Adding composer lock for 4.9.8

[phpmyadmin.git] / ChangeLog

phpMyAdmin - ChangeLog
======================

4.9.8 (2022-01-20)
- issue #14321 Display a correct error page when "$cfg['Servers'][$i]['SignonURL']" is empty for auth_type=signon
- issue #14321 [security] Remove leaked HTML on signon page redirect before login for auth_type=signon
- issue        [security] Add configuration directive $cfg['Servers'][$i]['hide_connection_errors'] to allow hiding host names and other error details when login fails
- issue        [security] Add configuration directive $cfg['URLQueryEncryption'] to allow encrypting senstive information in the URL
- issue        [security] Fix a scenario where an authenticated user can disable two factor authentication

4.9.7 (2020-10-15)
- issue #16397 Fix compatibility problems with older PHP versions (also issue #16399)
- issue #16396 Fix broken two-factor authentication

4.9.6 (2020-10-09)
- issue        [security] Fix XSS vulnerability with the transformation feature (PMASA-2020-5)
- issue        [security] Fix SQL injection vulnerability with search feature (PMASA-2020-6)

4.9.5 (2020-03-20)
- issue        [security] Fix SQL injection with certain usernames (PMASA-2020-2)
- issue        [security] Fix SQL injection in particular search situations (PMASA-2020-3)
- issue        [security] Fix SQL injection and XSS flaw (PMASA-2020-4)
- issue        Deprecate "options" for the external transformation; options must now be hard-coded along with the program name directly in the file.

4.9.4 (2020-01-07)
- issue #15724 Fix 2FA was disabled by a bug
- issue        [security] Fix SQL injection vulnerability on the user accounts page (PMASA-2020-1)

4.9.3 (2019-12-26)
- issue #15570 Fix page contents go underneath of floating menubar in some cases
- issue #15591 Fix php notice 'Undefined index: foreign_keys_data' on relations view when the user has column access
- issue #15592 Fix php warning "error_reporting() has been disabled for security reasons"
- issue #15434 Fix middle click on table sort column name shows a blank page
- issue        Fix php notice "Undefined index table_create_time" when setting displayed columns on results of a view
- issue #15571 Fix fatal error when trying to edit row with row checked and button under the table
- issue #15633 Fix designer set display field broken for php 5.x versions
- issue #15621 Support CloudFront-Forwarded-Proto header for Amazon CloudFront proxy
- issue        Fix php 8.0 php notices - Undefined index on login page
- issue #15640 Fix php 7.4 error when trying to access array offset on value of type null on table browse
- issue #15641 Fix replication actions where broken (start slave, stop slave, reset, ...)
- issue #15608 Fix DisableIS is broken when with controluser configured (database list broken)
- issue #15614 Fix undefined offset on index page for MySQL 5.7.8 (server charset)
- issue #15692 Fix JavaScript error when user has not enough privilege to view query statistics.
- issue #14248 Fixed date selection in search menu missing higher Z-index value
- issue        Fix Uncaught php TypeError on php 8.0 when adding a column to table create form
- issue #15682 Fix calendar not taking current time as default value
- issue #15636 Fix php error trying to access array offset on value o type null on replication GUI
- issue #15695 Fix input field for the time in datetime picker is disabled

