Michal Čihař - Blog Archives for phpMyAdmin

Last week was really focused on fixing issues on phpMyAdmin itself. Some of them also lead to me to bigger cleanups, for example in theme management code, which is now not relying on session cache.

Another important improvements were focused on improving SSL support in phpMyAdmin. It is now able to automatically detect if server enforces SSL and enable it in such case. There is also improved documentation about configuring SSL.

Handled issues:

• #12354 Suggest SSL connection when logging in
• #13505 Main page is mostly links
• #13507 Theme per server
• #13510 Unable to automate cookie login with phpMyAdmin 4.7+
• #13415 The logo is so ugly
• #13442 No edit user action?
• #13430 Alignment issues in original theme
• #13436 Autodetect SSL-only server and use SSL
• #13382 Edit Index Issue
• #13263 Cosmetic: How to disable the accordion effect on the left menu?
• #13450 Copy a table to another database which has an index with a comment fails
• #13321 Column values (modified by triggers / virtual) don't change using inline editing
• #13478 Bool2Text output transformation seems broken
• #13468 Warning: set_time_limit() has been disabled for security reasons
• #13471 Warning: ini_set()/ini_get() has been disabled for security reasons
• #13501 mysql not using more that 48 % of total RAM .
• #13489 Markup in SQL tab live preview error popup
• #13492 PHP Error ->HTTP 500 Error
• #13499 Move Theme object out of session
• #13472 Unable to login to PHPMyAdmin after installation
• #13387 broken link to table of binary fields (every second three)
• #13469 Notice: Undefined index: TABLE_COMMENT
• #13474 Configuration option to disable automatic page reload
• #13289 How to reenable $cfg['EditInWindow'] ?
• #13484 Reduce runkit dependency in testsuite
• #13497 Can not open table with JSON field (ver phpmyadmin all 4:4.5.4.1-2ubuntu2 )

Last week was quite busy and that can be seen from number of issues. Some of them are coming from our error reporting server, where I've focused on the most frequently happening ones for last releases. Still there is about 30000 reports to handle there.

There were several fixes to our SQL parser as well, apparently it's already being used by some other tools, for example by php-sqllint, so we're getting more bug reports :-).

Handled issues:

• #13479 Odd behavior with "Rename exported databases/tables/columns" stuck
• #13487 Undefined property: PhpMyAdmin\SqlParser\Components\CaseExpression::$expr
• #13485 Error when linting RENAME query
• #13486 PHP error when parsing invalid CREATE FUNCTION
• #13483 Notice in SQL parser
• #13481 Update common.inc.php
• #13480 $_COOKIE variable has been set to empty when 'pmaCookieVer' empty
• #13482 Problem with tempdir and open_basedir settings
• #13409 prepare stmt and execute statement is not working in 4.6.6
• #13412 problem in editing column
• #13215 Status page: Monitor page load slow and Advisor page look broken
• #13351 Export throws a bunch of Notices, fails to export
• #13475 Export SQL structure Fatal error when 'Enclose table and column names with backquotes' is not checked
• #13476 Fix more selenium tests
• #13404 phpMyAdmin Error Failed to store CSRF token in session! Probably sessions are not working properly
• #13473 Drag and drop import broken: Token mismatch error
• #13465 Cant create relation
• #13470 Division by zero
• #13467 Warning: file_exists(): open_basedir
• #13458 Refactored view_create to use Twig templates.
• #13462 Fix Database-related selenium tests
• #13464 Refactor ZipExtension and ZipFile to use ZipArchive
• #13365 Refactor ZipExtension and ZipFile to use ZipArchive
• #13445 Browse spacing issue
• #13437 Cannot check for newest version
• #13440 Fork bomb when using multiple hosts
• #158 Add recognizer for SET Statements
• #176 Fix #175: Broken phpMyAdmin version string stripping
• #140 Stacktrace truncation
• #107 Error in handling js reports
• #138 Truncation on too long full report
• #174 Needs too much memory
• #137 Truncation on too long error message
• #157 Tries to set null linenumber

Last week was a bit shorted for me due to public holidays, but still there is new release of SQL parser and some other minor bug fixes.

Handled issues:

• #13437 Cannot check for newest version
• #13440 Fork bomb when using multiple hosts
• #13445 Browse spacing issue
• #158 Add recognizer for SET Statements

Last week was really about solving bug and pull request. I've managed to go through many of long pending pull requests and most of them were merged either directly or with additional fixes.

I always feel bad when it takes too long to merge pull request, but most of them were actually waiting for some fixes which didn't arrive and I had to fix them on my own. This is often what happens to GSoC students pull requests once they realize they were not accepted in the end...

