path: root/ChangeLog

phpMyAdmin - ChangeLog
======================

4.0.10.9 (2015-03-04)
- bug       [security] Risk of BREACH attack, see PMASA-2015-1

4.0.10.8 (2015-01-07)
- rfe #1588 recursive function too deep - operator change suggestion 
- rfe #1589 support early versions of PHP5.2 (register_shutdown_function)

4.0.10.7 (2014-12-03)
- bug #4611 [security] DOS attack with long passwords

4.0.10.6 (2014-11-20)
- bug #4578 [security] XSS vulnerability in table print view
- bug #4579 [security] XSS vulnerability in zoom search page
- bug #4594 [security] Path traversal in file inclusion of GIS factory
- bug #4598 [security] XSS in multi submit
- bug #4597 [security] XSS through pma_fontsize cookie

4.0.10.5 (2014-10-21)
- bug #4562 [security] XSS in debug SQL output
- bug #4563 [security] XSS in monitor query analyzer

4.0.10.4 (2014-10-01)
- bug #4544 [security] XSS vulnerabilities in table search and table structure pages

4.0.10.3 (2014-09-13)
- bug #4530 [security] DOM based XSS that results to a CSRF that creates a
            ROOT account in certain conditions

4.0.10.2 (2014-08-17)
- bug #4501 [security] XSS in table browse page
- bug #4502 [security] Self-XSS in enum value editor
- bug #4503 [security] Self-XSSes in monitor
- bug #4504 [security] Self-XSS in query charts
- bug #4517 [security] XSS in relation view

4.0.10.1 (2014-07-17)
- bug #4488 [security] XSS injection due to unescaped table name (triggers)
- bug #4492 [security] XSS in AJAX confirmation messages 

4.0.10.0 (2013-12-04)
- bug #4150 Clicking database name in query window opens a new tab
- bug #4141 Wrong page is shown after editing; also, do not show a modal
            dialog for multi-row edit
- bug #3939 PHP NavigationTree error when paging through list
- bug #4075 Support A10 Networks load balancer
- bug #4083 row deleting isn't binlogs friendly
- bug #4163 Setup script does not recognize manually-configured server
- bug #4158 Events page says no privileges with ALL PRIVILEGES

4.0.9.0 (2013-11-04)
- bug #4104 Can't edit updatable view when searching
- bug #4108 Missing refresh by deleting databases
- bug #3995 Drizzle server charset notice
- bug #3911 Filtering database names includes empty groupings
- bug #3678 Does not display or manipulate bit(64) fields appropriately
- bug #4129 Unneeded navi panel refresh
- bug #4120 SSL redirects to port 80
- bug #4144 DROP DATABASE displays wrong database name
- bug #4059 Running delete query asks for confirmation but says it was already executed
- bug #4147 Accessibility: Images without Alt nor title attribute 

4.0.8.0 (2013-10-06)
- bug #3988 Rename view is not working
- bug #4041 Interaction between linkified fields and grid editing
- bug #3975 Table grouping isn't implemented properly
- bug #4060 Browser tries to remember wrong password when creating new user
- bug #4002 Edit Index on big table doesn't show "Loading" or any message
- bug #4098 Default table tab is ignored
- bug #4099 Server/library difference warning: setting is ignored
- bug #4100 table tree group strategy
- bug #4102 ALTER TABLE ORDER BY and InnoDB
- bug #4103 Tracking report: cannot delete a statement
- bug #3996 Drizzle navigation doesn't expand
- bug #4074 GIS column editor: point not displayed
- bug #4109 Drizzle tables in navigation are shown as views
- bug #4095 NUL symbols added to the end of database dump file
- bug #4105 More disappears in table Structure
- bug #3992 Multi-row edit doesn't clear values when checking NULL

