1 ----------------------
6 $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyAdmin/ChangeLog $
8 3.1.4.0 (not yet released)
9 + patch #1808339 [doc] Apache SSLOptions and StdEnvVars FAQ,
10 thanks to JT Justman - jtjustman
11 - bug #2491017 [operations] ANSI mode not supported (db rename and table move)
12 - bug #2609346 [operations] Fix copying views.
13 - rfe #2127983 Readd documentation link, it does not protect against anything.
14 - bug #1675249 [doc] Apache reverse proxy and cookies FAQ
15 - bug #2682140 UUID() and CURRENT_USER() should not accept arguments
16 - patch #2682833 [core] Fatal error: Call to a member function isDisplayed(),
17 thanks to Christian Rodriguez - judas_iscariote
18 - patch #2702772 [lang] Duplicate sentence in Polish,
19 thanks to Pawel Smolinski - zipoking
20 - patch #2709040 [doc] Wrong link in ChangeLog formatter,
21 thanks to Petr Vorel - pevik
24 - [security] HTTP Response Splitting and file inclusion vulnerabilities
25 - [security] XSS vulnerability on export page
26 - [security] Insufficient output sanitizing when generating configuration file
29 + [lang] Turkish update, thanks to Burak Yavuz
30 - patch #2496403 [display] Multi-row change with "]",
31 thanks to Virsacer - virsacer
32 - bug #2027720 [parser] Missing space after BINARY used as cast
33 - patch #2520747 [core] E_DEPRECATED compatibility for PHP 5.3,
34 thanks to Giovanni Giacobbi - themnemonic
35 - bug [display] Message "Bookmark created" is not displaying
36 + [display] Show AUTO_INCREMENT instead of A_I when in vertical mode
37 - patch #2538358 [display] Conditions for relational display field,
38 thanks to Virsacer - virsacer
39 + [lang] Mongolian update, thanks to Bayarsaikhan Enkhtaivan - bayaraa
40 - patch #2553372 [display] DB comment tooltips not shown on navi,
41 thanks to Erdem - ahard
42 - patch #2561433 [structure] Display true number of rows in a view
43 if it contains less than MaxExactCountViews,
44 thanks to Virsacer - virsacer
45 + [lang] Polish update, thanks to Fixer - fixeron
46 - bug #2568722 [designer] Compound key not shown
47 - patch #2550323 [XHTML] in server_databases.php, thanks to Virsacer - virsacer
48 - patch #2358861 [navi] Row count tooltip wrong for information_schema,
49 thanks to Herman van Rink - helmo
50 - bug #2565948 [core] Changing the connection collation changed the client
52 + [lang] Romanian update, thanks to Sergiu Bivol - sbivol
53 - patch #1760205 [data] Insert as new row: BLOB is lost,
54 thanks to Herman van Rink - helmo
55 + [lang] Georgian update, thanks to George Machitidze
59 - bug #1253252 [display] Can't NULL a column with relation defined
60 - bug #2009500 [SQL] Small improvements in generated SQL (partial fix)
61 - bug #1963184 [export] YAML export improvement,
62 thanks to Bryce Thornton - brycethornton
63 + [lang] Dutch update, thanks to Herman van Rink - helmo
64 - patch #2407785 [cleanup] ereg*() deprecated in PHP 5.3,
65 thanks to Alex Frase - atfrase
66 - bug #2417058 [properties] Edit fields: losing auto-increment setting
67 - patch #2444082 [changelog] changelog.php linkifies one link wrong,
68 thanks to Robert Xiao - nneonneo
69 - bug #2363653 [properties] Various problems with table structure
70 - bug [display] BIT field contents disappear when edited
71 + [lang] Czech update, thanks to Ondřej Vadinský.
