phpMyAdmin work during twenty third and twenty fourth weeks

I  engaged in a mix of bug fixes and improvements (including refactoring) during the fortnight. The bugs fixed and attended are as follows.

Bugs fixed
issue #12073 Hide edit and delete buttons when the results are not related to a table
issue #12085 Like search strings being escaped incorrectly

Bugs attended
issue #12071 Syntax error in PMA, not at command line client
issue #12074 Invalid export
issue #12087 Add support for JSON data type (in MySQL 5.7)

I went on to refactor the code that handled bookmarks. I used object orientation and updated the existing unit tests to suit the refactored code. Moreover, I updated the metro theme to be compatible with the upcoming 4.6.0 version, so phpMyAdmin has, at least, one additional theme compatible with the new version.

Refactoring
Clean up dead code
Refactor bookmark handling code

Other improvements
Update metro theme to be compatible with 4.6.0

phpMyAdmin work during twenty first and twenty second weeks

The work carried out during the two weeks was very diverse. I attended bug fixes (primarily), feature requests, documentation and questions, security issues, pull requests and code improvements in general.

The bugs fixed and attended during the period are,
Bugs fixed
issue #11964 Undefined index: TABLE_COMMENT in database structure page
issue #11969 Missing confirmation while dropping a view in view_operations.php
issue #11977 Table name is not recognized by parser in DROP INDEX statement
issue #11979 DECLARE not accepted as valid SQL
issue #12017 Cannot easily select multiple tables when exporting
Fix SQL syntax highlighting in database search page

Bugs attended
issue #11965 Deprecation Notice: StringReader has a deprecated constructor
issue #11982 Row count wrong when grouping joined tables

Additionally, following feature request was implemented and code improvements were performed.

Feature requests
issue #12017 Cannot easily select multiple tables when exporting

Improvements
Use back quotes around table names in confirmation messages
Fix coding style violations

Meanwhile, I also attended to pull requests submitted mainly bu GSoC aspirants.

Pull requests attended
issue #32 Fix Row count wrong when grouping joined tables, phpmyadmin/phpmyadmin#11982
issue #12036 Fix for wrong mysql_upgrade message on Users tab with Percona Server 5.7

Documentation and Questions
issue #11970 Can you add an option to remove UUID for primary keys?
issue #11972 Missing documentation for $cfg['Servers'][$i]['favorite'] and $cfg['NumFavoriteTables']

Towards the end of the month, we received two detailed reports on vulnerabilities in phpMyAdmin and I contributed by coordinating, and fixing the vulnerabilities.

Security issues
issue #12 1.3 XSS in tbl_type parameter [PMASA-2016-12]
issue #13 1.4 XSS in normalization.php [PMASA-2016-12]
issue #14 1.5 XSS in normalization.js [PMASA-2016-12]
issue #15 1.6 XSS in normalization.js [PMASA-2016-12]
issue #25 XSS in normalization.js [PMASA-2016-12]
issue #26 XSS in User accounts page [PMASA-2016-11]
issue #27 XSS in Central columns page [PMASA-2016-12]
issue #28 XSS in Zoom search [PMASA-2016-11]

phpMyAdmin work during nineteenth and twentieth weeks

During the nineteenth and twentieth weeks, I was away from work between 2nd Feb to 10th Feb. However, during the rest of the days, I engaged in both code refactoring and bus fixes. Early on the fortnight, I refactored the server binary logs page to use the MVC architecture. This included introducing a controller class, using templating and updating unit tests.

Code refactoring
Refactor server binary logs page to use MVC architecture

In terms of bugs, following bugs were fixed and more bugs were attended.

Bugs fixed 
issue #11909 Can't insert row into table that contains generated column
issue #11911 Inserts via tbl_change.php in VARBINARY columns does not allow using HEX() and MD5()
issue #11923 Errors on Structure tab when user only has select access on certain columns
issue #11942 Change column action takes ages

Bugs attended
issue #11922 Browse fails with users who have only column privileges for some columns
issue #11434 Class 'SqlParser\Lexer' not found (OS X)

phpMyAdmin work during seventeenth and eighteenth weeks

My work during these two weeks concentrated pretty much on the security vulnerabilities that were reported. We received two lengthy reports on a number of security vulnerabilities which included cross-site scripting, full path disclosure, weaknesses in token generation and comparison etc. Altogether these vulnerabilities resulted in 9 PMASAs taking into the different combinations of phpMyAdmin versions they affected.

