phpMyAdmin - ChangeLog ====================== 3.5.8.2 (2013-07-28) - [security] Fix self-XSS in "Showing rows", see PMASA-2013-8 - [security] Fix self-XSS in Display chart, see PMASA-2013-9 - [security] Fix stored XSS in Server status monitor, see PMASA-2013-9 - [security] Fix stored XSS in navigation panel logo link, see PMASA-2013-9 - [security] Fix self-XSS in setup, trusted proxies validation, see PMASA-2013-9 + [security] JSON content type header for version_check.php, see PMASA-2013-9 + [security] Backport fix for jQuery issue #9521 from jQuery 1.6.3, see PMASA-2013-9 + [security] Fix full path disclosure, see PMASA-2013-12 + [security] Fix control user SQL injection in pmd_pdf.php, see PMASA-2013-15 + [security] Fix control user SQL injection in schema_export.php, see PMASA-2013-15 - [security] Fix self-XSS in schema export, see PMASA-2013-14 - [security] Fix unencoded json object, see PMASA-2013-11 3.5.8.1 (2013-04-24) - [security] Remote code execution (preg_replace), reported by Janek Vind (see PMASA-2013-2) - [security] Locally Saved SQL Dump File Multiple File Extension Remote Code Execution, reported by Janek Vind (see PMASA-2013-3) 3.5.8.0 (2013-04-08) - bug #3828 MariaDB reported as MySQL - bug #3854 Incorrect header for Safari 6.0 - bug #3705 Attempt to open trigger for edit gives NULL - Use HTML5 DOCTYPE - [security] Self-XSS on GIS visualisation page, reported by Janek Vind - bug #3800 Incorrect keyhandler behaviour #2 3.5.7.0 (2013-02-15) - bug #3779 [core] Problem with backslash in enum fields - bug #3816 Missing server_processlist.php - bug #3821 Safari: white page - Correct detection of the Chrome browser 3.5.6.0 (2013-01-28) - bug #3593604 [status] Erroneous advisor rule - bug #3596070 [status] localStorage broken in server status monitor - bug #3598736 [routines] Editing a procedure with special characters - bug #3600322 [core] Visualize GIS data throws Fatal Error - bug #3599362 [core] Double-escaped error message - bug #3776 [cookies] Login without auth on second server 3.5.5.0 (2012-12-21) - bug #3563824 [export] Support Apache's mod_deflate - bug #3585523 [interface] Inline query editing broken after row update - bug #3586389 [setup] Cannot switch language in /setup - bug #3585695 [CSS] Font size in inline query editor is way too big - bug #3588354 [l10n] Portuguese Language not displaying correctly - bug #3591412 [status] Live charts don't work for non-default server - bug [core] Proxy ajax calls to pma.net to avoid browser notices - bug #3593534 [tracking] Structure Snapshot on tracked view renders invalid SQL - bug #3544366 [events] Event comments not saved 3.5.4.0 (2012-11-16) - bug #3570212 [edit] uuid_short() is a no-arguments function - bug #3569577 [edit] Add routine parameter headers not valid for "function" - bug #3575799 [search] Various search operators not working as expected - bug #3576322 [search] Invalid select query generated for tables with ENUM fields - bug #3577468 [display] Incorrect imagejpeg Syntax Breaks Image Transformation - bug #3578776 [search] Editing SQL not possible when no records found - bug #3571970 [interface] Display chart and number of rows to plot - bug #3582631 [core] Wrong redirect url caused cookies error with ForceSSL 3.5.3.0 (2012-10-08) - bug #3539044 [interface] Browse mode "Show" button gives blank page if no results anymore - bug #3534979 [interface] Copy Database Ajax feedback vanishes long before copying is done - bug #3527531 [interface] GC-maxlifetime warning incorrectly displayed - bug #3526916 [interface] Search fails with JS error when tooltips disabled - bug #3544366 [interface] Event comments not saved - bug #3549084 [edit] Can't enter date directly when editing inline - bug #3548491 [interface] Inline query editor doesn't work from search results - bug #3547825 [edit] BLOB download no longer works - bug #3541966 [config] Error in generated configuration arrray - bug #3553551 [GUI] Invalid HTML code in multi submits confirmation form - [interface] Designer sometimes places tables on the top menu - bug #3546277 [core] Call to undefined function __() when config file has wrong permissions - bug #3540922 [edit] Error searching table with many fields - bug #3555104 [edit] Cannot copy a DB with table & views - bug #3559925 [privileges] Incorrect updating of the list of users - bug #3561224 [edit] cell edit date field with empty date fills in current date - bug #3559955 [edit] current_date from function drop down fails on update - bug #3562472 add support for Solaris and FreeBSD system load and memory display in server status - bug #3553068 [import] Table import from XML file fails - replace Highcharts with jqplot for Display chart - bug #3567684 [edit] Pasting value doesn't clear null checkbox - bug #3570786 [edit] Datepicker for date and datetime fields is broken 3.5.2.2 (2012-08-12) - [security] Fixed XSS vulnerabilities, see PMASA-2012-4 3.5.2.1 (2012-08-03) - [security] Fixed local path disclosure vulnerability, see PMASA-2012-3 3.5.2.0 (2012-07-07) - bug #3521416 [interface] JS error when editing index - bug #3521313 [core] Call to undefined function __() - bug #3521016 [edit] NOW() function incorrectly selected - bug [GUI] Invalid HTML code on transformation_overview.php - bug #3522930 [browse] Missing validation in Ajax mode - bug Fix popup message on build SQL of import - bug #3523499 [core] Make X-WebKit-CSP work better - replace Highcharts with jqplot for query profiling, zoom search - bug #3531584 [interface] No form validation in change password dialog - bug #3531585 [interface] Broken password validation in copy user form - bug #3531586 [unterface] Add user form prints JSON when user presses enter - bug #3534121 [config] duplicate line in config.sample.inc.php - bug #3534311 [interface] Grid editing incorrectly parses ENUM/SET values - bug #3510196 [core] More clever URL rewriting with ForceSSL 3.5.1.0 (2012-05-03) - bug #3510784 [edit] Limit clause ignored when sort order is remembered - bug #3511471 [interface] View name not seen in navi panel (MySQL 5.1) - bug #3512916 [display] Right frame reloads after displaying SQL result(zero rows) - bug [interface] Fixed missing Codemirror for inline query edit when exporting a result set - bug #3514490 [auth] Multiple Navigation panels bug still present - bug #3515181 [users] Error in create user + underscore + create database - bug #3515666 [display] Profiling chart shows wrong data - bug #3516037 [auth] JS includes missing in auth config error page - bug #3516183 [display] Missing image extension - bug [display] Added missing icons in original theme - bug #3516761 [edit] Query error after search - bug #3516405 [display] Chart title is getting wrong within chart export - bug #3517021 [interface] Header links except 'More' hide after closing dialog - bug #3516817 [interface] "More" actions in table structure - bug #3518484 [privileges] PMA_sqlAddSlashes() does not quote the table names correctly - bug #3518983 [designer] Error messages do not appear in the Designer - bug #3519747 [interface] Suhosin patch warning incorrectly displayed - bug #3520107 [interface] Server status page: Incorrect dialog box titles - bug #3516089 [structure] DROP does not work on defective VIEWs 3.5.0.0 (2012-04-07) + rfe #2021981 [interface] Add support for mass prefix change. + "up to date" message on main page when current version is up to date + Update to jQuery 1.6.2 + Patch #3256122 [search] Show/hide db search results + Patch #3302354 Add gettext wrappers around a message + Remove deprecated function PMA_DBI_get_fields + rfe #2098927 Remember recent tables + rfe #3078542 Remember the last sort order for each table + AJAX for Create table in navigation panel + rfe #3310562 Wording about Column + AJAX for Add a user in Database privileges + Patch #3271804 for rfe #3177495, new DisableMultiTableMaintenance directive + [interface] Reorganised server status page. + [interface] Changed way of generating charts. + rfe #939233 [interface] Flexible column width + [interface] Mouse-based column reordering in query results + AJAX for Insert to a