pool/phpMyAdmin
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
phpMyAdmin/phpMyAdmin-config.patch

299 lines
12 KiB
Diff
Raw Normal View History

- Update to 5.2.2 * Security - issue [security] Fix for a path disclosure leak in the Monitoring tab - issue Prevent the user from deleting system databases - issue [security] Fix an XSS vulnerability when checking tables (PMASA-2025-1) - issue [security] Fix an XSS vulnerability on the Insert tab (PMASA-2025-2) - issue [security] Fix a possible glibc/iconv vulnerability (CVE-2024-2961, assigned PMASA-2025-3 but please note that phpMyAdmin is not vulnerable by default) * Bugfix - issue Fix for sql-parser relating to quadratic complexity in certain queries, which could have caused long execution times. - issue #17851 Fix total count of rows in not accurate - issue #17766 Allow to open in a new tab copy and edit row actions - issue #17599 Fix error when handling an user that is not in privileges table - issue #17364 Fix error when trying to import a status monitor chart arrangement - issue #18106 Fix renaming database with a view - issue #18120 Fix bug with numerical tables during renaming database - issue #16851 Fix ($cfg['Order']) default column order doesn't have have any effect since phpMyAdmin 4.2.0 - issue #18138 Fix some issues with numerical table names - issue #18112 Fix open base dir warning on git version class - issue #18211 Fix the themes route missing the server ID - issue Do not show "Original length undefined" on binary hex columns - issue Fix wrong time zone when handling Git information - issue #18195 Fix warning on non-existent table for XML export - issue #18196 Fix errors of import notification - issue #18093 Fix JS errors around "new user account" in some edge cases - issue #16451 Increase password characters limit to 2000 during login - issue #18177 Fix "IS NULL" is shown for non-nullable columns on search page - issue #16199 Fix dragging of tables in designer - issue #18268 Fix UI issue the theme manager is disabled - issue #18258 Speed improvements when exporting a database - issue #17702 Fix performance issue when handling large number of tables in a single database - issue #18324 Fix UI defect on tracking versions table first column - issue #18266 Fix disabling features (like `$cfg['Servers'][$i]['tracking'] = false;`) did not work - issue #18296 Fixed query time measurement - measure time only for user queries - issue #18235 Fix columns are misaligned for the "sys" database - issue #18249 Speed improvements when browsing a database with multiple tables - issue #18060 Fix Console height "Not a non-negative number" error - issue #18188 Fix issue when editing GIS data - issue Fix width/height of create routines modal and width of routines/triggers/events modals - issue Stop pmadb database detection when all features are disabled - issue Upgrade slim/psr7 to 1.4.1 for CVE-2023-30536 - GHSA-q2qj-628g-vhfw - issue #17654 Fix unprivileged user cannot change password on MySQL >= 5.7.37 - issue #18385 Add CVE MITRE link to allowed domains and use cve.org - issue #18330 Fix TypeError when no-datetime field is modified - issue #18212 Fix Query Builder doesn't replace a table name with it's alias in the `WHERE` block - issue #18221 Keep the criteria box collapsed by the user when un-checking the criteria checkbox - issue #18363 Fix colspan for actions column on database table list - issue Fix double encoding on User Groups pages - issue Fix list of users of an user group not showing up - issue Fix duplicate query params in the SQL message card - issue #18314 Fix dragged row in index form - issue #17392 Fix the actions not being hidden in the Triggers, Routines, Events pages - issue #18441 Fix execute routine page not working when not in a modal - issue #18471 Fix SQL statement not being displayed correctly on RTL languages - issue Fix state times not getting summed in the profiling table - issue Fix a case where a fatal error message was not displayed - issue #17420 Fix profiling chart not loading when profiling is activated - issue #18159 Fix error when changing the number of chart columns in the monitor page - issue #18403 Fix Uncaught SyntaxError: JSON.parse on makegrid conditions - issue #17528 Fix double escaping of database group names in the navigation tree - issue #18473 Fix the NULL not applied after clearing nullable field - issue #18454 Fix date field calendar display when changing NULL state - issue #18481 Fix missing pagination when using SELECT DISTINCT - issue #18325 Allow hex representations for integers in the search box validation - issue #14411 Fixed double tap to edit on mobile devices - issue Update documentation to reflect that Node >= 12 is required to compile the JS and CSS files - issue #18578 Fixed PDF export NULL values gives a type error - issue #18605 Fixed issue when executing a stored procedure - issue #18650 Fixed double escaping on foreign key relation link title - issue #18533 Fixed wrong count for simulated queries - issue #18611 Fixed an error when searching a table without conditions - issue #18663 Fixed case where triggers are dropped when moving a table - issue #17404 Fixed an error message after dropping a database - issue #18714 Fixed incorrect formatting of the amount of table rows - issue #18717 Fixed issue when deleting bookmarks - issue #18713 Fixed some issues with the GIS editor - issue #18722 Fixed generic error message in the home page - issue #18693 Fixed enum/set value escaping - issue #18769 Improved collations support for MariaDB 10.10 - issue #17381 Fixed JS errors when editing indexes on create table - issue #14402 Fix the PRIMARY label still shown when using two columns for a PK on create table - issue #17347 Fixed JS errors when changing index settings on create table - issue #18762 Fixed truncating tables when a VIEW is included - issue Fix BETWEEN search does not validate input because of spaces - issue Fix JS number validation does not validate when the input is empty or emptied - issue #18561 Fix issue when adding System Monitor charts - issue #17363 Fix duplicate route parameter after logging in - issue #15670 Fix case where the data is truncated after changing a longtext column's collation - issue #18797 Fixed support for ampersand as a arg separator - issue #18834 Fixed case where column hash is empty in table relation page - issue #17538 Fixed error when renaming an index - issue #18865 Fix missing text-nowrap for timestamps columns - issue #18613 Fixed routine editor showing wrong parameter type - issue #18890 Fixed wrong row count when query has UNION - issue #18949 Fixed natural sorting for items in the navigation section - issue #18930 Fixed import of empty tables from MediaWiki - issue #18940 Fixed issue when creating an unique key - issue #19022 Fix case where tables from wrong database is loaded in navigation tree - issue #18782 Fixed issue with role based auth for MySQL 8 - issue #18593 Fix drop db line included in server export if exporting only data - issue #18049 Also check that curl_exec is enabled for the new version check - issue #19023 Fixed table size for ROCKSDB engine showing as unknown - issue #18451 Fix when editing inline central column, Null is always preselected - issue #18495 Fixed database export missing routines - issue #19117 Allow changing the virtuality of a column without any other changes - issue #18566 Fixed error when importing exported view with USE INDEX hint - issue #17920 Fixed moving column with empty default value will replace it with '' - issue #18006 Fixed moving columns causes the default uuid() value to get quotes around it - issue #18962 Fixed move columns with ENUM() & DEFAULT causes invalid SQL - issue #18276 Fix on update CURRENT_TIMESTAMP doesn't show as default in attributes - issue #18240 Fix inserting value with UNIX_TIMESTAMP() without a parameter - issue #19125 Fixed CodeMirror tooltip is below modals - issue #18674 Fix formatted sql in browse table result has a linebreak after each token - issue #18210 Fixed add replica replication user on MariaDB doesn't work (SQL syntax) - issue #19041 Fix footer.twig gets printed to Binary File Download - issue #19091 Fix to stop processing queries on error - issue #18241 Fix copy SQL query button on error messages - issue #17190 Fix an error with SELECT ... FOR UPDATE queries - issue #19145 Remove duplicate server and lang parameters from links - issue #19158 Fix an issue with backticks on the query generator - issue #19174 Fix an issue with column alias with asterisk on the query generator - issue #19146 Fix column sorting with limit subquery - issue #19152 Fix the number of lines being ignored in GIS visualization after a search - issue #19189 Fix issue with column sorting when using 'group by' - issue #19188 Fix issue with simulated queries reporting syntax errors - issue #19141 Add cookie prefix '-__Secure-' to cookies to help prevent cookie smuggling - issue #19218 Fix textarea horizontal resizing with Bootstap theme - issue #19199 Add support for fractional seconds to current_timestamp() - issue #19221 Fix query statistics for queries with count(*) - issue #19203 Fix single quotes and backslashes for the query