is limited as well. I've fixed few minor issues and reviewed pull requests. There was some security work as well, but that's something you will see in the future.

Handled issues:

Weekly phpMyAdmin contributions 2016-W39

Last week was quite similar to previous weeks - most time has been spent on reviewing pull requests, improving documentation and improving Docker container.

On the Docker container, I've enabled open_basedir restrictions, so the attack surface is a bit lower. However there are still lot of hardening suggestions open in the issue tracker.

Handled issues:

Weekly phpMyAdmin contributions 2016-W38

Last week was again mostly spent on reviewing pull requests and screening issues. This little housecleaning work is sometimes surprisingly time consuming :-).

Besides that I've again reviewed potential security weaknesses in our process reported by Emanuel Bronshtein. This lead to various hardenings in our Docker container, Debian packages or our website. There are still places to improve, but we're getting better with every commit.

Additionally there was release for motranslator and SQL parser, both of these are now properly listed on GitHub releases page.

Handled issues:

Weekly phpMyAdmin contributions 2016-W37

Last week was heavily focused on reviewing incoming code, mostly on our SQL parser. Thanks to several contributions we have made it even better.

The SQL parser s releases now include list of changes, so you can easily see what has been changed. While touching the SQL parser code, I've added some missing bits in testsuite code coverage and we're now really close to 100%.

Another useful thing for our library users is API documentation which is now available at https://develdocs.phpmyadmin.net/. It covers all libraries we've recently released (motranslator, sql-parser and shapefile).

Handled issues:

Weekly phpMyAdmin contributions 2016-W36

Last week was a bit calmer on my phpMyAdmin contributions as I've spent more time on other free software projects (namely Gammu).

Anyway there was still some amount of reviewing pull requests and bug screening and I've added PHP 7.1 to the testsuite on Travis while fixing some bugs this has revealed (thanks Deven for helping in this as well). Most notable these were bugs in our testsuite feeding invalid mock data in some situations. Without type warnings in upcoming PHP 7.1 these would be further unnoticed.

Handled issues:

Weekly phpMyAdmin contributions 2016-W35

Last week had still major focus on our Docker container, which is now better than ever :-). There also was a motranslator release to push some of the bug fixes to users.

Other than that there was usual amount of bug screening and fixing which you can see from list of issues below.

Handled issues:

Weblate 2.8

Quite on schedule (just one day later), Weblate 2.7 is out today. This release brings Subversion support or improved zen mode.

Full list of changes:

  • Documentation improvements.
  • Translations.
  • Updated bundled javascript libraries.
  • Added list_translators management command.
  • Django 1.8 is no longer supported.
  • Fixed compatibility with Django 1.10.
  • Added Subversion support.
  • Separated XML validity check from XML mismatched tags.
  • Fixed API to honor HIDE_REPO_CREDENTIALS settings.
  • Show source change in zen mode.
  • Alt+PageUp/PageDown/Home/End now works in zen mode as well.
  • Add tooltip showing exact time of changes.
  • Add option to select filters and search from translation page.
  • Added UI for translation removal.
  • Improved behavior when inserting placeables.
  • Fixed auto locking issues in zen mode.

If you are upgrading from older version, please follow our upgrading instructions.

You can find more information about Weblate on https://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on https://hosted.weblate.org/ as official translating service for phpMyAdmin, OsmAnd, Aptoide, FreedomBox, Weblate itself and many other projects.

Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.