table from database Structure page - Patch #3316969 PMA_ajaxShowMessage() does not respect timeout + AJAX for Change on multiple rows in table Browse + [interface] Improved support for stored routines + [display] More options for browsing GIS data + [interface] Support for spatial indexes + [display] GIS data visualization + AJAX for table structure multiple-column change + AJAX for table structure index edit + Show/hide indexes in table Structure + More compact navigation bar + Display direction (horizontal/vertical) no longer displayed by default + Shift/click support in database Structure + Show/hide column in table Browse - bug #3353856 [AJAX] AJAX dialogs use wrong font-size - bug #3354356 [interface] Timepicker does not work in AJAX dialogs + AJAX for table Structure Indexes Edit + AJAX for table Structure column Change + [interface] Improved support for events + [interface] Improved support for triggers + [interface] Improved server monitoring + AJAX for table Structure column Add + AJAX for table Operations copy table - bug #3380946 [export] no uid Query result export (Suhosin limit) + Grid editing in browse mode (replaces row inline edit) + Zoom-search in table Search + [interface] Editor for GIS data + [import] Import GIS data from ESRI Shapefiles + [interface] 'Function based search' for GIS data + Support Drizzle database - bug #3356456 [interface] Interface problems for queries having LIMIT clauses + [interface] Remove DefaultPropDisplay feature - bug #3299486 [prettyprint] Order By in a query containing comment character + [interface] Improved ENUM/SET editor + patch #3428376 [pmadb] pmadb on a different MySQL server + patch #3410688 [interface] Improving field size for character columns - [usability] Removed an unnecessary AJAX request from database search - bug #3302419 [navi] Tabs break when squeezing page + rfe #3406797 [navi] Stick table tools to top of page on scroll + rfe #1632106 [interface] Improved error handling + patch #3432835 [interface] Add useful intermediate pages to pageselector + [interface] Improved index editor + View editing via a generated ALTER VIEW - bug #3408377 [interface] Deleting table from the DB does not change the table counter + rfe #3438266 [designer] Toggle for relation lines - bug #3442069 [AJAX] database list not updated after adding/deleting a user + database - bug #3461750 [edit] Sort by key generates wrong sql with limit clause - bug #3340842 [structure] Error dropping index of non-existing column - bug #3093145 [display] Page through rows returned from a view + patch #3303195 [interface] Checkbox to have SQL input remain - patch #3472899 [export] Fixed CSV escape for the export - patch #3475424 [import] Fixed CSV escape for the import - bug #3482734 [interface] No warning on syntax error in search form - bug #3423717 [core] Improved detection of SSL connection + FULLTEXT support for InnoDB, starting with MySQL 5.6.4 - bug #3497151 [interface] Duplicate inline query edit box - bug #3504567 [mime] Description of the transformation missing in the tooltip 3.4.11.1 (2012-08-12) - [security] Fixed XSS vulnerabilities, see PMASA-2012-4 3.4.11.0 (2012-04-14) - bug #3486970 [import] Exception on XML import - bug #3488777 [navi] $cfg['ShowTooltipAliasTB'] and blank names in navigation 3.4.10.2 (2012-03-28) - [security] Fixed local path disclosure vulnerability, see PMASA-2012-2 3.4.10.1 (2012-02-18) - [security] XSS in replication setup, see PMASA-2012-1 3.4.10.0 (2012-02-14) - bug #3460090 [interface] TextareaAutoSelect feature broken - patch #3375984 [export] PHP Array export might generate invalid php code - bug #3049209 [import] Import from ODS ignores cell that is the same as cell before - bug #3463933 [display] SELECT DISTINCT displays wrong total records found - patch #3458944 [operations] copy table data missing SET SQL_MODE='NO_AUTO_VALUE_ON_ZERO' - bug #3469254 [edit] Setting data to NULL and drop-downs - bug #3477063 [edit] Missing set fields and values in generated INSERT query - bug #3460867 [libraries] license issue with