generator - issue #19163 Fix queries with IS NULL or IS NOT NULL for the query generator - issue #19181 Fix query generator support for IN() and NOT IN() - issue #19167 Fix criteria on column '*' for the query generator - issue #19213 Fix possible issue when exporting a large data set - issue #19217 Fix issue when editing a cell of a JSON column - issue #19244 Add yarn 1.22 to the package.json's packageManager field - issue #19185 Fix visual issue when a row has only empty cells - issue #19257 Fix issue when adding an index with an invalid name - issue #19276 Fix compatibility with Twig 3.12 - issue #19283 Fix issue when the server starts with skip-innodb option - issue #19299 Fix charset in procedure's parameter type - issue #19316 Fix input size for hexadecimal values - issue #19321 Suppress deprecation message of E_STRICT constant - issue Fix PHP 8.4 `str_getcsv` `$escape` parameter deprecation - issue #19426 Fix PHP warnings when the column is a `COMPRESSED BLOB` - issue Allow opening server breadcrumb links in new tab with Ctrl/Meta key - issue #19500 Use `KILL` instead of `CALL mysql.rds_kill` for non super users - issue Fix "copy to clipboard" was adding a blank row for each repeating header row - issue Fix TCPDF translations - issue Remove underline for links on Bootstrap theme - issue Fix sql editor height on multi-table query - issue #18852 Fix notification color scheme on the Bootstrap dark theme - issue #14542 Show the query even if no results are found in the Table search - issue #16936 Fixed import (e.g. ods) doesn't respect database default collation - issue #19000 Disable autocomplete for the create table/db name inputs OBS-URL: https://build.opensuse.org/package/show/server:php:applications/phpMyAdmin?expand=0&rev=385
2025-01-23 12:59:02 +00:00
Index: config.sample.inc.php
===================================================================
--- config.sample.inc.php.orig
+++ config.sample.inc.php
@@ -10,13 +10,56 @@
declare(strict_types=1);
/**
+ * Disable the default warning that is displayed on the DB Details Structure
+ * page if any of the required Tables for the relationfeatures could not be
+ * found
+ *
+ * Default: false
+ */
+/* $cfg['PmaNoRelation_DisableWarning'] = true;
+
+/**
+ * Zero Configuration mode.
+ *
+ * Enables Zero Configuration mode in which the user will be offered a choice
+ * to create phpMyAdmin configuration storage in the current database or use
+ * the existing one, if already present.
+ *
+ * Note: If there is no central configuration storage defined then you may end
+ * up with different set of phpMyAdmin configuration storage tables for
+ * different databases.
+ *
+ * Default: true
+ */
+$cfg['ZeroConf'] = false;
+
+/**
+ * Disable the default warning that is displayed if Suhosin is detected
+ *
+ * Default: false
+ */
+/* $cfg['SuhosinDisableWarning'] = true;
+
+/**
+ * Default language to use, if not browser-defined or user-defined
+ *
+ * Default: en
+ */
+/* $cfg['DefaultLang'] = 'de';
+
+/**
* This is needed for cookie based authentication to encrypt the cookie.
* Needs to be a 32-bytes long string of random bytes. See FAQ 2.10.
+ *
+ * YOU MUST FILL IN THIS FOR COOKIE AUTH!
*/
-$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+$cfg['blowfish_secret'] = '';
/**
* Servers configuration
+ *
+ * for more info/explanation about these VARS have look at
+ * libraries/config.default.php
*/
$i = 0;
@@ -24,44 +67,153 @@ $i = 0;
* First server
*/
$i++;
-/* Authentication type */
-$cfg['Servers'][$i]['auth_type'] = 'cookie';
-/* Server parameters */
-$cfg['Servers'][$i]['host'] = 'localhost';
-$cfg['Servers'][$i]['compress'] = false;
-$cfg['Servers'][$i]['AllowNoPassword'] = false;
+
+$cfg['Servers'][$i]['host'] = 'localhost';
+$cfg['Servers'][$i]['port'] = '';
+$cfg['Servers'][$i]['socket'] = '';
+$cfg['Servers'][$i]['ssl'] = false;
+$cfg['Servers'][$i]['connect_type'] = 'socket';
+$cfg['Servers'][$i]['extension'] = 'mysqli';
+$cfg['Servers'][$i]['compress'] = false;
+$cfg['Servers'][$i]['auth_type'] = 'cookie';
+$cfg['Servers'][$i]['user'] = 'root';
+$cfg['Servers'][$i]['password'] = '';
+$cfg['Servers'][$i]['AllowNoPassword'] = false;
+$cfg['Servers'][$i]['AllowRoot'] = true;
+$cfg['Servers'][$i]['SignonSession'] = '';
+$cfg['Servers'][$i]['SignonURL'] = '';
+$cfg['Servers'][$i]['LogoutURL'] = '';
+$cfg['Servers'][$i]['only_db'] = '';
+$cfg['Servers'][$i]['verbose'] = '';
+$cfg['Servers'][$i]['verbose_check'] = true;
+$cfg['Servers'][$i]['AllowDeny']['order'] = '';
+$cfg['Servers'][$i]['AllowDeny']['rules'] = array();
/**
* phpMyAdmin configuration storage settings.