72 - bug #2461735 [operations] Table operations adds "row_format"
73 - bug #2445213 [export] Commas for CSV Excel 2008 for Mac
74 - bug #2397877 [core] ForceSSL and http auth_type
75 - bug #2473127 [display] Deleting rows displays tbl structure, not contents
76 - patch #2478940 [core] PHP 5.2+ warning does not work,
77 thanks to Jürgen Wind - windkiel
78 - bug #2416418 [privileges] Escaping special characters
81 - patch #2242765 [core] Navi panel server links wrong,
82 thanks to Martin Stricker - martinstricker
83 - bug #2186823 [core] bad session.save_path not detected
84 - bug #2202709 [core] Re-login causes PMA to forget current table name
85 - bug #2280904 [export] do not include view name in export
86 - rfe #1688975 [display] enable copying of auto increment by default
87 - bug #2355753 [core] do not bail out creating session on any PHP warning
88 - bug #2355925 [display] properly update tooltips in navigation frame
89 - bug #2355923 [core] do not use ctype if it is not available
90 - bug #2356433 [display] HeaderFlipType "fake" problems,
91 thanks to Michal Biniek
92 - bug #2363919 [display] Incorrect size for view
93 - bug #2121287 [display] Drop-down menu blinking in FF
94 + [lang] Catalan update, thanks to Xavier Navarro
95 + [lang] Finnish update, thanks to Jouni Kahkonen
96 - [core] Avoid error with BLOBstreaming support requiring SUPER privilege
97 - [security] possible XSRF on several pages
100 + [auth] Support for Swekey hardware authentication,
101 see http://phpmyadmin.net/auth_key
102 - bug #2046883 [core] Notices about deprecated dl() (so stop using it)
103 + BLOBstreaming support, thanks to Raj Kissu Rajandran and
104 Google Summer of Code 2008
105 + patch #2067462 [lang] link FAQ references in messages,
106 thanks to Thijs Kinkhorst - kink
107 + new setup script, thanks to Piotr Przybylski (work in progress)
108 - rfe #1892243 [export] more links to documentation
109 + [auth] cookie auth now autogenerates blowfish_secret, but it has some
110 limitations and you still should set it in config file
111 + [auth] cookie authentication is now the default
112 + [auth] do not allow root user without password unless explicitly enabled by
114 + rfe #1778908 [auth] arbitrary server auth can now also accept port
115 - patch #2089240 [export] handle correctly switching SQL modes
116 + rfe #1612724 [export] add option to export without comments
117 - bug #2090002 [display] Cannot edit row in VIEW
118 - patch #2099962 [js] fix js error without frameset, thanks to Xuefer
119 - patch #2099972 [structure] Display None when there is no default value,
120 thanks to Xuefer - xuefer
121 - patch #2122883 [PDF schema] Option to display just the keys,
122 thanks to Samuel Sol Villar dos Santos - yohanleafheart
123 + rfe #1276463 [search] Search empty/not empty values
124 + rfe #823652 [structure] ENUM values: field size too small
125 - [lang] Persian update, thanks to Goolex - goolex
126 - [lang] Czech update, thanks to Ondřej Vadinský.
127 - patch #2255890 [lang] English-language cleanup,
128 thanks to Isaac Bennetch - ibennetch
129 + [lang] Norwegian update, thanks to Sven-Erik Andersen
130 + [lang] Hungarian update, thanks to Jozsef Tamas Herczeg - dodika
131 + [lang] French update by Marc Delisle - lem9
132 - bug #2222344 [display] Query involving a function shown as binary
133 + [lang] Italian update, thanks to fantu - fantu
134 + [lang] Swedish update, thanks to Björn T. Hallberg
135 - bug #2315549 [import] fclose() error with "Create PHP code"
136 + [lang] Polish update, thanks to Jakub Wilk
138 3.0.2.0 (not released)
139 - [lang] Italian update, thanks to Luca and fantu
140 - bug #2107583 [GUI] Leading newline truncated, thanks to Isart Montane
141 - bug #2222230 [import] Assigning a value in import.php, thanks to
145 - [security] XSS in a Designer component
148 - bug #2134126 [GUI] SQL error after sorting a subset
149 + [lang] Catalan update, thanks to Xavier Navarro
150 + [lang] Russian update, thanks to Victor Volkov
151 - patch #2143882 [import] Temporary uploaded file not deleted,
152 thanks to David Misc - dmisc
153 - bug #2136986 [auth] Cannot create database after session timeout
154 - bug #1914066 [core] ForceSSL generates incorrectly escaped redirections,
155 this time with the correct fix