TCPDF (updated to 5.9.145) 3.4.9.0 (2011-12-21) - bug #3442028 [edit] Inline editing enum fields with null shows no dropdown - bug #3442004 [interface] DB suggestion not correct for user with underscore - bug #3438420 [core] Magic quotes removed in PHP 5.4 - bug #3398788 [session] No feedback when result is empty (signon auth_type) - bug #3384035 [display] Problems regarding ShowTooltipAliasTB - bug #3306875 [edit] Can't rename a database that contains views - bug #3452506 [edit] Unable to move tables with triggers - bug #3449659 [navi] Fast filter broken with table tree - bug #3448485 [GUI] Firefox favicon frameset regression - [core] Better compatibility with mysql extension - [security] Self-XSS on export options (export server/database/table), see PMASA-2011-20 - [security] Self-XSS in setup (host parameter), see PMASA-2011-19 3.4.8.0 (2011-12-01) - bug #3425230 [interface] enum data split at space char (more space to edit) - bug #3426840 [interface] ENUM/SET editor can't handle commas in values - bug #3427256 [interface] no links to browse/empty views and tables - bug #3430377 [interface] Deleted search results remain visible - bug #3428627 [import] ODS import ignores memory limits - bug #3426836 [interface] Visual column separation - bug #3428065 [parser] TRUE not recognized by parser + patch #3433770 [config] Make location of php-gettext configurable - patch #3430291 [import] Handle conflicts in some open_basedir situations - bug #3431427 [display] Dropdown results - setting NULL does not work - patch #3428764 [edit] Inline edit on multi-server configuration - patch #3437354 [core] Notice: Array to string conversion in PHP 5.4 - [interface] When ShowTooltipAliasTB is true, VIEW is wrongly shown as the view name in main panel db Structure page - bug #3439292 [core] Fail to synchronize column with name of keyword - bug #3425156 [interface] Add column after drop - [interface] Avoid showing the password in phpinfo()'s output - bug #3441572 [GUI] 'newer version of phpMyAdmin' message not shown in IE8 - bug #3407235 [interface] Entering the key through a lookup window does not reset NULL - [security] Self-XSS on database names (Synchronize), see PMASA-2011-18 - [security] Self-XSS on database names (Operations/rename), see PMASA-2011-18 - [security] Self-XSS on column type (Create index), see PMASA-2011-18 - [security] Self-XSS on column type (table Search), see PMASA-2011-18 - [security] Self-XSS on invalid query (table overview), see PMASA-2011-18 3.4.7.1 (2011-11-10) - [security] Fixed possible local file inclusion in XML import (CVE-2011-4107). 3.4.7.0 (2011-10-23) - bug #3418610 [interface] Links in navigation when $cfg['MainPageIconic'] = false - bug #3418849 [interface] Inline edit shows dropdowns even after closing - bug [view] View renaming did not work - bug [navi] Wrong icon for view (MySQL 5.5) - bug #3420229 [doc] Missing documentation section - bug #3423725 [pdf] Broken PDF file when exporting database to PDF - [core] Allow to set language in URL - bug #3425184 [doc] Fix links to PHP documentation - bug #3426031 [export] Export to bzip2 is not working 3.4.6.0 (2011-10-16) - patch #3404173 InnoDB comment display with tooltips/aliases - bug #3404886 [navi] Edit SQL statement after error - bug #3403165 [interface] Collation not displayed for long enum fields - bug #3399951 [export] Config for export compression not used - bug #3400690 [privileges] DB-specific privileges won't submit - bug #3410604 [config] Configuration storage incorrect suggested table name - bug #3383572 [interface] Cannot execute saved query - bug #3411535 [display] Full text button unchecks results display options - bug #3411224 [display] Broken binary column when 'Show binary contents' is not set - bug #3411633 [core] Call to undefined function PMA_isSuperuser() - bug #3413743 [interface] Display options link missing after search - bug #3324161 [core] CSP policy causing designer JS buttons to fail - bug #3412862 [relation] Relations/constraints are dropped/created on every change - bug #3390832 [display] Delete records from last page breaks search - bug #3392150 [schema] PMA_User_Schema::processUserChoice() is broken - bug #3414744 [core] External link fails in 3.4.5 - patch #3314626 [display] CharTextareaRows is not respected - bug #3417089 [synchronize] Extraneous db choices - [security] Fixed local path disclosure vulnerability, see PMASA-2011-15 - [security] Fixed XSS in setup (host/verbose parameter), see PMASA-2011-16 3.4.5.0 (2011-09-14) - bug #3375325 [interface] Page list in navigation frame looks odd - bug #3313235 [interface] Error div misplaced - bug #3374802 [interface] Comment on a column breaks inline editing - patch #3383711 [display] Order by a column in a view doesn't work in some cases - bug #3386434 [interface] Add missing space to server status - [core] Remove library PHPExcel, due to license issues - [export] Remove native Excel export modules (xls and xlsx formats) - [import] Remove native Excel import modules (xls and xlsx formats) - bug #3392920 [edit] BLOB emptied after editing another column - [security] Fixed XSS in Inline Edit on save action, see PMASA-2011-14 - [security] Fixed XSS with db/table/column names, see PMASA-2011-14 3.4.4.0 (2011-08-24) - bug #3323060 [parser] SQL parser breaks AJAX requests if query has unclosed quotes - bug #3323101 [parser] Invalid escape sequence in SQL parser - bug #3348995 [config] $cfg['Export']['asfile'] set to false does not select asText option - bug #3340151 [export] Working SQL query exports error page - bug #3353649 [interface] "Create an index on X columns" form not validated - bug #3350790 [interface] JS error in Table->Structure->Index->Edit - bug #3353811 [interface] Info message has "error" class - bug #3357837 [interface] TABbing through a NULL field in the inline mode resets NULL - remove version number in /setup - bug #3367993 [usability] Missing "Generate Password" button - bug #3363221 [display] Missing Server Parameter on inline sql query - bug #3367986 [navi] Drop field -> lost active table - remove misleading comment on the "Rename database" interface - bug #3374374 [interface] Fix footnote for inexact count while browsing - bug #3372807 [interface] Fix security warning link in setup - bug #3374347 [display] Backquotes in normal text on import page - bug #3358750 [core] With Suhosin, urls are too long in edit links - [security] Missing sanitization on the table, column and index names leads to XSS vulnerabilities, see PMASA-2011-13 3.4.3.2 (2011-07-23) - [security] Fixed XSS vulnerability, see PMASA-2011-9 - [security] Fixed local file inclusion vulnerability, see PMASA-2011-10 - [security] Fixed local file inclusion vulnerability and code execution, see PMASA-2011-11 - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-12 3.4.3.1 (2011-07-02) - [security] Fixed possible session manipulation in swekey authentication, see PMASA-2011-5 - [security] Fixed possible code injection incase session variables are compromised, see PMASA-2011-6 - [security] Fixed regexp quoting issue in Synchronize code, see PMASA-2011-7 - [security] Fixed filtering of a file path, which allowed for directory traversal, see PMASA-2011-8 3.4.3.0 (2011-06-27) - bug #3311170 [sync] Missing helper icons in Synchronize - patch #3304473 [setup] Redefine a lable that was wrong - bug #3304544 [parser] master is not a reserved word - bug #3307616 [edit] Inline edit updates multiple duplicate rows - patch #3311539 [edit] Inline edit does not escape backslashes - bug #3313210 [interface] Columns class sometimes changed for nothing - patch #3313326 [interface] Some tooltips do not disappear - bug #3315720 [search] Fix search in non unicode tables - bug #3315741 [display] Inline query edit broken - patch #3317206 [privileges] Generate password option missing on new accounts - bug #3317293 [edit] Inline edit places HTML line breaks in edit area - bug #3319466 [interface] Inline query edit does not escape special characters - minor XSS (require a valid token) 3.4.2.0 (2011-06-07) - bug #3301249 [interface] Iconic table