Add a few examples for AllowDeny rules.

[phpmyadmin.git] / ChangeLog

phpMyAdmin - ChangeLog
======================

4.8.4 (not yet released)
- issue #14452 Remove hash param in edit query URL
- issue #14295 Issue in Changing theme
- issue #13267 Ensure that database names with '.' are handled properly when DisableIS is true
- issue #14438 Invisible Icon "Show Full Queries"
- issue #14133 CSS issue in Designer
- issue #14447 Error while copying database (pma__column_info)
- issue #14571 "No database selected" - DROP a view
- issue #14636 Move operation causes SELECT * FROM `undefined`
- issue #14630 Enum '0' produces incorrect search SQL
- issue #14223 Fix TypeError in database designer
- issue #13621 QBE selenium tests broken since merge of #13342

4.8.3 (2018-08-22)
- issue #14314 Error when naming a database '0'
- issue #14333 Fix NULL as default not shown
- issue #14229 Fixes issue with recent table list
- issue #14045 Fix slow performance on DB structure filtering
- issue #14327 Fix Editing server variable not showing save or cancel option
- issue #14377 Populate options for view create and edit
- issue #14171 2FA configuration fails if PHP doesn't have GD support
- issue #14390 Can't unhide tables
- issue #14382 "Visualize GIS data" icon missing
- issue #14435 Event scheduler status toggle doesn't work
- issue #14365 View not working on multiple servers
- issue #14207 Partition actions in table structure do not work
- issue #14375 Fixes ERR_BLOCKED_BY_XSS_AUDITOR on export table
- issue #14552 Blank message shown instead of MySQL error when adding trigger and other locations
- issue #14525 Fix PHP 7.3 warning: "continue" in "switch" is equal to "break"
- issue #14554 Icon missing when creating a new trigger, routine, and event
- issue #14422 Table comment not showing since 4.8.1
- issue #14426 Drop table doesn't work when you copy tables to another database
- issue #14581 Escaped HTML in 'Add a new server' setup
- issue #14548 [security] HTML injection in import warning messages, see PMASA-2018-5

4.8.2 (2018-06-21)
- issue #14370 WHERE 0 causes Fatal error
- issue #14225 Fix missing index icon
- issue        [security] XSS vulnerability in Designer, see PMASA-2018-3
- issue        [security] File inclusion and remote code execution vulnerability, see PMASA-2018-4

4.8.1 (2018-05-24)
- issue #12772 Fix case where the central columns attributes don't get filled in
- issue #14049 Fix case where the query builder doesn't work when selected column is *
- issue #14029 Revert "Browse" table CSS overflow
- issue #14241 Dropping indexes and foreign keys fail
- issue #14227 Relational linking broken
- issue #14246 Fixed error in configuration storage zero config
- issue #14128 Show 2FA Secret next to QR code
- issue #14212 XML Export from single table throws fatal error
- issue #14239 Line and some other charts ignore result set order of values chosen for the x-axis
- issue #14260 Fixed configuration for DefaultLang and Lang
- issue #14264 Linking for 'Distinct values' broken
- issue #13968 Fix MariaDB 10.2 current_timestamp()
- issue #14249 Fix for missing go button in view edit
- issue #14125 Fix for issues with spatial fields
- issue #14189 Remember table's sorting broken
- issue #14289 Fix multi-column sorting
- issue #14278 Fix central columns in-line edit bug
- issue #14066 Fix AUTO_INCREMENT error when only exporting table structure in database-level exports
- issue #13893 Simulating queries produces unexpected results
- issue #14309 Setup script icons missing

4.8.0.1 (2018-04-19)
- issue        [security] Multiple CSRF vulnerabilities, See PMASA-2018-02

