Sunday, January 31, 2016

phpMyAdmin work during seventeenth and eighteenth weeks

My work during these two weeks concentrated pretty much on the security vulnerabilities that were reported. We received two lengthy reports on a number of security vulnerabilities which included cross-site scripting, full path disclosure, weaknesses in token generation and comparison etc. Altogether these vulnerabilities resulted in 9 PMASAs taking into the different combinations of phpMyAdmin versions they affected.

I contributed by fixing some vulnerabilities, testing security patches, porting some fixes done by others developers to older branches, preparing PMASAs and coordinating with the reporter, CVE team and phpMyAdmin security team.

The latter part of the fortnight was spent on fixing two regressions introduced by the security releases. 
issue #11891 Error with PMA 4.0.10.13 with PHP 5.2
issue #11892 Error with PMA 4.4.15.3

Moreover, following bug was fixing during the two weeks.
issue #11881 Full processlist lost on refresh


Sunday, January 17, 2016

phpMyAdmin work on sixteenth week

I was continuing on my year-end break on fifteenth week and did not work during the week, except for 2 hours on 4th January. So this report includes work carried out during the sixteenth week.

During the week, I concentrated solely on bug fixes since there were a sizable number of bugs being reported. Most of the bugs fixed were regressions. For example, #11771 and #11846 were only present in latest git version and was due to refactoring and JS library updates respectively.

The complete list of bugs fixed and investigated are as follows,

Bugs Fixed
issue #11771 Transformation column path problem
issue #11772 Table pagination does nothing when session expired
issue #11810 'Add to central columns' in tbl_structure.php (per column button) nothing happens
issue #11814 SQL comment and variable stripped from bookmark on save
issue #11840 Index comments not working properly
issue #11846 Grid editing window is disabled the second time
issue #11854 Undefined property: stdClass::$releases at version check when disabled in config

Bugs Investigated
issue #11712 "Browse Foreign Values" Search broken across databases in 4.5.2
issue #11713 Not receiving notifications for updates
issue #11842 Fractional timestamp not supported
issue #11843 Fractional timestamp causes corrupted SQL export

Saturday, January 2, 2016

phpMyAdmin work during twelfth, thirteenth and forteenth weeks

With my personal engagements and summer break, I worked only for 13 hours during the three weeks. During the period, I was mostly engaged with refactoring work and improving the unit testing. 

Continuing from the last couple of weeks, I refactored the server plugins page to use the MVC architecture. Code segments that were previously in a library file were moved to a controller class and instance variables were introduced as required. The view was changed to use templating and unit tests were updated to match the new classes.

I also went on to improve the unit testing by introducing a parent class to all the unit tests. With the new class, configuration values are reset to their default values for each test class. The idea was to make unit tests independent from changes made to configuration values in other unit tests. Meanwhile, unnecessary configuration values assignments in tests were removed.

Additionally, following bugs were investigated during the period.

Bugs Investigated
issue #11743 Display routine-specific privileges under Database > Privileges
issue #11751 Bug when export template is selected