operations does not remove inline edit label - bug #3303869 [interface] Unnecessary scrolling on Databases page - patch #3303813 [setup] Define a label that was missing - bug #3305606 [interface] Show all button wraps on privileges page - bug #3305517 [config] Config for export compression not used - bug #3305883 [interface] Table is dropped regardless of confirmation - [auth] Fixed error handling for signon auth method. - bug #3276001 [core] Avoid caching of index.php. - bug #3306958 [interface] Unnecessary Details slider - bug #3308476 [interface] "Show all" not persistent after a sort - bug #3308072 [auth] Version disclosure to anonymous visitors - bug #3306981 [interface] pmahomme and table statistics 3.4.1.0 (2011-05-20) - bug #3301108 [interface] Synchronize and already configured host - bug #3302457 Inline edit and $cfg['PropertiesIconic'] - Patch #3302313 Show a translated label - bug #3300981 [navi] Table filter is case sensitive - bug #3285929 [privileges] Revert temporary fix - bug #3302872 [synchronize] Synchronize and user name - bug #3302733 [core] Some browsers report an insecure https connection - [security] Make redirector require valid token 3.4.0.0 (2011-05-11) + rfe #2890226 [view] Enable VIEW rename + rfe #838637 [privileges] Export a user's privileges - [core] Updated mootools to fix some glitches with Safari. + rfe #2816943 [interface] Add REGEXP ^...$ to select dialog. + rfe #2924956 [interface] Add insert ignore option to editing row. + rfe #2838080 [interface] Show warning when javascript is disabled. + rfe #2823707 [edit] Call UUID function separately to show it in insert. + rfe #2420684 [export] Allow export of timestamps in UTC. + [core] Remove config data from session as it brings chicken-egg problem. + [core] Cookie path now honors PmaAbsoluteUri. + rfe #2393597 [core] phpMyAdmin honors https in PmaAbsoluteUri. + rfe #1778337 [core] Try moving tables by RENAME and fail to CREATE/INSERT if that fails. + rfe #1721189 [core] Force reload js on code change. + rfe #1954161 [interface] Do not display long numbers in server status. + rfe #2033616 [edit] Add option to just display insert query. + rfe #1435032 [interface] Move SSL status to the end, it is usually empty. + rfe #1340812 [interface] Show numbers of columns in table structure. + rfe #1186511 [inrerface] Add link to reload navigation frame. + rfe #2936156 [auth] Signon authentication forwards error message through session data. + rfe #2835109 [interface] Move ^1 to the end of message. + rfe #854911 [interface] Grey out non applicable actions in structure + [interface] Allow to create new table from navigation frame (in light mode). + rfe #1025696 [browse] Add direct download of binary fields. - [browse] Properly display NULL value for BLOB. - rfe #1516803 [edit] Allow to set BLOB to/from NULL with ProtectBinary. - [edit] Do not default to UNHEX when using file upload. - rfe #1379201 [core] Add option to configure session_save_path. + [interface] Provide links to documentation in highlighted SQL. + [interface] It is now possible to bookmark most pages in JS capable browser. - bug #2936482 [core] Fix SSL detection. + rfe #2937850 [doc] Add some hints to chk_rel.php for quick setup. + rfe #2938579 [interface] Add class to some elements for easier theming. + rfe #2937840 [doc] Add some interesting configs to config.sample.inc.php. + rfe #2792992 [doc] Added advice to re-login after changing pmadb settings + patch #2952353 [interface] Prefill "Copy table to" in tbl_operations.php, thanks to iinl + [lang] Add English (United Kingdom) translation, thanks to Robert Readman. + patch #2948421 [auth] HTTP Basic auth realm name, thanks to Harald Jenny - haraldj - bug #2954916 [interface] Do not insert doc links to not formatted SQL. + [lang] Chinese Simplified update, thanks to Shanyan Baishui - rimyxp + [lang] Turkish update, thanks to Burak Yavuz + rfe #2963310 [interface] Focus TEXTAREA "sql_query" on click on "SQL" link + [lang] Uzbek update, thanks to Orzu Samarqandiy + rfe #2958013 [import] After import, also