4.9.2 (2019-11-21)
- issue #14184 Change the cookie name from phpMyAdmin to phpMyAdmin_https for HTTPS, fixes many "Failed to set session cookie" errors
- issue #15304 Fix ssl_use php error
- issue #14804 Fix undefined index: ssl_* variables
- issue #14245 Fix mysql 8.0.3 and above fails on advisor
- issue #15499 Fix unparenthesized php deprecation
- issue #15482 Fix URL encoding plus sign (+) in the table or DB name when configuring foreign keys
- issue #14898 Fixed bottom table in list in left panel blocked by horizontal scroll bar
- issue #15161 Fix text area overflows its parent element on "Query" page
- issue #15511 Fixed exporting users after a delete will delete all selected users on "Users" page
- issue #14598 Fixed checking referencial integrity on "Operations" page
- issue #14433 Fix "You do not have privileges to manipulate with the users!" on root superadmin
- issue #15391 Fix GIS polygon of a geometry field is not drawn on "GIS visualization"
- issue #15311 Fix adjust privileges on copy database fails with MariaDB
- issue #15477 Fix display referential integrity check for InnoDB
- issue #15236 Support phpunit 8 in our test suite to help packaging phpMyAdmin on Debian
- issue #15522 Fix missing image error fills logs, removed ic_b_info icon from icon list
- issue #15537 Fixed some issues with the sort by key selectors
- issue #15546 Fix operators precedence in DatabaseInterface class
- issue #14906 Test test suite on 32-bit systems
- issue        Fix Long2IP transformation issue with PHP 7.1
- issue #14951 Fix moving columns with DEFAULT NULL doesn't work on MariaDB 10.2+
- issue #14951 Fix moving columns with INT AND DEFAULT CURRENT_TIMESTAMP doesn't work on MariaDB
- issue #12241 Fixed table alias is removed when exporting a query
- issue #15316 Fixed cross join clause is removed on export
- issue #14809 Fix error "is_uploaded_file() expects parameter 1 to be string" when inserting blobs from files
- issue #15127 Fix white square when refreshing designer or browsing other pages
- issue #13912 Detect when phpMyAdmin storage tables are not accessible, help users browse corrupt DBs
- issue #15465 Display profiling when query outputs no rows
- issue        Fix setting and removing display field on Designer
- issue        Added a warning when trying to set a display field on Designer and configuration storage is not setup
- issue #15327 Fix shift-click in Export misses a checkbox
- issue        [security] Fix improperly sanitized data when showing the Git branch (thanks to Ali Hubail for this report)
- issue        [security] Fix security weaknesses in Designer feature,including a flaw where an attacker could trigger an SQL injection attack (PMASA-2019-5)

4.9.1 (2019-09-20)
- issue #15313 Added support for Twig 2
- issue #15315 Fix cannot edit or export column with default CURRENT_TIMESTAMP in MySQL >= 8.0.13
- issue        Fix a TypeError in Import class with PHP 8
- issue #14270 Fix Middle-click on foreign key link broken
- issue #14363 Fix broken relational links in tables
- issue #14987 Fix weird error for empty collation
- issue #15334 Fix export of GIS visualisation not working (PNG, PDF, SVG)
- issue #14918 Use hex for the phpMyAdmin session token
- issue        Added GB18030 Chinese collations description
- issue        Added Russian, Swedish, Slovak and Chinese UCA 9.0.0 collations description
- issue        Added description for the _ks (kana-sensitive) collation suffix
- issue        Added description for the _nopad (NO PAD) collation suffix
- issue #15404 Remove array/string curly braces access
- issue #15427 Fixed "FilterLanguages" option does not work (configuration)
- issue #15202 Fixed creating user with single quote in password results in no password user
- issue #14950 Fixed left database overview "add column" triggers error
- issue #15363 Fix remove unexpected quotes on text fields (structure and insert)
- issue        Fix NULL wrongly checked on field change
- issue #15388 Fix allow to rollback an empty statement
- issue #14291 Fixed incorrect linkage from one table's value to another table
- issue #15446 Fix tables added from other databases are not collapsing in the designer section
- issue #14945 Fix designer page save fails if dB name contains period
- issue        Display an error when trying to import in designer a table that's already imported
- issue        Fix many bugs when adding new tables to designer
- issue        Update CodeMirror to v5.48.4
- issue        Update jQuery Migrate to v3.1.0
- issue        Update jQuery Validation to v1.19.1
- issue        Update jQuery to v3.4.1
- issue        Update js-cookie to v2.2.1
- issue        Remove fieldset closing tag when setting global privileges
- issue #15425 Fix backslash in column name resulting an error in editing
- issue #15380 Fix Status - Advisor error
- issue #15439 Fix designer page status not updated when added a new table from another database
- issue #15440 Fix page number is not being updated in the URL after saving a designer's page
- issue        Fix reloading a designer's page
- issue        Fix designer full screen mode button and text stuck when exiting full-screen mode
- issue        Reduced possibility of causing heavy server traffic between the database and web servers
- issue        Fix a situation where a server could be deleted while an administator is using the setup script