Handled issues:

• #13431 Move classes to PhpMyAdmin namespace
• #13428 master giving Internal server error 500
• #13411 Move classes to PhpMyAdmin namespace
• #13398 Missing 'DST Root CA X3' in cert bundle
• #13313 Double character encoding removed
• #13339 Enhance layout Table Operations
• #13317 JSON data shown in JSON format while editing
• #13400 $cfg['Servers'][$i]['SignonScript'] is broken
• #13145 Table Ops layout
• #13369 Table Ops layout #13145 -- modified js function and removed dynamic a…
• #12944 Nice view for JSON data
• #13330 Removed inline mouseover/mouseout to toggle sort icon.
• #13102 Fixes error in designer #13032
• #13332 Removed inline javascript
• #12979 Foreign keys table layout
• #13095 fix vertical alignment in table cell layout. Fixes #12979
• #13093 Fixed time selection for TIME type
• #12948 TIME columns doesn't allow hour value > 23
• #12899 Variables table unreadable
• #12940 enhancing server variables table view
• #13071 #13058 Improve Captcha error message if service is unreachable
• #13058 Improve Captcha error message if service unreachable
• #13101 upgraded google recpatcha with google invisble recaptcha
• #13086 Replacing Google reCAPTCHA with Invisible reCAPTCHA
• #13407 Make grid editor NULL checkbox text clickable
• #13189 A 404 error occurred while importing the data script timeout
• #13364 Rewrite URL constructing during import
• #13402 Use non-breaking space entity instead of newline in the links on the browse page
• #13413 fix brackets
• #13391 fopen(./log/auth.log): failed to open stream: Permission denied
• #13392 Problems with entering the PhpMyAdmin
• #13396 inconsistent function name httprequestcurl
• #115 Call to undefined function ctype_digit()
• #169 Avoid IP leakage in traces
• #167 Add a read-only public interface for non-team contributors
• #166 Run Github issue state synchronization through CakePHP shell interface
• #164 Sync Report status based on linked Github issue's state
• #158 Empty state when reporting issue to GitHub
• #163 Adjust report state based on Github issues state while linking/delinking

Last week was a bit less intensive for me, still there were some bugs fixed.

Most of the time was spent on investigating one report from error reporting server. These errors do not come from our code, but we see them in thousands, so apparently something widely spread. The feature seems to come from DirectAdmin, but I've found occurrences elsewhere as well.

I think this exactly shows why you should upstream your patches - it would get proper upstream review and you would not have to maintain it over years (apparently they have five versions of the patch in their patches directory).

Anyway pretty much same will be possible to achieve with single line of configuration in the 4.8.0 release.

Handled issues:

• #13391 fopen(./log/auth.log): failed to open stream: Permission denied
• #13392 Problems with entering the PhpMyAdmin
• #13396 inconsistent function name httprequestcurl
• #115 Call to undefined function ctype_digit()

Besides usual bug screening and pull requests merging, I've spent quite some amount in digging reports in our error reporting server and fixed the most visible ones.

The error reporting server collects errors happening in phpMyAdmin installations worldwide (this is opt-in reporting) and gives us insights where our users suffer most. Some of the errors are really weird and probably indicate PHP bug, but as we don't collect more information than is necessary, we really can not say for sure and we can not find person to reproduce the bug. Anyway if something has happened hundredth times on several installations, it's probably worth fixing in our code base.

Handled issues:

• #13394 Merge remote-tracking branch 'refs/remotes/phpmyadmin/master'
• #13386 fileperms(): stat failed for config.inc.php
• #13390 hash_equals(): Expected known_string to be a string, integer given
• #12478 Investigate if code is still needed
• #13389 Illegal character encoding in Kanji conversion
• #12716 Change package guzzle/guzzle for guzzlehttp/guzzle
• #13388 Unsupported encodings used with mbstrings
• #13385 Uninitialized string offset: 599
• #13381 Move third-party js libraries to js/vendor
• #13378 Update CodeMirror to 5.26.0
• #13376 Update jQuery Validation Plugin to 1.16.0
• #13375 Update jQuery to 3.2.1
• #13377 Update jQuery Cookie Plugin to 1.4.1
• #13318 Import is slow, when tracking is configured
• #13008 Exporting database with lot of tables
• #13379 Automatically add token to all AJAX requests
• #13374 composer suggests
• #13294 Removed inline onchange
• #155 Follow Github issue state
• #162 Partially fix error introduced in 66d9f09
• #161 Log and don't save if length of error message for an incident field is too long
• #83 Remove 'microhistory' field from incidents

Last week was again quite busy on the issue tracker and pull requests. I start to think that I barely get to real development over handling flow of incoming reports and pull requests.

I've manged to fix some issues with parsing comments in SQL parser, which probably was not that much visible in phpMyAdmin, but was quite annoying when using SQL parser as library. Generally it seems that people are starting to use it, so at least one of our separate libraries is getting some user base outside phpMyAdmin.