4.8.0 (2018-04-07)
- issue #12946 Allow to export JSON with unescaped unicode chars
- issue #12983 Disable login button without solved reCaptcha
- issue #12315 Allow to remove individual segments from pie charts
- issue        Change label from "Improve table structure" to "Normalize" to match standard terminology
- issue #13087 Offer login as different user on access denied from MySQL
- issue #13110 Indicate when HTTPS is not properly reported on the server
- issue #13119 No database selected error when adding foreign key
- issue #12388 Improved database search to allow search for exact phrase match
- issue #13099 Report error when trying to copy database to same name
- issue #13167 Themes now have to contain metadata in theme.json
- issue #6363  phpMyAdmin no longer requires eval() in PHP
- issue #12386 The mbstring dependency is now optional
- issue #13269 Small refactoring in preparation to CSP
- issue #13384 Database link broken in Databases Page
- issue #13391 Configurable authentication logging using $cfg['AuthLog']
- issue #13086 Add support for Google Invisible Captcha
- issue #13058 Improved error reporting for reCAPTCHA
- issue #12899 Improved rendering of server variables table
- issue #12948 Fixed javascript editor for TIME values
- issue #13095 Fixed alignment of foreign keys editing
- issue #12944 Improved inline editor for JSON
- issue #13145 Improved layout of operations pages
- issue #13448 Add "format" query button in edit view form
- issue #6241  Implement Responsive Design/mobile interface
- issue        Use a single location for classes under PhpMyAdmin namespace
- issue #12354 Indicate SSL status on main page
- issue #5666  Configuration directives for defaults of Transformation options
- issue #12261 Remove inline JavaScript
- issue #13408 Show MySQL warnings when executing SQL queries
- issue #5827  Allow Designer to show tables from other databases
- issue #13268 Replace Query-By-Example with multi-table query generator interface
- issue #13576 Add privileges export to per-database listing
- issue        Consolidate functions into class files
- issue #13560 Add support for changing collation for all tables and columns in database
- issue #13303 Add support for creating fulltext index from table structure
- issue #13711 Lower default value for $cfg['MaxExactCount']
- issue #13722 DisableIS is not fully honored
- issue #6197  Added support for authentication using U2F and 2FA
- issue #13480 Avoid removing cookies on upgrade
- issue #13397 Remember state of navigation panel
- issue #11688 Reduced cookie usage
- issue #13466 Better utilization of user preferences
- issue #14042 Rename PMD to Designer
- issue #13940 Honor arg_separator in AJAX requests
- issue #14060 Can't edit rows in Internet Explorer
- issue #14096 Internet Explorer compatibility; fixes JavaScript error Object doesn't support property or method 'startsWith'

4.7.9 (2018-03-05)
- issue #13931 Fixed browsing tables with more results
- issue #13927 "Not an integer" when browsing a table
- issue #13887 "Input variables exceeded 1000" error relating to PHP's max_input_vars directive

4.7.8 (2018-02-20)
- issue #13914 Fixed resetting default setting values.
- issue #13758 Fixed fallback value for collation connection.
- issue #13938 Fixed error handling in PHP 7.2
- issue        [security] Fix XSS in Central Columns Feature, See PMASA-2018-01

4.7.7 (2017-12-23)
- issue #13865 Fixed displaying of formatted numeric values for some locales
- issue #13856 Ensure datetimepicker is always loaded for datetime fields
- issue #13848 Fixed PHP error when browsing certain results
- issue        [security] Fix XSRF/CSRF vulnerability, see PMASA-2017-09

4.7.6 (2017-11-29)
- issue #13517 Fixed check all interaction with filtering
- issue #13803 Add SJIS-win to default list of allowed charsets
- issue #13436 Improve detection that MySQL server needs SSL connection
- issue #13038 Support JSON datatype on MariaDB 10.2.7 and newer
- issue #13824 Fixed constructing ALTER query with AFTER
- issue #13821 Lock page when changes are done in the SQL editor
- issue #13842 Prefer iconv for encoding conversions
- issue #13737 Fixed changing password on MariaDB cluster

4.7.5 (2017-10-23)
- issue #13615 Avoid problems with browsing unknown query types
- issue #13612 Integrate tooltip into datetime pickers
- issue #13628 Fixed javascript error in server monitor
- issue #13444 Fixed server monitor on non Linux and Windows systems
- issue #13633 Reload javscript messages when changing language
- issue #13604 Fixed crash on invalid ordering data
- issue #13639 Fixed error when browsing non SELECT results
- issue #13533 Fixed saving column to display
- issue #13647 Fixed export of tables with VIRTUAL columns
- issue #13669 Fixed selecting multiple rows accidentally selects the next row too
- issue #13513 Fixed edit index Column alignment issue
- issue #13515 Fixed rendering of add index dialog
- issue #13710 Fixed possible error in server advisor
- issue #13477 Fixed setting input transformations
- issue #13552 Fixed IPv4/IPv6 To Binary input transformation
- issue #13686 Clicking on column name to trigger sort with an active search leads to logout
- issue #13725 Fixed copying tables with specific PARTITION definition
- issue #13761 Fixed listing of bookmarks for a database
- issue #13800 Database lost when renaming to similar name and lower_case_table_names=1

