Recent Releases

4.7.031 Mar 2017 03:15 major bugfix: patch #12233 Display Improve message when renaming database to same name. Log authentication attempts to syslog. Remove support for Swekey authentication. Remove code for no longer supported MSIE versions. Remove embedded PHP libraries, use composer to install them. Cannot easily select multiple tables when exporting. Add javascript filtering for databases. More compact rendering of navigation tree. Improve performance with SkipLockedTables. Do not hide indexes under a slider. Improve performance of zip file import. Removed cfg 'ThemePath' . Add support for export user settings as snippet. Better report query errors while generating SQL exports. Produce valid JSON on export. Setup script icons broken. Support IPv6 proxies. Removed MySQL connection retry without password. Allow to specify further parameters for control connection. Show charset for each table on Database structure page. Incorrect link in the href of icon at Hide/Show unhide links. Shortcut for closing console. Improved handling of http requests. Broken links in Setup forms Navigation. Can't add a new User. Add 'token' Parameter in all POST requests ('Token mismatch' errors). Improved usage of number_format. Server selection not working. NULL results in dataset are colored grey. Create Bookmark broken. Use unsigned int for storing bookmark ID. Added password strength indicator. Correctly handle HTTP status when doing requests. Add option to delete settings from browser storage. Remove unused PMA_addJSCode function. Add table filtering to database structure. Allow to configure signon session parameters. Drop database is broken. Can't toggle Event Scheduler on. Finish removing dead code references to xls/xlsx import and export, which was removed some time ago. Rename "Relations" to "Relationships" in many places as it's the more proper term. margins in central columns feature. Document more export configuration options. Use consis Dec 2016 20:05 minor bugfix: SQL export with newlines. Nov 2016 05:45 minor bugfix: Incorrect parameters to escapeString in Node.php. PHP error when mbstring is not installed. Don't force partition count to be specified when creating a new table.
4.6.526 Nov 2016 03:15 minor bugfix: Remove potentionally license problematic sRGB profile. Display read only fields as read only when editing. expanding of navigation pane when clicking on database. Impove partitioning support. Reintroduced simplified PmaAbsoluteUri configuration directive. Always use UTC time in HTTP headers. Simplified validation of external links. browsing tables with built in transformations. Do not show warning about short blowfish_secret if none is set. random logouts due to wrong cookie path. editing of ENUM/SET/DECIMAL fields structure. Missing escaping of configuration used in SQL (hide_db and only_db). Add error checking in reading advisory rules file. Add checking missing elements and confirming element types from json_decode. Automatically save SQL query in browser local storage rather than in cookie. Unable to edit transformations. Remove unused paramenter when connecting to MySQLi. number formatting with different settings of precision in PHP. Use single quotes in PHP code. Option for the dropped column is not removed from 'after_field' select, after the column is dropped. Properly detect DROP DATABASE queries. possible race condition in setting URL hash. Remove caching of server information. Proper parsing of INSERT... ON DUPLICATE KEY queries. Proper parsing of CREATE TABLE... PARTITION queries. Code can throw unhandled exception. Do not try to keep alive session even after expiry. rendering BBCode links in setup. copy of table with generated columns. export of table with generated columns. Copying a user does not copy usergroup. Adding a new row with default enum goes to no selection when you want to add more then 2 rows. Drag and drop import prevents file dropping to blob column file selector on the insert tab. Absence of scrolling makes it impossible to read longer text values in grid editing. "Edit routine" crashes when the current user is not the definer, even if privileges are adequate. Export selective tables by-d