4.0.7.0 (2013-09-23)
- bug #3993 Sorting in database overview with statistics doesn't work
- bug Handle the situation where PHP_SELF is not set
- bug #4080 Overwrite existing file not obeyed
- bug #3929 Database-specific privileges are not copied when cloning user
- bug #3997 Error handling in case MySQL extension is missing
- bug #4089 Moving Columns will alter column definition
- bug #4091 Insert ignore option does not work
- bug #4090 Downloading BLOB downloads page template
- bug #4092 Clicking on table name in view of information_schema redirects to wrong page
- bug #4079 Copy Table Add AUTO_INCREMENT value checkbox not working
- bug #4088 MySQL server version at index.php incorrect w/ controlhost
- bug #4001 Import error: Class 'ImportOds' not found
- bug #3986 Missing DROP VIEW button

4.0.6.0 (2013-09-05)
- bug #4036 Call to undefined function mb_detect_encoding (clarify the doc)
- bug Missing hints when changing a column's structure
- bug #4048 Cannot select foreign value in Search
- bug #4025 gzip export is not actually compressed with mod_deflate
- bug #4054 query analysis doesn't launch in status monitor
+ Add pmahomme icon credits (FamFamFam silk icon set)
- bug #4064 Table structure statistics "Space usage" caption too small for l10n
- bug #4051 Wrong tabindex when inserting rows
- bug #4066 varchar field not truncated in table browse mode
+ rfe #1435 Opening database should expand it in the navigation menu
- (performance) Removed ShowTooltip directive
- bug #4046 Exporting huge Tables causes memory-Problems

4.0.5.0 (2013-08-04)
- bug #3977 Not detected configuration storage
- bug #3970 Pressing enter in the filter field reloads page
- bug #3984 Cannot insert in this table (PHP < 5.4)
- bug #3989 Reloading privileges does not update the interface
- bug #3960 NavigationBarIconic config not honored
- bug #3985 Call to undefined function mb_detect_encoding
- bug #4007 Analyze option not shown for InnoDB tables
- bug #4015 Forcing a storage engine for configuration storage
- bug Incorrect Drizzle 7 detection
- bug #4019 Create database if not exists (export): add an option to the
  interface to enable generating CREATE DATABASE and USE (false by default)
- bug #4012 Crash on CSV file import
- bug #4009 Statistic Monitor shows only last 3 digits in graph
- bug #3998 Non-permanent SQL history not working
- bug #3578 Transformations for text/plain on a BLOB column
- [security] Improved protection against cross framing, see PMASA-2013-10
+ Reinstated configuration directive: AllowThirdPartyFraming

4.0.4.2 (2013-07-28)
- [security] fix unescaped parameter, see PMASA-2013-8
- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
- [security] Fix full path disclosure, see PMASA-2013-12
- [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
- [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
- [security] Fix self-XSS in schema export, see PMASA-2013-14
- [security] Fix unencoded json object, see PMASA-2013-11
- [security] Fix stored XSS in link transformation plugin, see PMASA-2013-13

4.0.4.1 (2013-06-30)
- [security] Global variables scope injection vulnerability (see PMASA-2013-7)

4.0.4.0 (2013-06-17)
- bug #3959 Using DefaultTabDatabase in NavigationTree for Database Click
- bug #3961 Avoid Suhosin warning when in simulation mode
- bug #3897 Row Statistics and Space usage bugs
- bug #3966 Only display "table has no unique column" message when applicable
- bug #3965 Default language wrong with zh-TW
- bug #3921 Call to undefined function PMA_isSuperuser() if default server is
not set 
- bug #3971 Ctrl/shift + click opens links in same window
- bug #3964 Import using https does not work
- bug Missing removeCRLF option in ExportCsv and ExportExcel plugins
- bug #3631 Drop not working Visio schema export.
- bug #3645 Better handling of invalid ODS documents
- bug #3976 Number of pages
- bug #3922 User privileges, database name unescaped

4.0.3.0 (2013-06-05)
- bug #3941 Recent tables list always empty
- bug #3933 Do not translate "Open Document" in export settings
- bug #3927 List of tables is missing after expanding in the navigation frame
- bug #3942 Warnings about reserved word for many non reserved words
- bug #3912 Exporting row selection, resulted by ORDER BY query
- bug #3957 Cookies must be enabled past this point
- bug #3956 "Browse foreign values" search filter / page selector not working
- bug #3579 NOW() function incorrectly selected (partial regression)
- [security] Javascript execution vulnerability in Create view,
  reported by Maxim Rupp (see PMASA-2013-6)