156 + [lang] Hungarian update, thanks to Jozsef Tamas Herczeg - dodika
157 - bug #2153970 [core] Properly truncate SQL to avoid half of html tags
158 + [lang] Romanian update, thanks to Sergiu Bivol - sbivol
159 - bug #2161443 [structure] Incorrect index choice shown when modifying an
161 - bug #2127094 [interface] Misleading message after cancelling an action
162 + [lang] Croatian update, thanks to Renato Pavicic
163 + [lang] Finnish update, thanks to Jouni Kahkonen
164 + [lang] Polish update, thanks to Jakub Wilk
165 + [lang] Japanese update, thanks to Ishigaki Kenichi
166 - patch #2176438 [privileges] Wrong message when changing password,
167 thanks to incognito - zytisin
168 - bug #2163437 [core] Cannot disable PMA tables
169 - bug #2184240 [lang] Problems with Italian language file, thanks to Luca
171 - bug #2187193 [interface] ShowChgPassword setting not respected
174 + [export] properly handle line breaks for YAML, thanks to Dan Barry -
176 + [navi] new parameter $cfg['LeftDefaultTabTable']
177 + [table] support MySQL 5.1 PARTITION: CREATE TABLE / Table structure,
178 partition maintenance
179 + [privileges] support for EVENT and TRIGGER
180 + [error handler] NEW handle errors to prevent path disclosure and display/collect errors
181 + [mysqlnd] do not display $strMysqlLibDiffersServerVersion if the client
183 + [webapp] experimental Mozilla Prism support
184 + [export] new plugin "codegen" for NHibernate, thanks to caocao; I'm
185 looking for a name more descriptive than codegen, taking into account
186 that it might later support other formats like JSON in the same plugin
187 + [export] new export to Texy! markup
188 + [lang] Finnish update, thanks to Jouni Kahkonen
189 + [config] new parameter $cfg['CheckConfigurationPermissions']
190 + [config] new parameter $cfg['Servers'][$i]['ShowDatabasesCommand']
191 + [config] new parameter $cfg['Servers'][$i]['CountTables']
192 + rfe #1775288 [transformation] proper display if IP-address stored as INT
193 + rfe #1758177 [core] Add the Geometry DataTypes
194 + rfe #1741101, patch #1798184 UUID default for CHAR(36) PRIMARY KEY,
195 thanks to Gert Palok - gert_p
196 - bug #1664240 [GUI] css height makes cfg TextareaRows useless
197 - bug #1724217 [Create PHP Code] doesn't include newlines for text fields
198 - bug #1845605 [i18n] translators.html still uses iso-8859-1
199 - bug #1823018 [charset] Edit(Delete) img-links pointing to wrong row
200 - bug #1826205 [export] Problems with yaml text export
201 - bug #1344768 [database] create/alter table new field can not have empty string
203 + rfe #1840165 [interface] Enlarge column name field in vertical mode
204 + patch #1847534 [interface] New "Inside field" in db search,
206 + [GUI] Mootools js library (http://mootools.net) and new parameter
207 $cfg['InitialSlidersState']
208 * [core] cache some MySQL stats (do not query them with every page request)
209 + [view] clearer dialog WITH (CASCADED | LOCAL) CHECK OPTION
210 + [lang] Norwegian update, thanks to Sven-Erik Andersen
211 + [lang] Japanese update, thanks to Ishigaki Kenichi
212 + [lang] Italian update, thanks to Luca Rebellato
214 * minimal support on db structure page
216 + [pdf] Merged tcpdf 2.2.002 (PHP5 version), thanks to Nicola Asuni
217 + [engines] Maria support
218 + [engines] MyISAM and InnoDB: support ROW_FORMAT table option
219 + prevent search indexes from indexing phpMyAdmin installations
220 + [engines] PBXT: table options, foreign key (relation view, designer)
221 + [lang] New Bangla, thanks to Raquibul Islam and Joy Kumar Nag
222 + [interface] Display options; thanks to Dave Grijalva
223 for the idea about showing the display field while browsing
224 - bug #1910621 [display] part 2: do not display a BINARY content as text
225 + rfe #1962383 [designer] Option to create a PDF page
226 - patch #2007196, Typos in comments, thanks to knittl - knittl
227 - bug #1982315 [GUI] Comma and quote in ENUM, thanks to Joshua Hogendorn
229 - bug #1970836 [parser] SQL parser is slow, thanks to Christian Schmidt
230 + rfe #1692928 [transformation] Option to disable browser transformations
231 + [import] Speed optimization to be able to import the sakila database
232 + [doc] Documentation for distributing phpMyAdmin in README.VENDOR.