4.6.418 Aug 2016 06:45 minor security: security Weaknesses with cookie encryption, see PMASA-2016-29. security Improve session cookie code for openid.php and signon.php example files. security Full path disclosure in openid.php and signon.php example files. security Multiple XSS vulnerabilities, see PMASA-2016-30. security Multiple XSS vulnerabilities, see PMASA-2016-31. security Unsafe generation of BlowfishSecret (when not supplied by the user). security Referrer leak when phpinfo is enabled. security PHP code injection, see PMASA-2016-32. security Full path disclosure, see PMASA-2016-33. security SQL injection attack, see PMASA-2016-34. security Local file exposure through LOAD DATA LOCAL INFILE, see PMASA-2016-35. security Local file exposure through symlinks with UploadDir, see PMASA-2016-36. security Path traversal with SaveDir and UploadDir, see PMASA-2016-37. security Multiple XSS vulnerabilities, see PMASA-2016-38. security SQL injection vulnerability as control user, see PMASA-2016-39. security SQL injection vulnerability, see PMASA-2016-40. security Denial-of-service attack through transformation feature, see PMASA-2016-41. security SQL injection vulnerability as control user, see PMASA-2016-42. security Verify data before unserializing, see PMASA-2016-43. security Use HTTPS for wiki links. Remove Swekey support. security SSRF in setup script, see PMASA-2016-44. security Denial-of-service attack with cfg 'AllowArbitraryServer' = true and persistent connections, see PMASA-2016-45. security Improve SSL certificate handling. security full path disclosure in deging code. security Possible circumvention of IP-based allow/deny rules with IPv6 and proxy server, see PMASA-2016-47. security Detect if user is logged in, see PMASA-2016-48. security Bypass URL redirection protection, see PMASA-2016-49. security Referrer leak, see PMASA-2016-50. security Reflected File Download, see PMASA-2016-51. security Arbitrary
4.6.324 Jun 2016 03:15 minor security: Cookie path on Windows. Error reporting on connect problems. Export of tables without explicitly set engine. Designer JavaScript error: Show/Hide tables list. MySQL SSL connection with some PHP versions. MySQL connection error on version mismatch. Keep user attributes (privileges, authentication mode, etc) when copying a user. Division by zero in case of misconfigured MySQL server. Editing server variables. Table size calculation in some circumstances. Listing routines for non privileged user. Escape generated query in exporting a database. Setup script doesn't use input type 'password' in all relevant locations. security BBCode injection in setup script, see PMASA-2016-17. security Cookie attribute injection attack, see PMASA-2016-18. Redirect loop when directly calling url.php. security SQL injection attack, see PMASA-2016-19. security XSS attack in Table Structure page, see PMASA-2016-20. security XSS attack in Server Privileges page, see PMASA-2016-21. security DOS attack vulnerability, see PMASA-2016-22. security Multiple full path disclosure vulnerabilities, see PMASA-2016-23. security Full path disclosure when running in demode. security XSS attack with partition range and table structure, see PMASA-2016-25. security XSS attack when checking database privileges, see PMASA-2016-26. security XSS attack when MySQL server is using a specific payload log_bin directive, see PMASA-2016-26. security XSS vulnerabilities in Transformation feature, see PMASA-2016-26.
4.6.226 May 2016 03:15 minor bugfix: security User SQL queries can be revealed through URL GET parameters, see PMASA-2016-14. security Self XSS vulneratbility, see PMASA-2016-16. Use https for documentation links. schema export with too many tables. Avoid parsing non JSON responses as JSON. Avoid using too log URLs when getting javascripts. setting mixed case languages. Avoid storing objects in session when deging SQL. cookie path on IIS. occassional 200 errors on Windows. locking when importing SQL. Avoid confusing warning when mysql extension is missing. Improve handling of logout. Safer handling of sessions during authentication. server selection on main page. Avoid storing full error data in session. export of ARCHIVE tables with keys. Add session reload for config authentication. Do not fail on errors stored in session. loading of APC based upload progress bar.