4.0.2.0 (2013-05-24)
- bug #3902 Cannot browse when table name contains keyword "call"
+ center loading indicator for navigation refresh, related to bug #3920
- bug #3925 Table sorting in navigation panel is case-sensitive
- bug #3915 Import of CSV file (Replace table data with file) with duplicate values
- bug #3907 undefined variables, function parameter problems
- bug #3898 Structure not refreshed after column drop 
- bug #3926 View is not updatable
- bug #3919 PropertiesIconic not honored
- bug #3930 Databases to choose for specific privileges show up escaped
- bug #3910 Export database with empty table as a php array, does not produce valid PHP
- bug #3936 Query profiler chart not loading from SQL Query page
- bug #3946 Missing CSV import option "Do not abort on INSERT error"
- bug #3943 Missing Operations>Table options>AUTO_INCREMENT
- bug Missing CREATE DATABASE statement when exporting at database level
- bug #3924 Show warning when CSV file does not contain data for all columns
- bug #3947 Missing Sql Query after modify structure
- bug #3948 Server export problems
- bug #3917 CountTables directive is deprecated

4.0.1.0 (2013-05-14)
- bug #3879 Import broken for CSV using LOAD DATA
- bug #3889 When login fails and error display is active, login data is displayed
- bug #3890 [import] Web server upload directory import fails
- bug #3891 [import] Server upload folder import file name missing in success message 
+ rfe #1421 [auth] Add retry button on connection failure with config auth
- bug #3894 [interface] Provide feedback if no columns selected for multi-submit
- bug #3799 [interface] Incorrect select field change on ctrl key navigation in Firefox
- bug #3885 [browse] display_binary_as_hex option causes unexpected behavior
- bug #3899 Git commit links to Github missing
- bug #3900 CSP WARN in Firefox console
- bug #3901 Setup script warning for config auth (stored login data) shows link BBcode
- bug #3895 [browse] Fixed getting BLOB data
- bug #3905 [export] Custom Exporting exports all databases
- bug #3909 [import] Import of CSV FIle to selected table doesn't work
- bug #3904 Browsing an empty table should not display its Structure
- bug #3908 Calendar widget improperly redirects to home 
- bug #3918 Greyed out tabs when there are no rows fixed 
- bug #3916 [interface] Missing scrollbar (original theme)
+ [vendor] add tcpdf path to vendor_config.php
- bug fix compat with tcpdf >= 6.0 (tested with 6.0.012)