233 + [display] headwords for sorted column
234 - bug #2033962 [import] Cannot import zip file
235 + [lang] Swedish update, thanks to Björn T. Hallberg
236 - bug #2050068 [gui] "Check tables having overhead" selects wrong tables
237 + [lang] Belarusian update, thanks to Jaska Zedlik
238 + [lang] Norwegian update, thanks to Sven-Erik Andersen
239 + [lang] Italian update, thanks to Luca Rebellato
240 - [core] safer handling of temporary files with open_basedir (thanks to Thijs
242 - [core] do not automatically set and create TempDir, it might lead to security
243 issue (thanks to Thijs Kinkhorst)
244 + [lang] Czech update
245 - bug #2066923 [display] Navi browse icon does not go to page 1
246 - patch #2075263 [auth] Single sign-on and cookie clearing,
247 thanks to Charles Suh - cws125
248 - [doc] better documentation of $cfg['TempDir']
249 - bug #2080963 [charset] Clarify doc and improved code, thanks to
250 Victor Volkov - hanut
251 - bug [charset] Cannot sort twice on a column when the table name
253 + [lang] Spanish update, thanks to Daniel Hinostroza
254 + [lang] Hungarian update, thanks to Jozsef Tamas Herczeg - dodika
255 - bug #2113848 [navi] Page number after database switching
256 - patch #2115966 [GUI] Checkboxes and IE 7, thanks to Martin - maschg
257 - bug #1914066 [core] ForceSSL generates incorrectly escaped redirections
259 2.11.9.5 (2009-03-24)
260 - [security] XSS vulnerability on export page
261 - [security] Insufficient output sanitizing when generating configuration file
263 2.11.9.4 (2008-12-09)
264 - [security] possible XSRF on several pages
266 2.11.9.3 (2008-10-30)
267 - [security] XSS in a Designer component
269 2.11.9.2 (2008-09-22)
270 - [security] XSS in MSIE using NUL byte, thanks to JPCERT.
272 2.11.9.1 (2008-09-15)
273 - [security] Code execution vulnerability, thanks to Norman Hippert
275 2.11.9.0 (2008-08-28)
276 - bug #2031221 [auth] Links to version number on login screen
277 - bug #2032707 [core] PMA does not start if ini_set() is disabled
278 - bug #2004915 [bookmarks] Saved queries greater than 1000 chars not
279 displayed, thanks to Maik Wiege - mswiege
280 - bug #2037381 [export] Export type "replace" does not work
281 - bug #2037375 [export] DROP PROCEDURE needs IF EXISTS
282 - bug #2045512 [export] Numbers in Excel export
283 - bug #2074250 [parser] Undefined variable seen_from
285 2.11.8.0 (2008-07-28)
286 - patch #1987593 [interface] Table list pagination in navi,
287 thanks to Jason Day - jday29
288 - bug #1989081 [profiling] Profiling causes query to be executed again
289 (really causes a problem in case of INSERT/UPDATE)
290 - bug #1990342 [import] SQL file import very slow on Windows,
291 thanks to Richard Heaton - wotnot
292 - bug [XHTML] problem with tabindex and radio fields
293 - bug #1971221 [interface] tabindex not set correctly
294 - bug [views] VIEW name created via the GUI was not protected with backquotes
295 - bug #1989813 [interface] Deleting multiple views (space in name)
296 - bug #1992628 [parser] SQL parser removes essential space
297 - bug #1989281 [export] Export fails if one table is marked as crashed
298 - bug #2001005 [GUI] ARCHIVE cannot have indexes
299 - bug #1989281 [export] CSV for MS Excel incorrect escaping of double quotes
300 - bug #1959855 [interface] Font size option problem when no config file
301 (todo (trunk): navi frame size does not change for theme original)
302 - bug #1982489 [relation] Relationship view should check for changes
303 - bug [history] Do not save too big queries in history
304 - [security] Do not show version info on login screen
305 - bug #2018595 [import] Potential data loss on import resubmit
306 - patch #2020630 [export] Safari and timedate, thanks to Sebastian Mendel,
307 Isaac Bennetch and Jürgen Wind
308 - bug #2022182 [import, export] Import/Export fails because of Mac files
309 - [security] protection against cross-frame scripting and
310 new directive AllowThirdPartyFraming, thanks to YGN Ethical Hacker Group