+ *
+ * for more info/explanation about these VARS have look at
+ * libraries/config.default.php
*/
/* User used to manipulate with storage */
-// $cfg['Servers'][$i]['controlhost'] = '';
-// $cfg['Servers'][$i]['controlport'] = '';
-// $cfg['Servers'][$i]['controluser'] = 'pma';
-// $cfg['Servers'][$i]['controlpass'] = 'pmapass';
-
-/* Storage database and tables */
-// $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
-// $cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
-// $cfg['Servers'][$i]['relation'] = 'pma__relation';
-// $cfg['Servers'][$i]['table_info'] = 'pma__table_info';
-// $cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
-// $cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
-// $cfg['Servers'][$i]['column_info'] = 'pma__column_info';
-// $cfg['Servers'][$i]['history'] = 'pma__history';
-// $cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
-// $cfg['Servers'][$i]['tracking'] = 'pma__tracking';
-// $cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
-// $cfg['Servers'][$i]['recent'] = 'pma__recent';
-// $cfg['Servers'][$i]['favorite'] = 'pma__favorite';
-// $cfg['Servers'][$i]['users'] = 'pma__users';
-// $cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
-// $cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
-// $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
-// $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
-// $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
-// $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
+$cfg['Servers'][$i]['controlhost'] = 'localhost';
+$cfg['Servers'][$i]['controlport'] = '';
+/*
+$cfg['Servers'][$i]['controluser'] = 'pma';
+$cfg['Servers'][$i]['controlpass'] = 'pmapass';
+
+/**
+ * The name of the database containing the phpMyAdmin configuration storage.
+ *
+ * For a whole set of additional features (bookmarks, comments, SQL-history,
+ * tracking mechanism, PDF-generation, column contents transformation, etc.)
+ * you need to create a set of special tables. Those tables can be located in
+ * your own database, or in a central database for a multi-user installation
+ * (this database would then be accessed by the controluser, so no other user
+ * should have rights to it).
+ *
+ * Default: ''
+ *
+ */
+/* $cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
+
+/* Other Storage tables */
+
+$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
+$cfg['Servers'][$i]['relation'] = 'pma__relation';
+$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
+$cfg['Servers'][$i]['table_coords'] = 'pma__table_coords';
+$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
+$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
+$cfg['Servers'][$i]['history'] = 'pma__history';
+$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
+$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
+$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
+$cfg['Servers'][$i]['recent'] = 'pma__recent';
+$cfg['Servers'][$i]['favorite'] = 'pma__favorite';
+$cfg['Servers'][$i]['users'] = 'pma__users';
+$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
+$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
+$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
+$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
+$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
+$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
+/* $cfg['Servers'][$i]['auth_swekey_config'] = '';
+
+
+
+/**
+ * Second Server
+ */
+
+/*
+$i++;
+$cfg['Servers'][$i]['host'] = 'localhost';
+$cfg['Servers'][$i]['port'] = '';
+$cfg['Servers'][$i]['socket'] = '';
+$cfg['Servers'][$i]['ssl'] = false;
+$cfg['Servers'][$i]['connect_type'] = 'socket';
+$cfg['Servers'][$i]['extension'] = 'mysqli';
+$cfg['Servers'][$i]['compress'] = false;
+$cfg['Servers'][$i]['auth_type'] = 'cookie';
+$cfg['Servers'][$i]['user'] = 'root';
+$cfg['Servers'][$i]['password'] = '';
+$cfg['Servers'][$i]['AllowNoPassword'] = false;
+$cfg['Servers'][$i]['AllowRoot'] = true;
+$cfg['Servers'][$i]['SignonSession'] = '';
+$cfg['Servers'][$i]['SignonURL'] = '';
+$cfg['Servers'][$i]['LogoutURL'] = '';
+$cfg['Servers'][$i]['only_db'] = '';
+$cfg['Servers'][$i]['verbose'] = '';
+$cfg['Servers'][$i]['verbose_check'] = true;
+$cfg['Servers'][$i]['AllowDeny']['order'] = '';
+$cfg['Servers'][$i]['AllowDeny']['rules'] = array();
+*/
+
+/*
+ * phpMyAdmin configuration storage settings.