4.6.110 May 2016 03:15 minor bugfix: PMA_Util not found in insert_edit.lib.php. Activation of some languages. Error in 3NF step of normalization. Offering JSON datatype in incompatible MySQL versions. Can not open table with JSON field. Cannot highlight a column if I scroll down from the top of the table. Possible PHP error in SQL parser. SQL quoting in SQL export. Improve performance of database structure page. PHP error if user did unpack new version over old one. Parsing of expression 0. Document setup with Google Cloud SQL. Parsing of queries with double . Setting of language from user configuration. Check for ndb version. Loading of configuration file. Check if sessions are working and report failures. Non-clickable initial letter for users / and can't modify users with MySQL 5.7.12. Config tab persistence errors. Javascript erros on user creation. Parsing of some AS clauses. Parsing of FULL OUTER JOIN queries. Editing of VIEW structure. Avoid printing executed queries on import. Mar 2016 03:15 major bugfix: Disabled storage engines. Allow setting routine wise privileges. Hide Insert tab for non-updatable views. UI for defining partitioning in create table window. Support JSON data type. Editing partitions in table Structure. Tracking does not make sense for information_schema. Regression in Find and replace. TokuDB Tables Show Size as "unknown". Use a slider for Internal relations. Ability to disable the navigationhiding Feature. Restrict configuration NavigationTreeDbSeparator to strings. Disable the tooltip in the navigation panel's filter box. Copy results to clipboard. Reactivate cut paste possibility in print view. Extraneous message after edit + grid-edit. Table header is empty with browsing an empty table. Allow changing parameter order of routines. Remove no password warning. Clarify the meaning of "Stand-in structure for view" in SQL export. HTML line break shown after a MySQL connection error message. CSV import skip row count after. displaying of SQL query on table operations. Display binary strings as text if they are valid UTF-8. Display routine specific privileges. Copy multiple tables to database. Support Cloudflare Flexible SSL. Handle empty TABLE_COMMENT. Drop support for old Internet Explorer versions. Use modals for displaying forms in db structure page. Show MySQL error messages in user language. Add 'ssl_verify' configuration directive for self-signed certificates with mysqlnd and PHP = 5.6. Show more used PHP extensions. Report when version check and error reporting are disabled. PDF schema export. Remove ForceSSL configuration directive. Remove support for Mozilla Prism. Remove PmaAbsoluteUri configuration directive. autoloading of phpseclib. rendering of missing extension error. Errors on Structure tab when user only has select access on certain columns. Missing documentation for cfg 'Servers' i 'favorite' and cfg 'NumFavoriteTables Mar 2016 00:45 minor security: CREATE UNIQUE INDEX index type is not recognized by parser. Row count wrong when grouping joined tables. Column definition with default value and comment in CREATE TABLE expoerted faulty. New statement but no delimiter and unexpected token with REPLACE. incorrect usage of SQL parser context in SQL export. security XSS vulnerability in SQL parser, see PMASA-2016-10. security Multiple XSS vulnerabilities, see PMASA-2016-11. security Multiple XSS vulnerabilities, see PMASA-2016-12. security Vulnerability allowing man-in-the-middle attack on API call to GitHub, see PMASA-2016-13. inclusion of gettext library from SQL parser. Feb 2016 09:05 major bugfix: Undefined index: is_ajax_request. password change on MariaDB 10.1 and newer. Validate version information before further processing it. Full processlist lost on refresh. Adjust privileges fails if database name contains underscores. 