311 - [security] possible XSS during setup, thanks to YGN Ethical Hacker Group
312 - [interface] revert language changing problem introduced with 2.11.7.1
314 2.11.7.1 (2008-07-15)
315 - bug [security] XSRF/CSRF by manipulating the db,
316 convcharset and collation_connection parameters,
317 thanks to YGN Ethical Hacker Group
319 2.11.7.0 (2008-06-23)
320 - bug #1908719 [interface] New field cannot be auto-increment and primary key
321 - [dbi] Incorrect interpretation for some mysqli field flags
322 - bug #1910621 [display] part 1: do not display a TEXT utf8_bin as BLOB
323 (fixed for mysqli extension only)
324 - [interface] sanitize the after_field parameter,
325 thanks to Norman Hippert
326 - [structure] do not remove the BINARY attribute in drop-down
327 - bug #1955386 [session] Overriding session.hash_bits_per_character
328 - [interface] sanitize the table comments in table print view,
329 db print view and db data dictionary, thanks to Norman Hippert
330 - bug #1939031 Auto_Increment selected for TimeStamp by Default
331 - patch #1957998 [display] No tilde for InnoDB row counter when we know
332 it for sure, thanks to Vladyslav Bakayev - dandy76
333 - bug #1955572 [display] alt text causes duplicated strings
334 - bug #1762029 [interface] Cannot upload BLOB into existing row
335 - bug #1981043 [export] HTML in exports getting corrupted,
336 thanks to Jason Judge - jasonjudge
337 - bug #1936761 [interface] BINARY not treated as BLOB: update/delete issues
338 - protection against XSS when register_globals is on and .htaccess has
339 no effect, thanks to Tim Starling
340 - bug #1996943 [export] Firefox 3 and .sql.gz (corrupted); detect Gecko 1.9,
341 thanks to Jürgen Wind - windkiel
343 2.11.6.0 (2008-04-29)
344 - bug #1903724 [interface] Displaying of very large queries in error message
345 - bug #1905711 [compatibility] Functions deprecated in PHP 5.3: is_a() and
346 get_magic_quotes_gpc(), thanks to Dmitry N. Shilnikov - yrtimd
347 - bug [lang] catalan wrong accented characters
348 - bug #1893034 [Export] SET NAMES for importing with command-line client
349 + [lang] Russian update, thanks to Victor Volkov
350 - bug #1910485 [core] Unsetting the whitelist during the loop,
351 thanks to Jeroen Vrijkorte - jv_map
352 - bug #1906980 [Export] Import of VIEWs fails if temp table exists,
353 thanks to Falk Nisius - klaf
354 - bug #1812763 [Copy] Table copy when server is in ANSI_QUOTES sql_mode
355 thanks to Tony Marston - tonymarston
356 - bug #1918531 [compatibility] Navigation isn't w3.org valid
357 thanks to Michael Keck - mkkeck
358 - bug #1926357 [data] BIT defaults displayed incorrectly
359 - patch #1930057 [auth] colon in password prevents HTTP login on CGI/IIS,
360 thanks to Jürgen Wind - windkiel
361 - patch #1929553 [lang] Don't output BOM character in Swedish language file,
362 thanks to Samuel L. B. - samuellb
363 - patch #1895796 [lang] Typo in Japanese lang files,
364 thanks to tyman - acoustype
365 - bug #1935652 [auth] Access denied (show warning about mcrypt on login page)
366 - bug #1906983 [export] Reimport of FUNCTION fails
367 - bug #1919808 [operations] Renaming a database fails to handle functions
368 - bug #1934401 [core] Cannot force a language
369 - bug #1944077 [core] Config file containing a BOM,
370 thanks to Gaetano Giunta - ggiunta
371 - bug #1947189 [scripts] Missing </head> in scripts/signon.php,
372 thanks to Dolf Schimmel
373 + [lang] Romanian update, thanks to Sergiu Bivol - sbivol
375 2.11.5.2 (2008-04-22)
376 - PMASA-2008-3 [security] File disclosure
378 2.11.5.1 (2008-03-29)
379 - bug #1909711 [security] Sensitive data in session files
381 2.11.5.0 (2008-03-01)
382 - bug #1862661 [GUI] Warn about rename deleting database
383 - bug #1866041 [interface] Incorrect sorting with AS
384 - bug #1871038 [import] Notice: undefined variable first_sql_delimiter
385 - bug #1873110 [export] Problem exporting with a LIMIT clause
386 - bug #1871164 [GUI] Empty and navigation frame synch.