4.7.4 (2017-08-23)
- issue #13415 Remove shadow from the logo
- issue #13507 Fixed per server theme feature
- issue #13523 Missing newline in ALTER exports
- issue #13414 Fixed several compatibility issues with PHP 7.2
- issue #13550 Fixed copy results to clipboard
- issue #13562 Add limitation for user group length
- issue #13561 Fixed edit variable link in advisor
- issue #13579 Optimize table link should not be visible in print page
- issue #13553 Improved error handling on corrupted tables
- issue #13512 Fixed rendering of add index dialog
- issue #13606 Fixed refreshing server variables

4.7.3 (2017-07-20)
- issue #13447 Large multi-line query removes Export operation and blanks query box options
- issue #13445 Fixed rendering of query results
- issue #13437 Fixed version check when not connected to a database
- issue #13465 Fixed creating relation
- issue #13475 Fixed export without backquotes
- issue #13482 Improved handling of uploaded files with open_basedir
- issue #13387 Fixed inline editing of hex values
- issue #13382 Fixed size of index edit dialog
- issue #13489 Fixed rendering SQL lint errors
- issue #13468 Avoid breakage if set_time_limit is disabled
- issue #13471 Fail if ini_set/ini_get are disabled
- issue #13436 Automatically connect using SSL when server is configured so
- issue #13478 Fixed usage of some browser transformations

4.7.2 (2017-06-29)
- issue #13314 Make theme selection keep current server
- issue #13311 Fixed direct login for accounts without password
- issue #13316 Fixed check for mbstring.func_overload
- issue #13323 Fixed wrong encoding of table at triggers
- issue #12976 Fixed natural sorting in several places
- issue #12718 Show warning for users removed from mysql.user table
- issue #13362 Fixed loading additional javascripts
- issue #13343 Fixed editing QBE
- issue #13193 Improved documentation on user settings
- issue #13092 Gracefully handle early fatal errors in AJAX requests
- issue #13327 Fixed Incorrect NavigationTreeEnableExpansion default value in the documentation
- issue #13008 Fixed export of database with a lot of tables
- issue #13318 Improved performance when importing with enabled tracking
- issue #13386 Avoid PHP errors with non existing configuration on OS X
- issue #13388 Show only supported charsets for conversion
- issue #13392 Fixed operation with session.auto_start enabled
- issue #13383 "Create PHP code" is broken
- issue #13189 Fixed links to resume timeouted import

4.7.1 (2017-05-25)
- issue #13132 Always execute tracking queries as controluser
- issue #13125 Focus on SQL editor after inserting field name
- issue #13133 Fixed broken links in setup
- issue #13135 Database list Tooltips: Show wrong value
- issue #13150 Fixed pagination while browsing resuls
- issue #13149 Fixed outbound links in changelog.php
- issue #13146 Do not include devel dependencies in the release
- issue #13144 Do not show New as a database in database dropdown
- issue #13130 Fixed handling of errors in AJAX requests
- issue #13152 Fixed PHP error in case of invalid table preferences
- issue #13154 Fixed PHP error on password change
- issue #13219 Fix Refresh of Process List
- issue #13182 Fix refresh of long queries
- issue #12301 Improved handling of logout with disabled LoginCookieDeleteAll
- issue #13216 Add support for MySQL 8.0 collations
- issue #13218 Fixed rendering of phpMyAdmin logos
- issue #13234 Properly report not working sessions
- issue #13256 Fixed password check on server replication
- issue #13252 Fixed grid editing time column
- issue #13258 Fixed detection of Amazon RDS
- issue #13241 Redirect user to last page that has any tables to display
- issue #13266 Fix link to User accounts overview page
- issue #13274 Fix error in query builder
- issue #13177 Grid editing repeats action after error