'Loading...' banner shows on login screen. changing of table parameters, eg. AUTO_INCREMENT. Call to undefined function SqlParser ctype_alnum(). .5.3.1 - NOW() function not recognized by parser. Gracefully handle the DESC statement. Fractional timestamp causes corrupted SQL export. Static analysis error for valid WHERE condition with IF keyword. Syntax Verifier error using REGEXP in SQL statement. Backslashes in comments are being interpreted as escape characters. Can't insert row into table that contains generated column. sql-parser and php-gettext collide. Can't disable backquotes in export. Inserts via tbl_change.php in VARBINARY columns does not allow using HEX() and MD5(). Correct content type for uploaded error reports. Silent errors from checking local documentation. error on servers with disabled php_uname. Correctly store and report file upload errors. Avoid javascript errors on invalid location hash. PHP warning on configuration errors. Silent errors on checking for writable folders. Silent warning on invalid file upload. Do not fail getting filename with open_basedir limitations. unrecognized keyword interval. Field names and aliases are being correctly parsed now. javascript error in setup. Undefined index: TABLE_COMMENT in database structure page. PHP error on loading invalid XML or ODS file. Missing confirmation while dropping a view in view_operations.php. export of index comments in SQL. DECLARE not accepted as valid SQL. Feb 2016 13:45 minor documentation: Error with PMA Remove hard dependency on phpseclib. Jan 2016 14:05 major security: live data edit of big sets is not working. Table list not saved in db QBE bookmarked search. While 'changing a column', query fails with a syntax error after the 'CHARSET=' keyword. Avoid syntax error in javascript messages on invalid PHP setting for max_input_vars. Properly handle errors in upacking zip archive. Set PHP's internal encoding to UTF-8. Kanji encoding in some specific cases. Check whether iconv works before using it. Avoid conversion of MySQL error messages. Undefined index: parameters. Undefined index: field_name_orig. Undefined index: host. 'Add to central columns' (per column button) does nothing. SQL duplicate entry error trying to INSERT in designer_settings table. handling of databases with dot in a name. hiding of page content behind menu. FROM clause not generated after loading search bookmark. creating/editing VIEW with DEFINER containing special chars. Do not invoke FLUSH PRIVILEGES when server in --skip-grant-tables. Misleading message for configuration storage. Table pagination does nothing when session expired. Index comments not working properly. Better handle local storage errors. Improve detection of privileges for privilege adjusting. Undefined property: stdClass:: releases at version check when disabled in config. SQL comment and variable stripped from bookmark on save. Gracefully handle errors in regex based javascript search. Security Multiple full path disclosure vulnerabilities, see PMASA-2016-1. Security Unsafe generation of CSRF token, see PMASA-2016-2. Security Multiple XSS vulnerabilities, see PMASA-2016-3. Security Insecure password generation in JavaScript, see PMASA-2016-4. Security Unsafe comparison of CSRF token, see PMASA-2016-5. Security Multiple full path disclosure vulnerabilities, see PMASA-2016-6. Security XSS vulnerability in normalization page, see PMASA-2016-7. Security Full path disclosure vulnerability in SQL parser, see PMASA-2016-8. Security XSS vulnerabili Dec 2015 09:05 minor security: Undefined offset 2. Security Path disclosure, see PMASA-2015-6. Dec 2015 06:25 major bugfix: Incomplete results of UNION ALL. MATCH AGAINST keywords not recognized. syntax verifier is not knowing "STRAIGHT_JOIN". REPLACE() function confused with REPLACE statement. FLUSH word not recognized by parser. Online syntax verifier - "IF" on SELECT statement. Format breaks query with COUNT(). Undefinex index: SendErrorReports. Incorrect script name in include. Warning: Invalid argument supplied for foreach(). Delimiter missing while exporting multiple db routines. mysql_native_password with MariaDB - Flush privileges overusage - related to #11597. Query was empty on creating User in 4.5.2. PMA_getDataForDeleteUsers() warning. Cannot create user on Percona Server. Properly report error on connecting. Database export template not saving compression option. single quote export for servers in ANSI_QUOTES mode. Avoid duplicite fetching of table information. Temporary for live data edit of big sets is not working. IE 8 compatibility in console. Exporting feature does not work with union table. Cannot export results of some queries. Message "An account already exists..." incorrectly displayed. Missing quoting of table in ALTER CONVERT query. PMA 4.5.2 breaks MySQL Master-Master Cluster. Export and preview show different SQL for character set. possible undefined variables in table operations. Nov 2015 06:45 major feature: Incorrect parameter in mysqli_fetch_fields(). Missing headers in zipped export. Parser: Array to string conversion. Huge binary log growth on 4.5.x. 