+ */
+
+/*
+$cfg['Servers'][$i]['controlhost'] = 'localhost';
+$cfg['Servers'][$i]['controlport'] = '';
+$cfg['Servers'][$i]['controluser'] = 'pma';
+$cfg['Servers'][$i]['controlpass'] = 'pmapass';
+$cfg['Servers'][$i]['pmadb'] = 'phpmyadmin';
+$cfg['Servers'][$i]['bookmarktable'] = 'pma__bookmark';
+$cfg['Servers'][$i]['relation'] = 'pma__relation';
+$cfg['Servers'][$i]['table_info'] = 'pma__table_info';
+$cfg['Servers'][$i]['table_coords'] = 'pma__table_cords';
+$cfg['Servers'][$i]['pdf_pages'] = 'pma__pdf_pages';
+$cfg['Servers'][$i]['column_info'] = 'pma__column_info';
+$cfg['Servers'][$i]['history'] = 'pma__history';
+$cfg['Servers'][$i]['table_uiprefs'] = 'pma__table_uiprefs';
+$cfg['Servers'][$i]['tracking'] = 'pma__tracking';
+$cfg['Servers'][$i]['userconfig'] = 'pma__userconfig';
+$cfg['Servers'][$i]['recent'] = 'pma__recent';
+$cfg['Servers'][$i]['users'] = 'pma__users';
+$cfg['Servers'][$i]['usergroups'] = 'pma__usergroups';
+$cfg['Servers'][$i]['navigationhiding'] = 'pma__navigationhiding';
+$cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches';
+$cfg['Servers'][$i]['central_columns'] = 'pma__central_columns';
+$cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings';
+$cfg['Servers'][$i]['export_templates'] = 'pma__export_templates';
+$cfg['Servers'][$i]['auth_swekey_config'] = '';
+*/
+
+/**
+ * If you have more than one server configured, you can set $cfg['ServerDefault']
+ * to any one of them to autoconnect to that server when phpMyAdmin is started,
+ * or set it to 0 to be given a list of servers without logging in
+ * If you have only one server configured, $cfg['ServerDefault'] *MUST* be
+ * set to that server.
+ *
+ * Default server (0 = no default server)
+ */
+$cfg['ServerDefault'] = 1;
+$cfg['Server'] = '0';
+unset($cfg['Servers'][0]);
/**
* End of servers configuration
Index: libraries/vendor_config.php
===================================================================
--- libraries/vendor_config.php.orig
+++ libraries/vendor_config.php
@@ -22,38 +22,38 @@ return [
/**
* Directory where cache files are stored.
*/
- 'tempDir' => ROOT_PATH . 'tmp' . DIRECTORY_SEPARATOR,
+ 'tempDir' => '@tmpdir@' . DIRECTORY_SEPARATOR,
/**
* Path to changelog file, can be gzip compressed.
* Useful when you want to have documentation somewhere else, e.g. /usr/share/doc.
*/
- 'changeLogFile' => ROOT_PATH . 'ChangeLog',
+ 'changeLogFile' => '@docdir@' . DIRECTORY_SEPARATOR . 'ChangeLog',
/**
* Path to license file. Useful when you want to have documentation somewhere else, e.g. /usr/share/doc.
*/
- 'licenseFile' => ROOT_PATH . 'LICENSE',
+ 'licenseFile' => '@docdir@' . DIRECTORY_SEPARATOR . 'LICENSE',
/**
* Directory where SQL scripts to create/upgrade configuration storage reside.
*/
- 'sqlDir' => ROOT_PATH . 'sql' . DIRECTORY_SEPARATOR,
+ 'sqlDir' => '@docdir@' . DIRECTORY_SEPARATOR . 'sql' . DIRECTORY_SEPARATOR,
/**
* Filename of a configuration file.
*/
- 'configFile' => ROOT_PATH . 'config.inc.php',
+ 'configFile' => '@sysconfdir@' . DIRECTORY_SEPARATOR . 'config.inc.php',
/**
* Filename of custom header file.
*/
- 'customHeaderFile' => ROOT_PATH . 'config.header.inc.php',
+ 'customHeaderFile' => '@sysconfdir@' . DIRECTORY_SEPARATOR . 'config.header.inc.php',
/**
* Filename of custom footer file.
*/
- 'customFooterFile' => ROOT_PATH . 'config.footer.inc.php',
+ 'customFooterFile' => '@sysconfdir@' . DIRECTORY_SEPARATOR . 'config.footer.inc.php',
/**
* Default value for check for version upgrades.
Reference in New Issue Copy Permalink