4.9.0.1 (2019-06-04)
- issue #14478 phpMyAdmin no longer streams the export data
- issue #14514 Tables with SYSTEM VERSIONING show up as views instead of tables
- issue #14515 Values cannot be edited in SYSTEM VERSIONING tables with INVISIBLE timestamps
- issue        Fix header icon on server plugins page
- issue #14298 Fixed error 500 on MultiTableQuery page when a empty query is passed
- issue #14402 Fixed fatal javascript error while adding index to a new column
- issue #14896 Fixed issue with plus/minus icon when refreshing an expanded database
- issue #14922 Fixed json encode error in export
- issue #13975 Fixed missing query time in German (fix decimal number format issue)
- issue #14503 Fixed JavaScript events not activating on input (sql bookmark issue)
- issue #14898 Fixed Bottom table is blocked in database list (left panel)
- issue #14425 Fixed Null Checkbox automatically unmarked
- issue #14870 Display correct date and time in Zip files
- issue #14763 Fixed the loading symbol not appearing when refreshing the navigation
- issue #14607 Count rows only if needed
- issue #14832 Show Designer combo boxes when adding a constraint
- issue #14948 Fix change password is not showing password strength difference at the second attempt
- issue #14868 Fix edit view
- issue #14943 Fixed loading Forever when creating new view without filling any field
- issue #14843 Fix Bookmark::get() id matching SQL
- issue #14734 Fixed invalid default value for bit field
- issue #14311 Fixed undefined index in setup script
- issue #14991 Fixed TypeError in GIS editor
- issue        Fixed GIS data editor for multi server setup
- issue #14312 Fixed type error in setup script when adding new server
- issue #14053 Fix missed padding on query results
- issue #14826 Fixed javascript error PMA_messages is not defined
- issue        Show error message if config-set fails and not "loading..." forever
- issue #14359 Prevent multiple error modals, and error-report request spamming from script
- issue        Fixed error reporting javascript errors on multi server setup
- issue        Fixed wrong property name on TableStructureController
- issue #14811 Fix SHOW FULL TABLES FROM when a table is locked
- issue #14916 Fix bug when creating or editing views
- issue #14931 Fixed php error when using a query like SELECT 1 INTO @a; SELECT @a; in inline query edit
- issue #15074 Make the server logo visible on theme "original"
- issue #15077 Fixed incorrect page numbers
- issue #14205 Fixed "No tables found in database" when you delete all tables from last page
- issue #14957 Virtuality is not selected when editing generated column (added virtuality(stored) option for mariadb)
- issue #14853 Insert page should not allow entering things into virtual columns
- issue #15110 Fixed TypeError e.preventDefaulut is not a function
- issue #15115 Improved label in Settings export, clarifying that it's a JSON file
- issue #14816 Fixed [designer] Cannot read property 'style' of null
- issue        Fixed [designer] Add new tables with database/table list modal
- issue        Fixed query format on multi server setup
- issue        Fixed remove partitioning on multi server setup
- issue        Fixed normalization
- issue        Fixed 'RESET SLAVE' button on replication slave
- issue        Fixed sending a php error report on multi server setup
- issue        Fixed downloading of monitor parameters for IE 11, Edge, Chrome and others
- issue #15141 Fixed php notice Undefined index: designer_settings
- issue #12729 Fixed sticky table header over dropdown menu
- issue #15140 Fixed edit link does not work on failed insert
- issue #14334 Fixed export table structure shows rows fields
- issue #15010 Fixed empty SQL preview modal on tbl_relation
- issue #14673 Fixed innodb & MySQL 8: DYNAMIC & COMPRESSED ROW_FORMAT missing
- issue        Fixed empty success message when adding a new INDEX from left panel
- issue #15150 Fixed generate password hidden on second open of change password modal
- issue        Fixed import XML data with leading zeros
- issue #15036 Fixed missing input fields checks for MaxSizeForInputField
- issue #15119 Fixed uninterpreted HTML on Settings->Export page
- issue #15159 Fixed missing query time and database in console
- issue #13713 Fixed column comments in the floating table header
- issue #15177 Fixed label alignment on login page
- issue #15210 Fixed a typo in the english name of the Albanian language
- issue        Fixed issue when resetting charset in import.php
- issue #14460 Fixed forms where submitted multiple times on CTRL + ENTER
- issue #15038 Fixed console height was allowing a negative values
- issue #15219 Fixed 'No Password' option does not switch automatically to 'Use Text Field' in add user account
- issue        Fixed importing the exported config on Server status monitor page
- issue #15228 Fixed php notice 'Undefined index: foreign_keys_data' on designer when the user has column access
- issue #12900 Fixed designer page saving gives error when configuration storage is not set up
- issue #15229 Fixed php notice, added support for 'DELETE HISTORY' table privilege (MariaDB >= 10.3.4)
- issue #14527 Fixed import settings function not working
- issue #14908 Fixed uninterpreted HTML on Settings->Import (missing data error descriptions)
- issue #14800 Fixed status->Processes doesn't show full query process list page
- issue #14833 Fixed sort by Time not working in process list page
- issue #14982 Fixed setting "null" keep an "enum" value
- issue #14401 Fixed insert rows keypress Enter behavior
- issue #15146 Fixed error reports can not be sent because they are too large
- issue #15205 Fixed useless backquotes on sql preview modal when deleting an index
- issue #13178 Fixed issues with uppercase table and database names (lower_case_table_names=1)
- issue #14383 Fixed warning when browsing certain tables (GIS data)
- issue #12865 Fixed MySQL 8.0.0 issues with GIS display
- issue #15059 Fixed "Server charset" in "Database server" tab showing wrong information
- issue #14614 Fixed mysql error "#2014 - Commands out of sync; you can't run this command now" on sql query
- issue #15238 Fixed phpMyAdmin 4.8.5 doesn't show privileges of procedures (raw html displayed instead)
- issue #13726 Fixed can not copy user on Percona Server 5.7
- issue #15239 Fixed javascript error while fetching latest version info and switching pages
- issue #14301 Fixed javascript error when editing a JSON data type column
- issue #15240 Fixed apply a Settings form with errors shows a JSON response after using return back
- issue #15043 Fixed multiple errors printing on Settings page
- issue #15037 Fixed unexpected behavior of reset button on Settings
- issue #15157 Fixed 'Settings' tab not marked as active when browsing 2FA settings
- issue #14934 Fixed all fields readonly on Edit/Insert screens
- issue #14588 Fixed export of geometry objects, GIS objects are now exported as hex
- issue #14412 Better handling of errors with Signon authentication type
- issue        Added support for AUTO_INCREMENT when using ROCKSDB, on Operations page
- issue #15276 Fixed partitioning is missing in Structure page UI (MySQL 8.0)
- issue #14252 Fixed DisableIS and database tree list (new database missing when refreshing the list)
- issue #14621 Removed "Propose table structure" on MySQL 8.0
- issue        Fixed editing of virtual columns on PerconaDB
- issue #13854 Fixed column options are ignored for GENERATED/VIRTUAL/STORED columns
- issue #15262 Fixed incorrect display of charset column (raw html)
- issue        Added explicit parentheses in nested ternary operators
- issue #15287 Fix auto_increment field is too small
- issue #15283 Fix tries to change collation on views when changing collation on all tables/fields
- issue        Fixed empty PMA_gotoWhitelist JavaScript array
- issue #15079 Fixed responsive behaviour of instruction dialog box
- issue #10846 Fixed javascript error when renaming a table
- issue        Updated sql-parser to version 4.3.2
- issue        [security] SQL injection in Designer (PMASA-2019-3)
- issue        [security] CSRF attack on 'cookie' login form (PMASA-2019-4)