list uploaded filename, thanks to Pavel Konnikov and Herman van Rink + patch #2974341 [structure] Clicking on table name in db Structure should Browse the table if possible, thanks to bhdouglass - dougboybhd + patch #2975533 [search] New search operators, thanks to Martynas Mickevi?ius + patch #2967320 [designer] Colored relations based on the primary key, thanks to GreenRover - greenrover - [core] Provide way for vendors to easily change paths to config files. + patch #2979922, rfe #2804874 [interface] Add inline query editing, thanks to Muhammd Adnan. - bug #2966752 [setup] Allow to configure changes tracking in setup script. + patch #2981165 [edit] Optionally disable the Type column, thanks to Brian Douglass - bhdouglass + patch #2984058 [edit] Buttons for quicky creating common SQL queries, thanks to sutharshan. + patch #2984337 [interface] Convert loading of export/import to jQuery ready event, thanks to sutharshan. - [edit] CURRENT_TIMESTAMP is also valid for datetime fields. - patch #2985068 [engines] Fix parsing of PBXT status, thanks to Madhura Jayaratne. - patch #2986073 [interface] Convert upload progress bar to jQuery, thanks to Philip Frank. - patch #2983960 [interface] Add javascript validation of datetime input, thanks to Sutharshan Balachandren. - rfe #2981999 [interface] Default sort order is now SMART. - rfe #2972969 [interface] Fix flipping of headers in non-IE browsers. + rfe #2964518 [interface] Allow to choose servers from configuration for synchronisation. + rfe #2988633 [relation] Improve ON DELETE/ON UPDATE drop-downs + rfe #2988629 [relation] Improve labels in relation view + rfe #2983207, patch #2988715 [interface] Use jQuery calendar dialog, thanks to Muhammad Adnan. + [doc] Incorporate synchronisation docs into main document. + [core] Include Content Security Policy HTTP headers. - bug #3004216 [CSS] Field attributes use inline CSS - patch #2999595, rfe #2998130 [interface] Cleanup navigation frame. - patch #3025161 [core] Prevent sending of unnecessary cookies, thanks to Piotr Przybylski - crackpl - bug [password] Generate password only available if JS is enabled (fixed for Privileges and Change password) - [core] RecodingEngine now accepts none as valid option. + [core] Dropped AllowAnywhereRecoding configuration variable. - rfe #3016457 [interface] Define tab order in SQL form to allow easier tab navigation. + [core] Centralized format string expansion, @VARIABLES@ are recommended way now, used by file name templates, default queries, export and title generating. + [validator] SQL validator works also with SOAP PHP extension. - [interface] Better formatting for SQL validator results. - [doc] The linked-tables infrastructure is now called phpMyAdmin configuration storage. - [interface] Move drop/empty links from being tabs to Operations tab. - [interface] Fixed rendering of error/notice/info titles background. - patch #3038293 [doc] Language and grammar fixes, thanks to Isaac Bennetch - ibennetch - patch #3038312 [export] JSON export, thanks to Hauke Henningsen - blubberkeks152 - rfe #1494550 [interface] Editor for SET/ENUM fields. - rfe #2649375 [interface] Simplified interface to backup/restore. - rfe #2973909 Users preferences - [relations] Dropped WYSIWYG-PDF configuration variable. - rfe #806035, #686260 [relations] Export relations to Dia, SVG and others + [interface] Added charts to status tab, profiling page and query results + [interface] AJAXification on various pages - [core] Remove last remaining parts of profiling code which was removed in 2006. - bug #3042665 [parser] Add workaround for MySQL way of handling backtick. - bug #3056610 [interface] Removed modification options for information_schema + patch #3055886 [config] Add Left frame table filter visibility config option, thanks to eesau - [core] Force generating of new session on login + rfe #1105678 [interface] Drop page-break-before as it is useless for smaller tables. + rfe #2956556 [interface] Allow to wrap enum values. - bug #1669459 [interface] Do not automatically mark