Handled issues:

• #13078 Minified javascript and css files
• #13367 Fix double escaping in table structure view
• #13092 "Error in processing request" red box on start.
• #13354 Fix double escaping
• #13366 Edit Field is all broken
• #13360 Refactor zip functions into static methods
• #13193 Permanence of Navigation Tree Display
• #13359 Improve themes gitignore
• #13363 Not for merge: Add PHP 5.4 and 5.3 to test matrix to see what is broken
• #13285 Error code : 500 Error text : Internal Server Error
• #13343 Query tab Javascript errors
• #13310 PMA is very slow when xdebug is enabled
• #13358 static::TRADITIONAL warning on "copy table with prefix"
• #13362 Status Monitor doesn't do anything
• #13305 showing tooltip for user not in user table
• #12718 Password No shown for user not in user table
• #13352 Refactor the core functions into static methods
• #13356 Refactor index.lib function into static method
• #13357 Port console templates to Twig
• #12976 Foreign keys - Table dropdown
• #13312 Fix to issue #12976
• #13315 Update common.inc.php #13316
• #13323 Tablenames with special characters not correctly shown at triggers.
• #13338 Tablename with special chars shown at triggers
• #13316 func_overload is empty string fix
• #128 Remove link to db container
• #156 Parser mistakes with comments

Last week was quite equally spread across our projects. I've spent time on motranslator, sql-parser, localized documentation and of course phpMyAdmin itself.

Generally it was mostly focused on going through issue trackers and pull requests to see what has happened in week I was offline.

Handled issues:

• #13311 Undefined index: pma_password - Direct login no longer works
• #13341 Refactor the sql functions into static methods
• #13348 Blocked form submission to 'index.php'
• #13314 Switch to different Themes
• #13349 HTML @ tbl_structure.php
• #13308 ServerConfigChecks.php, try to use phpseclib first
• #13346 Merge conflict on demo server composer.lock
• #13345 Test failures with po/pa.po in master
• #13295 token on export
• #13320   
• #13329 Removed   
• #13335 Fix setTimeout function on header_location.twig
• #13284 Small refactoring in preparation to CSP.
• #13340 Refactor the transformations functions into static methods
• #13333 Port some templates to Twig
• #127 Missing 4.7.1 tag
• #37 Add Themes
• #155 Add GroupKeyword class to fix postgres GROUP BY
• #154 Error using GROUP BY with PostgreSQL
• #20 Added support for a locale switch in the same singleton Loader instance.
• #19 Switching locale during one process run

Last week was a bit shorter for me, but still there was quite some bugfixes done.

Most of the time was spent of fixing handling malformed mo files in motranslator, where the issues were reported by Emanuel Bronshtein. The library is now way more fault tolerant than it used to be if it gets corrupted file.

There was also quite some pull requests on phpMyAdmin to review and merge, but that seems to be usual in last weeks :-).

Handled issues:

• #13290 PHP Fatal error: Cannot 'break' 2 levels in export.php on line 864
• #13293 Remove some inline CSS
• #13291 Removed inline onsubmit
• #13287 Fix typo, improve wording
• #13286 Fix typos, improve wording
• #15 fpd on 32bit via negative result of unpack
• #18 PHP Notice in ngettext function
• #17 PHP Fatal error: Uncaught Symfony\Component\ExpressionLanguage\SyntaxError
• #16 PHP Notice in getPluralForms function
• #14 PHP Notice in extractPluralCount function
• #13 add stripping of disallowed chars in sanitizePluralExpression

Last week I was again quite active on development side bringing several improvements to master branch.

The biggest news is probably that phpMyAdmin no longer relies on eval() function. We've used it to run advisory rules on server configuration, but that is now done using Symfony ExpressionLanguage (which we anyway need due to motranslator).

When looking at things this does pull in, I've noticed that there is mbstring polyfill, which can be used instead of the one we ship (and was never completed). Thanks to this the mbstring dependency is now optional, but still recommended for performance reasons.

Another quite visible change is adding JSON metadata to our themes. Right now it covers basic things like theme compatibility and authorship, but more can be added later. This is also covered in our documentation.

Handled issues:

• #13274 Error in query builder - class 'Util' not found
• #13277 Fix unwanted escape
• #13279 Replace our mbstring polyfills with symfony/polyfill-mbstring
• #12386 request to remove mbstring dependency
• #13276 HTML shown when rendering permissions
• #13278 Error: Token mismatch (4.7.0)
• #6363 Eliminate remaining occurences of eval() in phpMyAdmin to make it work on machines where eval() is disabled
• #13260 Replace eval() in Advisor by Symfony\ExpressionLanguage
• #13261 Rewrite theme metadata handling
• #13167 Missing theme compatibility check
• #13275 Add relevant links in repos description
• #13265 Port templates to Twig
• #13273 500 error when trying to view a table with JSON formatted fields
• #13266 Broken link on 'User accounts overview' page
• #13272 Query execution adds a LIMIT clause twice, if I use colons
• #13262 Redirect user to last page that has any tables to display.
• #57 Missing a link to the Author at themes page
• #152 Inline CREATE PROCEURE
• #153 Don't print duplicated cli formatting characters