I contributed by fixing some vulnerabilities, testing security patches, porting some fixes done by others developers to older branches, preparing PMASAs and coordinating with the reporter, CVE team and phpMyAdmin security team.

The latter part of the fortnight was spent on fixing two regressions introduced by the security releases. 

issue #11891 Error with PMA 4.0.10.13 with PHP 5.2

issue #11892 Error with PMA 4.4.15.3

Moreover, following bug was fixing during the two weeks.

issue #11881 Full processlist lost on refresh

phpMyAdmin work on sixteenth week

I was continuing on my year-end break on fifteenth week and did not work during the week, except for 2 hours on 4th January. So this report includes work carried out during the sixteenth week.

During the week, I concentrated solely on bug fixes since there were a sizable number of bugs being reported. Most of the bugs fixed were regressions. For example, #11771 and #11846 were only present in latest git version and was due to refactoring and JS library updates respectively.

The complete list of bugs fixed and investigated are as follows,

Bugs Fixed

issue #11771 Transformation column path problem

issue #11772 Table pagination does nothing when session expired

issue #11810 'Add to central columns' in tbl_structure.php (per column button) nothing happens

issue #11814 SQL comment and variable stripped from bookmark on save

issue #11840 Index comments not working properly

issue #11846 Grid editing window is disabled the second time

issue #11854 Undefined property: stdClass::$releases at version check when disabled in config

Bugs Investigated

issue #11712 "Browse Foreign Values" Search broken across databases in 4.5.2

issue #11713 Not receiving notifications for updates

issue #11842 Fractional timestamp not supported

issue #11843 Fractional timestamp causes corrupted SQL export

phpMyAdmin work during twelfth, thirteenth and forteenth weeks

With my personal engagements and summer break, I worked only for 13 hours during the three weeks. During the period, I was mostly engaged with refactoring work and improving the unit testing. 

Continuing from the last couple of weeks, I refactored the server plugins page to use the MVC architecture. Code segments that were previously in a library file were moved to a controller class and instance variables were introduced as required. The view was changed to use templating and unit tests were updated to match the new classes.

I also went on to improve the unit testing by introducing a parent class to all the unit tests. With the new class, configuration values are reset to their default values for each test class. The idea was to make unit tests independent from changes made to configuration values in other unit tests. Meanwhile, unnecessary configuration values assignments in tests were removed.

Additionally, following bugs were investigated during the period.

Bugs Investigated
issue #11743 Display routine-specific privileges under Database > Privileges
issue #11751 Bug when export template is selected

phpMyAdmin work during tenth and eleventh weeks

During the two weeks most I attended a mix of bug fixing, implementing new features, refactoring and unit test improvements.

I did not realize that some of the unit tests were not running as part of the test suite unit Michal pointed out and included them. However, this caused quite some test failures as most of the recently added and updated tests had not been running. These were fixed at the very beginning of the period.

Unit Testing

Fix unit test failures related to refactoring

Quite a number of bugs were fixed during the two weeks and some more were investigated. Following are the list of bug fixes attended.

Bug Fixes

issue #11701 Show create procedure SQL

issue #11706 Database export template not saving compression option

issue #11710 Unable to add/remove `on update CURRENT_TIMESTAMP` option while editing a timestamp field

issue #11724 Temporary fix for live data edit of big sets is not working

issue #11728 CSV import skip row count after

issue #11732 Exporting feature does not work with union table

Exclude db name in SQL when relations are made between table in the same db

Buffer pool and InnoDB status details are not shown for InnoDB

Bug Investigations

issue #11722 Excel import improper handling of dates/times

issue #11732 "Browse Foreign Values" Search broken across databases in 4.5.2

issue #11734 No result shown, if writing statement, comment, single select

Inbility to reorder parameters of routines had bothered me in the past. So, as requested in issue #11701, I implemented the ability to do this.

Feature Enhancements

issue #11701 Allow changing parameter order of routines

Moreover, continueing the refactoring effert from last fortnight I went on to refactor server engines page. This involed introducing a controller class and using templating to adhere to MVC pattern. Unit tests were also updated to match the new classes.

Refactoring

Refactor server engines page to use MVC pattern