'only_db' config option when db names contain underscore and are grouped. Unable to change password from Login information tab. Undefined variable: res_rel. Warning while exporting schema to PDF. Undefined index: new_row_format. Changing hostname kills password. Undefined variable: db. CREATE TABLE/INSERT INTO executed twice (ctrl+enter). Warning: mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given. Exporting GIS visualization ignores start and row count. Errors instead of git info when PHP has no gzip support. CodeMirror tooltip shows below modal window. with the MainBackground Color. Profiling checkbox is missing. Properly handle session expiry after POST requests. Notice in./export.php#214 Undefined index: quick_or_custom. Unrecognized keywords. Sql not executed properly. Linter warnings when creating new user. wrong row count for query results. Analyzer doesn't recognize GRANT statements. Parser warnings (subqueries). Collation column is empty in table Structure. Error changing table's column encoding. Oct 2015 07:05 major feature: Invalid argument supplied for foreach(). array_key_exists() expects parameter 2 to be array. Notice Undefined index: drop_database. Server variable edition in ANSI_QUOTES sql_mode: losing current value. Propose table structure broken. phpMyAdmin suggests upgrading to newer version not usable on that system. 'PMA_Microhistory' is undefined. Incorrect definition for getTablesWhenOpen(). Error when creating new user on MariaDB 10.0.21. Notice on htmlspecialchars(). Notice in Structure page of views. AUTO_INCREMENT always exported when IF NOT EXISTS is on. Some partitions are missing in copied table. Notice of undefined variable when performing SHOW CREATE. Error exporting sql query results with table alias. SQL editing window does not recognise 'OUTER' keyword in 'LEFT OUTER JOIN'. "NOT IN" clause not recognized (MySQL 5.6 and 5.7). Yellow star does not change in database Structure after add/remove from favorites. Invalid SQL in table definition when exporting table. Foreign key to other database's tables fails. while exporting results when a joined table field name is in SELECT query. Strange behavior on table rename. Rename table does not result in refresh in left panel. Missing arguments for PMA_Table::generateAlter(). Notices about undefined indexes on structure pages of information_schema tables. Change minimum PHP version for Composer. Import parser and backslash. "Visualize GIS data" seems to be broken. Confirm box on "Reset slave" option. cookies clearing on version change. Cannot execute SQL with subquery. Incorrect syntax creating a user using mysql_native_password with MariaDB. Cannot use third party auth plugins. Sep 2015 16:45 minor documentation: Incorrect indexes when exporting. Sep 2015 15:45 minor documentation: AUTO_INCREMENT statements are partly missing from exports. Sep 2015 16:45 major bugfix: Undefined "replace" function on numeric scalar. Stored-proc / routine - broken parameter parsing. Missing name for configuration read_as_multibytes. Incorrect "No row selected" message. MySQL 5.5 and the language system variable. Semantics of export and import icons are mixed up. Designer-in move.js on multiple server configuration. Invalid UTF-8 sequence in argument. Request URI too large. Invalid argument supplied for foreach(). Foreign key constraints for InnoDB tables with upper-case letters disabled. Warning when entering Query page. Sep 2015 14:45 minor security: security reCaptcha bypass. Aug 2015 10:45 major documentation: Export after search, missing WHERE clause. Incomplete message after import. Incorrect scalar type declaration (reported under PHP 7). ReCaptcha produces deprecated messages under PHP 7. phpseclib 2.0 produces deprecated messages on PHP 7. "Switch to copied table" doesn't work. Missing quotes after calling "distinct values". Cannot import database with long data in one column. SPATIAL index option is not clickable. Aug 2015 18:45 minor feature: SQL error when importing phpMyAdmin dump file. Aug 2015 07:25 minor feature: "Improve table structure" generates invalid SQL. issue Once checked "Show only active" checkbox is always checked. Delete rows using "Check All" is broken. issue Fix PHP 7 possible binding ambiguity. Exported schema includes all the tables of the database. Results not displayed if query ends in delimiter and comment. Live edit of data fields is not working always. issue Table list in navigation collapses when entering into a table in