387 - patch #1873188 [GUI] Making db pager work when js is disabled,
388 thanks to Jürgen Wind - windkiel
389 - bug #1875010 [auth] MySQL server and client version mismatch (mysql ext.)
390 - patch #1879031 [transform] dateformat transformation and UNIX timestamps,
391 thanks to Tim Steiner - spam38
392 - bug [import] Do not verify a missing enclosing character for CSV,
393 because files generated by Excel don't have any enclosing character
394 - bug #1799691 [export] "Propose table structure" and Export
395 - bug #1884911 [GUI] Space usage
396 - bug #1863326 [GUI] Wrong error message / no edit (Suhosin)
397 - bug #1887204 [GUI] Order columns in result list messing up query
398 - patch #1893538 [GUI] Display issues on Opera 9.50,
399 thanks to Jürgen Wind - windkiel
400 - bug [GUI] Do not display the database name used by the previous user,
401 thanks to Ronny Görner
402 - bug [security] Remove cookies from $_REQUEST for better coexistence with
403 other applications, thanks to Richard Cunningham. See PMASA-2008-1.
405 2.11.4.0 (2008-01-12)
406 - bug #1843428 [GUI] Space issue with DROP/DELETE/ALTER TABLE
407 - bug #1807816 [search] regular expression search doesn't work with
409 - bug #1843463 [GUI] DROP PROCEDURE does not show alert
410 - bug #1835904 [GUI] Back link after a SQL error forgets the query
411 - bug #1835654 [core] wrong escaping when using double quotes
412 - bug #1817612 [cookies] Wrong cookie path on IIS with PHP-CGI,
413 thanks to Carsten Wiedmann
414 - bug #1848889 [export] export trigger should use DROP TRIGGER IF EXISTS
415 - bug #1851833 [display] Sorting forgets an explicit LIMIT
416 (fix for sorting on column headers)
417 - bug #1764182 [cookies] Suhosin cookie encryption breaks phpMyAdmin
418 - bug #1798786 [import] Wrong error when a string contains semicolon
419 - bug #1813508 [login] Missing parameter: field after re-login
420 - bug #1710144 [parser] Space after COUNT breaks Export but not Query
421 - bug #1783620 [parser] Subquery results without "as" are ignored
422 - bug #1821264 [display] MaxTableList and INFORMATION_SCHEMA
423 - bug #1859460 [display] Operations and many databases
424 - bug #1814679 [display] Database selection pagination when switching servers
425 - patch #1861717 [export] CSV Escape character not exported right,
426 thanks to nicolasdigraf
427 - bug #1864468 [display] Theme does not switch to darkblue_orange
428 - bug #1847409 [security] Path disclosure on darkblue_orange/layout.inc.php,
429 thanks to Jürgen Wind - windkiel
431 --- Older ChangeLogs can be found on our project website ---
432 http://www.phpmyadmin.net/old-stuff/ChangeLogs/
434 # vim: et ts=4 sw=4 sts=4
435 # vim: ft=changelog fenc=utf-8 encoding=utf-8
436 # vim: fde=getline(v\:lnum-1)=~'^\\s*$'&&getline(v\:lnum)=~'\\S'?'>1'\:1&&v\:lnum>8&&getline(v\:lnum)!~'^#'
437 # vim: fdn=1 fdm=expr