4.8.5 (2019-01-25)
- issue        Developer debug data was saved to the PHP error log
- issue #14217 Fix issue when adding user on MySQL 8.0.11
- issue #13788 Exporting a view structure based on another view with a sub-query throws no database selected error
- issue #14635 Fix PHP error in GitRevision, error in processing request, error code 200
- issue #14787 Cannot execute stored procedure
- issue        Add Burmese language
- issue #14794 Not responding to click, frozen interface, plugin Text_Plain_Sql error
- issue #14786 Table level Operations functions missing
- issue #14791 PHP warning, db_export.php#L91 urldecode()
- issue #14775 Export to SQL format not available for tables
- issue #14782 Error message shown instead of two-factor QR code when adding 2fa to a user
- issue        [security] Arbitrary file read/delete relating to MySQL LOAD DATA LOCAL INFILE and an evil server instance (PMASA-2019-1)
- issue        [security] SQL injection in Designer (PMASA-2019-2)

         --- Older ChangeLogs can be found on our project website ---
                     https://www.phpmyadmin.net/old-stuff/ChangeLogs/

# vim: et ts=4 sw=4 sts=4
# vim: ft=changelog fenc=utf-8
# vim: fde=getline(v\:lnum-1)=~'^\\s*$'&&getline(v\:lnum)=~'\\S'?'>1'\:1&&v\:lnum>4&&getline(v\:lnum)!~'^#'
# vim: fdn=1 fdm=expr