another page. JS error while trying to auto navigate to db structure page when db creation has failed. Jul 2015 08:25 minor feature: Saved chart image did not have a proper name or an extension. Timepicker CSS issues in Original theme. Move/Copy/Rename operations on Table/Db fail on Drizzle server. Two inline edit windows. Problem when import *.ods file. Add missing head tag. Column headers move when scrolling. Jul 2015 22:05 minor feature: bug Missing selected/entered values when editing active options in visual query builder. Autoload from prefs_storage not behaving properly. Incorrect length computed for binary data. bug Remove character set from create_tables_drizzle.sql. Users overview needs clarification. Creating a database from console doesn't update navigation panel. FAQ 1.17 needs an update. Jun 2015 15:45 minor feature: Issues in database selection for replication. Trying to save chart as image crashes the browser. cant drag sql.gz file onto import input. Table creation results in GET request with missing server parameter that invalidates the session. Javascript error when Designer is opened. Insert by foreign key scrolls page to top. Clicking on the navi logo does not always work. bug External URL for cfg 'NavigationLogoLink' causes JavaScript error when clicked. Jun 2015 13:25 minor feature: relation view doesn't list fields of table in other database. Sorting by an alias. False error before entering reCAPTCHA. central column with multiple server. Custom export with backquotes off is not working. Reverse proxy: infinite internal redirect (added warning in doc). Export to gzip saves plain text under Chrome. May 2015 03:16 minor feature: bug Allow accessing visual query builder when pmadb is not configured. Nav tree line alignment issue. Lock page icon is not shown after fresh reload. "Highlight pointer" and "Row marker" doesn't work properly. bug Browse foreigners window goes out of the window. Date field popup dialog position bug. bug In /setup, PMA_messages is not defined. Recaptcha failure. Database copy doesn't work for tables with more than one FULLTEXT index. Edit view structure doesn't load the algorithm. Do not limit table comments to 60 characters. May 2015 03:16 minor feature: Settings issues (Favorite tables shown twice in Settings). Non-styled error page when following results link. Deleting without confirmation. Issues with SQL autocomplete. Column hint in SQL autocomplete is sometimes not shown. JS error after selecting a field and press Enter. bug Honor proxy settings when getting Git commit information. bug Missing title on link. ForceSSL Redirect Check. bug Undefined index collation_connection. bug Error when the reporting server is down. bug Escape database and table names for partition maintenance. bug Invalid value for CURLOPT_SSL_VERIFYPEER. Import status infinite loop. Designer: Loading does not work. Setup: Overview Display does not work. Designer: pages from all databases. May 2015 14:45 security: security CSRF vulnerability in setup. May 2015 03:45 minor feature: webkitStorageInfo and webkitIndexedDB is deprecated. Undefined variable: unique_conditions. CSV Import ignores "Replace table data with file" checkbox. May 2015 20:05 minor bugfix: Table overhead stats: missing space before the unit. Fix resize icon in Designer. Exit fullscreen in Designer does not change the button text. Designer icons missing when using original theme. Column list of central columns is not cleared. jQuery dialogs of the Designer are not displayed in fullscreen. Search function breaks when searching for certain combinations of backslashes and slashes. Maximum execution time exceeded in Util.class.php (better fix). Some icons are above the overlay of jQuery dialogs. Clicking on external links in advisor rules give JS error. Filter in central columns does not work in other languages. Apr 2015 02:45 minor bugfix: Don't scroll (to bottom) when editing multiple rows. Misaligned Inline edit field. Use of undefined constant PMA_DRIZZLE. sprintf(): Too few arguments. Limit column ordering in index edit dialog. Incorrect ALTER TABLE statement generated. Inconsistency in 'Ignore' checkbox in insert page. Drop column action not asking to confirm. Error on creating table. Bugfux for Undefined index: Rows. Apr 2015 14:05 minor feature: PHP errors in login dialogue. json_encode error due to strftime returning non utf8 chars in Windows 8.1 Chinese version. White screen (Cloudflare). Server error viewing table