PDF schema rows to delete - bug #3087682 [interface] Do not apply LeftFrameDBSeparator on first character. + rfe #3111455 [interface] Column highlighting and marking in table view + Visual query builder - bug #3115519 [interface] Prevent long queries from being shown in confirmation popup - patch #3112792 [navi] Left panel table grouping incorrect, thanks to garas - garas - bug #3123433 [interface] Avoid double escaping of MySQL errors. - [interface] Use less noisy message and remove disable link on server charts and database statistics. + rfe #3141330 [relation] When displaying results, show a link to the foreign table even when phpMyAdmin configuration storage is not active - bug #3141327 [relation] Foreign key input options - [export] Better handling of export to PHP array. - rfe #3158867 [privileges] No DROP DATABASE warning if you delete a user - [interface] Add link to documentation for status variables. - [security] Redirect external links to avoid Referer leakage. - [interface] Default to not count tables in database. - patch #3172172 [interface] Shortcut for copying table row. - bug #3175227 [auth] Reset user cache on login. - rfe #3148361 [interface] Replace hard coded limit with $cfg['LimitChars']. - bug #3177136 [interface] Indicate that bookmark is being used on browse. - [interface] Indicate shared bookmarks in interface. - patch #3176420 [Search] Ajaxify browse and delete criteria in DB Search, thanks to Thilanka Kaushalya - [interface] New default theme pmahomme, dropped darkblue_orange theme. - rfe #2936155 [auth] Allow to pass additional parameters using signon method. - rfe #1640812 [auth] Add example for OpenID authentication using signon method. - rfe #1312657 [dbi] Default to mysqli extension. - rfe #1168350 [interface] Add clear button to SQL edit box. - [core] Update library PHPExcel to version 1.7.6 - bug #3206876 [core] Work without mbstring installed. - rfe #3196075, patch #3212068 [interface] Add links to variables documentation. - bug #3208723 [import] Fix import of utf-8 XML files. - bug #3039384 [auth] Force signon auth on signon URL change. - bug #3168733 [core] Synchronization does not honor AllowArbitraryServer - bug #3134495 [synchronization] Data containing single quotes prevents sync, thanks to jviewer - Remove the custom color picker feature - bug #3285929 [privileges] Don't fail silently on missing priviledge to execute REVOKE ALL PRIVILEGES 3.3.11.0 (not yet released) 3.3.10.1 (2011-05-20) - [security] XSS on Tracking page 3.3.10.0 (2011-03-19) - patch #3147400 [structure] Aria table size printed as unknown, thanks to erickoh75 - erickoh75 - patch #3150164 [structure] Ordering by size gives incorrect results, thanks to Madhura Jayaratne - madhuracj - bug #3153409 [core] 0 row(s) affected - bug #3155842 [core] Edit relational page and page number - [security] Minor security fixes, see PMASA-2010-9 and PMASA-2010-10 - [lang] German update, thanks to to jannicars@users.sourceforge.net. 3.3.9.2 (2011-02-11) - [security] SQL injection, see PMASA-2011-2 3.3.9.1 (2011-02-08) - [security] Path disclosure, see PMASA-2011-1 3.3.9.0 (2011-01-03) - bug [doc] Fix references to MySQL doc - patch #3101490 Default function for TIMESTAMP, thanks to jirand - jirand - bug #3103853 [js] Double quotes were not escaped in generated js - bug #3077463 [core] Events were not copied when copying/renaming database - bug #1762306 [core] Copy database with view of a view - patch #3117535 [replication] Add quotes to database in initial statement, thanks to Craig Duncan - duncan3dc - bug #3112614 [pdf schema] Scratchboard for PDF pages not working - bug #3125606 [parser] Query for table "level" causes strange display - bug #3127904 [parser] Close all opened round brackets indents --- Older ChangeLogs can be found on our project website --- http://www.phpmyadmin.net/old-stuff/ChangeLogs/ # vim: et ts=4 sw=4 sts=4 # vim: ft=changelog fenc=utf-8 # vim: fde=getline(v\:lnum-1)=~'^\\s*$'&&getline(v\:lnum)=~'\\S'?'>1'\:1&&v\:lnum>4&&getline(v\:lnum)!~'^#' # vim: fdn=1 fdm=expr