4.7.0 (2017-03-28)
- patch #12233 [Display] Improve message when renaming database to same name
- issue #6146  Log authentication attempts to syslog
- issue #11981 Remove support for Swekey authentication
- issue #11987 Remove code for no longer supported MSIE versions
+ issue #11962 Remove embedded PHP libraries, use composer to install them
+ issue #12017 Cannot easily select multiple tables when exporting
+ issue #12047 Add javascript filtering for databases
- issue #12166 More compact rendering of navigation tree
+ issue #12129 Improve performance with SkipLockedTables
- issue #12173 Do not hide indexes under a slider
- issue        Improve performance of zip file import
- issue #12196 Removed $cfg['ThemePath']
- issue #6274  Add support for export user settings as config.inc.php snippet
- issue #5555  Better report query errors while generating SQL exports
- issue #12307 Produce valid JSON on export
- issue #12325 Setup script icons broken
- issue #12378 Support IPv6 proxies
- issue        Removed MySQL connection retry without password
- issue #12218 Allow to specify further parameters for control connection
- issue #12162 Show charset for each table on Database structure page
- issue #12463 Incorrect link in the href of icon at Hide/Show unhide links
- issue #12330 Shortcut for closing console
- issue #12465 Improved handling of http requests
- issue #12474 Broken links in Setup forms Navigation
- issue #12494 Can't add a new User
- issue #12523 Add 'token' Parameter in all POST requests (Fix 'Token mismatch' errors)
- issue #12302 Improved usage of number_format
- issue #12656 Server selection not working
- issue #12543 NULL results in dataset are colored grey
- issue #12664 Create Bookmark broken
- issue #12688 Use unsigned int for storing bookmark ID
- issue #12352 Added password strength indicator
- issue #12713 Correctly handle HTTP status when doing requests
- issue #12247 Add option to delete settings from browser storage
- issue #12783 Remove unused PMA_addJSCode function
- issue #12069 Add table filtering to database structure
- issue #12799 Allow to configure signon session parameters
- issue #12854 Drop database is broken
- issue #12863 Can't toggle Event Scheduler on
- issue #12742 Finish removing dead code references to xls/xlsx import and export, which was removed some time ago.
- issue #12536 Rename "Relations" to "Relationships" in many places as it's the more proper term
- issue #12834 Fixed margins in central columns feature
- issue #12903 Document more export configuration options
- issue #12897 Use consistent numeric format for table overhead
- issue #12901 Use server returned table name on renaming table
- issue #12918 Always use \r\n as newline when editing fields
- issue #12923 Fixed server side search in navigation panel
- issue #12929 Undefined index warning with ssl_ca_paths
- issue #12924 Do not show errors from OpenSSL cookie encryption/decryption
- issue #12945 Fixed hint rendering on adding new user
- issue #12941 Fixed sorting of tables in relation view
- issue #12936 Fixed tables pagination in navigation panel
- issue #12904 Do not collapse add form for central columns if there are none
- issue #12955 Fixed database renaming
- issue #12954 Fixed export of tracking data
- issue #12960 Enclose exports in transaction by default
- issue #12966 After adding a column ADD INDEX option won't be displayed when enabling AI
- issue #12972 Better error message when Composer has not been run
- issue #12988 Do not show language selector without choices
- issue #12993 Fixed external links to php documentation
- issue #12990 Fixed error when loading favorite tables to console
- issue #12981 Improved rendering of new version information
- issue #12922 Fixed bookmarks ordering
- issue #12964 Fixed table search in navigation
- issue #12985 Fixed rendering of foreign key browsing
- issue #12957 Fixed manipulation with GIS data having zero coordinates
- issue #12804 Fixed various designer javascript errors
- issue #12934 Fixed possible javascript error on server status page
- issue #12927 Fixed javascript error on 3NF normalization
- issue #12996 List all databses in navigation panel database dropdown
- issue #12980 Better defaults when creating multi field foreign key
- issue #12976 Improved foreign key editor behavior
- issue #12958 Always show error reporting dialog on top
- issue #12693 Improved support for TokuDB
- issue #11231 Try harder to honor LoginCookieValidity setting
- issue #13016 and #13017 Slight improvements to the table layout of Relation view
- issue #12345 Correctly show affected rows for LOAD DATA queries
- issue #13010 Copy database: SQL error for copying PMADB metadata
- issue #13002 Fixed OpenDocument exports
- issue #13000 Align NULL values according to the column alignment
- issue #13021 Show phpMyAdmin errors even with error_reporting set to 0
- issue #13020 Removed warning about client and server versions mismatch
- issue        Hide comments on table Structure tab when no comment is set
- issue        Fixed submission of error reports
- issue #13033 Use Referrer-Policy header to specify referrer policy
- issue        Fixed javascript confirmation of dangerous queries
- issue #13040 Compatibility with hhvm 3.18
- issue #13031 Fixed displaying of all rows
- issue #12967 Fixed related field selection for native relations
- issue #13045 Properly escape MIME transformatoin names
- issue #13028 Always show 100% in font selector
- issue #13047 Fix query simulating for more servers
- issue #12846 Fix new version check for sites with wrongly configured curl
- issue #12951 When exporting to Excel, the default is now to include column names in the first row
- issue #13059 Removed debugging code
- issue #13029 Fixed table tracking for nested table groups
- issue #13053 Fixed broken links in setup
- issue #12708 Removed phpMyAdmin version from User-Agent header
- issue #13084 Do not point users to setup when it is disabled
- issue #12660 Delete only phpMyAdmin cookies on upgrade
- issue #13088 Fixed editing of rows with text primary key
- issue #13092 Do not try to sync favorite tables if configuration storage is not enabled
- issue #13105 Fixed changing attribute for virtual field
- issue #12757 Fixed setting password on recent MariaDB with non working plugins
- issue #12349 Fixed undefined variable on import from some formats
- issue #13103 Do not offer default names for copying/renaming databases
- issue        [security] Possible to bypass $cfg['Servers'][$i]['AllowNoPassword'], see PMASA-2017-08

