Monday, February 29, 2016

phpMyAdmin work during twenty first and twenty second weeks

The work carried out during the two weeks was very diverse. I attended bug fixes (primarily), feature requests, documentation and questions, security issues, pull requests and code improvements in general.

The bugs fixed and attended during the period are,
Bugs fixed
issue #11964 Undefined index: TABLE_COMMENT in database structure page
issue #11969 Missing confirmation while dropping a view in view_operations.php
issue #11977 Table name is not recognized by parser in DROP INDEX statement
issue #11979 DECLARE not accepted as valid SQL
issue #12017 Cannot easily select multiple tables when exporting
Fix SQL syntax highlighting in database search page

Bugs attended
issue #11965 Deprecation Notice: StringReader has a deprecated constructor
issue #11982 Row count wrong when grouping joined tables

Additionally, following feature request was implemented and code improvements were performed.

Feature requests
issue #12017 Cannot easily select multiple tables when exporting

Improvements
Use back quotes around table names in confirmation messages
Fix coding style violations

Meanwhile, I also attended to pull requests submitted mainly bu GSoC aspirants.

Pull requests attended
issue #32 Fix Row count wrong when grouping joined tables, phpmyadmin/phpmyadmin#11982
issue #12036 Fix for wrong mysql_upgrade message on Users tab with Percona Server 5.7

Documentation and Questions
issue #11970 Can you add an option to remove UUID for primary keys?
issue #11972 Missing documentation for $cfg['Servers'][$i]['favorite'] and $cfg['NumFavoriteTables']

Towards the end of the month, we received two detailed reports on vulnerabilities in phpMyAdmin and I contributed by coordinating, and fixing the vulnerabilities.

Security issues
issue #12 1.3 XSS in tbl_type parameter [PMASA-2016-12]
issue #13 1.4 XSS in normalization.php [PMASA-2016-12]
issue #14 1.5 XSS in normalization.js [PMASA-2016-12]
issue #15 1.6 XSS in normalization.js [PMASA-2016-12]
issue #25 XSS in normalization.js [PMASA-2016-12]
issue #26 XSS in User accounts page [PMASA-2016-11]
issue #27 XSS in Central columns page [PMASA-2016-12]
issue #28 XSS in Zoom search [PMASA-2016-11]

No comments:

Post a Comment