4.0.0.0 (2013-05-03)
+ Patch #3481047 for rfe #3480477 Insert as new row enhancement
+ Patch #3480999 Activate codemirror in the query window
- Patch #3495284 XML Import - fix message and redirect
+ rfe #3484063 Null checkbox behavior
+ Patch #3497179 Contest-5: Add user: Allow create DB w/same name + grant u_%
+ Patch #3498201 Contest-6: Export all privileges
+ Patch #3502814 for rfe #3187077 Change password buttons should match
+ rfe #3488640 Expand table-group in non-light navigation frame if only one
+ Patch #3509360 Contest-3: Option "Truncate table" before "insert"
+ Patch #3506552 Contest-2: Show index information in the data dictionary
+ Patch #3510656 Contest-1: Ignoring foreign keys while dropping tables
- Bug #3509686 Reverting sort on joined column does not work
+ New transformation: append string
+ rfe #3507804 Session upload progress (PHP 5.4)
+ rfe #3488185 draggable columns vs copy column name
+ Patch #3507001 Contest-4: Textarea for large character columns
+ Removed the PHP version of the ENUM editor
+ Patch #3507111 Display distinct results, linked to corresponding data rows
- bug #3507917 [export] JSON has unescaped values for allegedly numeric columns
+ rfe #3516187 show tables creation, last update, last check timestamps in db_structure
- bug #3059806 Supporting running from CIFS/Samba shares
- bug #3516341 [export] Open Document Text, Word and Texy! Text show table structure twice
- bug [export] Texy! Text: Columns containing Pipe Character don't export properly
+ [export] Show triggers in Open Document Text, Word and Texy! Text
- Patch #3415061 [auth] Login screen appears under the page
+ rfe #3517354 [interface] Allow disabling CodeMirror with $cfg['CodemirrorEnable'] = false
+ rfe #3475567 [interface] New directive $cfg['HideStructureActions']
- bug #3468272 [import] Fixed import of ODS with more paragraphs in a cell
- bug #3510196 [core] Improved redirecting with ForceSSL option
+ rfe #3518852 [edit] edit blob but not other binary, new option $cfg['ProtectBinary'] = 'noblob'
+ Hide language select box if there are no locales installed
+ Removed some directives: verbose_check, SuggestDBName, LightTabs,
VerboseMultiSubmit, ReplaceHelpImg
- Patch #3500882 Fixing checkbox behaviour while editing identical rows
+ rfe #3441722 [interface] Display description of datatypes
+ rfe #3517835 [structure] Move columns easily
+ Ajaxified "Create View" functionality
+ [import] New plugin: import mediawiki
+ New navigation system
+ Discontinued the use of a frame-based layout
+ rfe #3528994 [interface] Allow wrapping possibly long values in replication-status table
+ [interface] Autoselect username input on cookie login page
- bug #3563799 [interface] Grid editing destroying huge amount of data
+ [import] Remove support for the unactive docSQL import format
- bug #3577443 [edit] "Browse foreign values" does not show on ajax edit
+ rfe #3522109 [browse] Grid editing: action to trigger it (or disable)
- bug #3526598 [interface] SQL query not shown when creating table
+ Dropped configuration directive: AllowThirdPartyFraming
+ Dropped configuration directive: LeftFrameLight
+ Dropped configuration directive: DisplayDatabasesList
+ Dropped configuration directives: ShowTooltipAliasDB and ShowTooltipAliasTB
+ Dropped configuration directive: NaviDatabaseNameColor
+ Added configuration directive: MaxNavigationItems
+ Renamed configuration directive: LeftFrameDBTree => NavigationTreeEnableGrouping
+ Renamed configuration directive: LeftFrameDBSeparator => NavigationTreeDbSeparator
+ Renamed configuration directive: LeftFrameTableSeparator => NavigationTreeTableSeparator
+ Renamed configuration directive: LeftFrameTableLevel => NavigationTreeTableLevel
+ Renamed configuration directive: LeftPointerEnable => NavigationTreePointerEnable
+ Renamed configuration directive: LeftDefaultTabTable => NavigationTreeDefaultTabTable
+ Renamed configuration directive: LeftDisplayTableFilterMinimum => NavigationTreeDisplayTableFilterMinimum
+ Renamed configuration directive: LeftDisplayLogo => NavigationDisplayLogo
+ Renamed configuration directive: LeftLogoLink => NavigationLogoLink
+ Renamed configuration directive: LeftLogoLinkWindow => NavigationLogoLinkWindow
+ Renamed configuration directive: LeftDisplayServers => NavigationDisplayServers
+ Renamed configuration directive: LeftRecentTable => NumRecentTables
+ Renamed configuration directive: LeftDisplayDatabaseFilterMinimum => NavigationTreeDisplayDbFilterMinimum
+ Removed the "Mark row on click" feature; must now click the checkbox to mark
+ Removed the "Synchronize" feature
+ Improved layout of server variables page
+ rfe #1052091 [config] Double-underscores in PMA table names
+ Improved the "More" dropdown on the table structure page
+ [interface] Added "scroll to top" link in menubar
+ [designer] Fullscreen mode for the designer
+ Upgraded jquery to v1.8.3 and jquery-ui to v1.9.2
+ Patch #3597529 [status] Add raw value as title on server status page
+ Support MySQL 5.6 partitioning
+ Removed the AjaxEnable directive
+ rfe #3542567 Accept IPv6 ranges and IPv6 CIDR notations in $cfg['Servers'][$i]['AllowDeny']['rules']
- Bug #3576788 Grid editing shows the value before silent truncation
- Upgraded jqPlot to 1.0.4 r1121
- Upgraded to jquery-ui-timepicker-addon 1.1.1
+ rfe #3599046 [interface] Added comments for indexes
- Replaced qtip with jQuery UI tooltip
- Upgraded CodeMirror to 2.37
- bug #2951 [export] Correctly export decimal fields.
- bug #3762 [core] Make Advisor work on Windows withou COM extension.
- bug #3519 [export] Prevent infinite recursion in PDF export.
- bug #3827 Table specific privileges not displayed for db name containing
underscore 
- rfe #1386 Add IF NOT EXISTS clause when copying database
- No longer package .travis.yml configuration file when creating a release.
- bug #3830 Can't export custom query because it lowercases table names
- bug #3829 Enabling query profiling crashes javascript based navigation
+ rfe #879 Reserved word warning
+ Remove the database ordering sub-feature of the only_db directive
- bug #3840 When exporting to gzip format, the data is compressed 2 times
+ rfe #1319 Permit to create index when creating foreign key
- bug #3703 Incorrect updating of the list of users
- bug #3853 Blowfish implementation might be broken (replace with phpseclib)
- bug #3865 Using like operator on each backslash needs 4 backslash protection
- bug #3860 Displayed git revision info is not set
- bug #3871 Check referential integrity broken across databases
- bug #3874 [export] No preselected option when exporting table
- bug #3873 Can't copy table to target database if table exists there
- bug #3683 Incorrect listing of records from to count
- bug #3876 [import] PHP 5.2 - unexpected T_PAAMAYIM_NEKUDOTAYIM
- [security] Local file inclusion vulnerability, reported by Janek Vind
  (see PMASA-2013-4)
- [security] Global variables overwrite in export.php, reported by Janek Vind
  (see PMASA-2013-5)
- bug #3892 [export] SQL Export files are empty