4.6.6 (2017-01-23)
- issue #12759 Fix Notice regarding 'Undefined index: old_usergroup'
- issue #12760 Fix Notice regarding 'Undefined index: users'
- issue #12762 Fixed parsing of SQL with BINARY function
- issue #12588 ReCaptcha now works without allow_url_fopen
- issue #12699 Show no local storage warning only on settings tab
- issue #12778 Syntax Error in Adding/Changing TIMESTAMP columns with default value as NULL
- issue #12769 Edit/Export links are not clickable under Routines tab
- issue #12757 Fixed creating new user with older MariaDB
- issue #12784 Remove ctype installation suggestion
- issue #12780 Format button replaces all text with blank spaces
- issue #12786 Fixed database searching
- issue #12792 Fixed javascript error on new version link
- issue #12785 Add information about required and suggested extensions to composer.json
- issue #12801 Custom header shown twice with cookie login form
- issue #12802 Custom footer not shown with auth_type http login failure
- issue #12434 Improve documentation for servers running with Suhosin
- issue #12800 Updated embedded phpSecLib to 2.0.4
- issue #12800 Fixed various issues with PHP 7.1
- issue #11816 Fixed operation with lower_case_table_names=2
- issue #12813 Fixed stored procedure execution
- issue #12826 Honor user configured connection collation
- issue #12293 Correctly report OpenSSL errors from cookie encryption
- issue #12814 DateTime won't allow to input length in Routine editor
- issue #12840 Fix Notice regarding 'Undefined index: row_format' when altering table options
- issue #12841 Fixed moving of columns with whitespace in name
- issue #12847 Fixed editing of virtual columns
- issue #12859 Changed WHERE condition to 0 instead of 1 for SQL query window to avoid accidents
- issue #12872 Use same query for display and execution when dropping index
- issue #12868 Fix check for user groups freatures being enabled
- issue #12876 Fix notices and warning related to dbs_to_test global
- issue #12831 Fix table formatting on Insert tab, which mostly affected row highlighting
- issue #12495 Reintroduced phpinfo page with limited capabilities
- issue #12861 Fix renaming tables with lower_case_table_names=2
- issue #12876 Fix possible PHP error in navigation
- issue #12881 Fix database search with newer php-gettext
- issue #12894 Fix linter error on unterminated variable name
- issue #12732 Fixed filtering for active processes
- issue        [security] Multiple vulnerabilities in setup script, see PMASA-2016-44.
- issue        [security] Open redirect, see PMASA-2017-1.
- issue        [security] php-gettext code execution, see PMASA-2017-2.
- issue        [security] DOS vulnerabiltiy in table editing, see PMASA-2017-3.
- issue        [security] CSS injection in themes, see PMASA-2017-4.
- issue        [security] Cookie attribute injection attack, see PMASA-2017-5.
- issue        [security] SSRF in replication, see PMASA-2017-6.
- issue        [security] DOS in replication status, see PMASA-2017-7.

         --- Older ChangeLogs can be found on our project website ---
                     https://www.phpmyadmin.net/old-stuff/ChangeLogs/

# vim: et ts=4 sw=4 sts=4
# vim: ft=changelog fenc=utf-8
# vim: fde=getline(v\:lnum-1)=~'^\\s*$'&&getline(v\:lnum)=~'\\S'?'>1'\:1&&v\:lnum>4&&getline(v\:lnum)!~'^#'
# vim: fdn=1 fdm=expr