3.5.8.2 (2013-07-28)
- [security] Fix self-XSS in "Showing rows", see PMASA-2013-8
- [security] Fix self-XSS in Display chart, see PMASA-2013-9
- [security] Fix stored XSS in Server status monitor, see PMASA-2013-9
- [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9
- [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9
+ [security] JSON content type header for version_check.php, see PMASA-2013-9
+ [security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMASA-2013-9
+ [security] Fix full path disclosure, see PMASA-2013-12
+ [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15
+ [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15
- [security] Fix self-XSS in schema export, see PMASA-2013-14
- [security] Fix unencoded json object, see PMASA-2013-11

3.5.8.1 (2013-04-24)
- [security] Remote code execution (preg_replace), reported by Janek Vind
  (see PMASA-2013-2)
- [security] Locally Saved SQL Dump File Multiple File Extension Remote Code
  Execution, reported by Janek Vind (see PMASA-2013-3)

3.5.8.0 (2013-04-08)
- bug #3828 MariaDB reported as MySQL
- bug #3854 Incorrect header for Safari 6.0
- bug #3705 Attempt to open trigger for edit gives NULL
- Use HTML5 DOCTYPE 
- [security] Self-XSS on GIS visualisation page, reported by Janek Vind
- bug #3800 Incorrect keyhandler behaviour #2

3.5.7.0 (2013-02-15)
- bug #3779 [core] Problem with backslash in enum fields
- bug #3816 Missing server_processlist.php
- bug #3821 Safari: white page
- Correct detection of the Chrome browser

3.5.6.0 (2013-01-28)
- bug #3593604 [status] Erroneous advisor rule
- bug #3596070 [status] localStorage broken in server status monitor
- bug #3598736 [routines] Editing a procedure with special characters
- bug #3600322 [core] Visualize GIS data throws Fatal Error
- bug #3599362 [core] Double-escaped error message
- bug #3776 [cookies] Login without auth on second server

         --- Older ChangeLogs can be found on our project website ---
                     http://www.phpmyadmin.net/old-stuff/ChangeLogs/

# vim: et ts=4 sw=4 sts=4
# vim: ft=changelog fenc=utf-8
# vim: fde=getline(v\:lnum-1)=~'^\\s*$'&&getline(v\:lnum)=~'\\S'?'>1'\:1&&v\:lnum>4&&getline(v\:lnum)!~'^#'
# vim: fdn=1 fdm=expr