content. bug Fix issues related to number of decimal places in time. Relation view between 1600 and 1780 px. bug PHP 7 compatibility in php-gettext. bug PHP 7 compatibility in bfShapeFiles. bug PHP 7 session_regenerate_id() warning. Alter table after changing column name error. Maximum execution time exceeded in Util.class.php. Apr 2015 01:25 major bugfix: PMA_hideShowConnection not called after submit_num_fields. Server warning after moving from console to direct clicks. Duplicate new version notification when using the "Back" button. DOC link in setting is broken. Status page: Mislukte pogingen per uur value is incorrect. MIME Transformation link fixed. Prevents console window from moving out of the screen height. Create procedure via SQL Editor not more possible. CSS and Javascript are not compressed. Functions accessed from navigation do not load on ajax dialog. Relation view on 1920. Apr 2015 22:00 minor bugfix: Web server's error log is flooded. Apr 2015 13:05 minor feature: Fixed changing the password for another user. Request URI too large. MySQL 5.7.6 and Databases: Use 'server' parameter in console to work in multi server environments. Missing tooltip in monitor. Missing sort icons in monitor. Inline edit broken when using functions in query. Timed-out import fails to restart when file represented. pMA DB not detected properly. Datepicker missing when changing number of rows on Insert page. INNODB STATUS page is empty. JavaScript is loaded in wrong order. TEXT formatting doesn't work after inline editing. Compress when php.ini output_buffering is active. Sorting distinct values result loses links. Do not attach token to css requests to improve caching. Apr 2015 03:16 major feature: rfe InnoDB presently supports one FULLTEXT index creation at a time. rfe Allow tracking multiple table at once from database level tracking page. rfe Improve action message on Tracking page. rfe Change value of "Number of rows:" when "Show all" is checked. rfe Focus console by clicking on white space. rfe Part 1: Cycle through console history with keyboard up/down arrows. rfe Default to primary key when adding relation. rfe User prefs: Diff-friendly JSON for config. rfe Sever Variables Table UI Improvements. phpMyAdmin should be able to work without 'examples' DIR - move SQL scripts to sql directory. rfe Warn about reserved word only when a column is created. rfe Recaptcha API v2. rfe Individual Zeroconf PMA tables support. rfe Generate keys one per line. rfe allow table with transformed column anywhere in FROM clause. rfe Shortcut link to search page. rfe Fold Add Column After / Before into dropdown. Table structure: adding primary key doesn't refresh page. rfe SQL formatter. rfe Fast filter improvement: remove "x other results found". No error message on Missing extension mbstring. rfe Builtin transformations and relations. rfe USING BTREE support for HEAP/MEMORY tables. rfe Make "Options Relational" configurable. rfe More details in PDF relation view. rfe Cannot enter connection for federated engine table. rfe Allow SALT in ENCRYPT function. rfe Setting LoginCookieValidity session.gc_maxlifetime. rfe Transformation for JSON. bug Fix isCanvasSupported for new window. rfe Clarify the "Inline" link. rfe Speed up slow triggers by using EVENT_OBJECT_SCHEMA. rfe ON DUPLICATE KEY UPDATE for loading CSV. bug Cannot execute command from console (multi-server installation). rfe linking from information_schema. rfe Relation view: move to main "Structure" page. rfe Designer menu with explicit text. rfe Relations with views like with tables. rfe Browse Field - Search. rfe Provide sanity check for table/column Mar 2015 19:25 hidden: "Show hidden items" is sometimes hidden. Breaks when sorting by multiple columns while using UNION. Missing column when exporting in sql. Broken find and replace. Undefined Index after export schema. Changelog page is not working. Infinite calls to index.php. Invalid links to simulate query fails, but actual query does not. Mar 2015 06:25 minor feature: bug #4746 Right-aligned columns have left-aligned header bug #4779 PMA_Util::parseEnumSetValues fails on enums with UTF-8 values bug Undefined index savedsearcheswork bug #4788 Inline edit of DATE fields with NULL, NULL checkbox is under datepicker bug #4790 DROP TABLE/VIEW IF EXISTS are not tracked bug Compatibility with central columns of version 4.4 bug #4758 Firefox with auth_type to http with multiple server doesn't work anymore bug #4789 Views aren't dropped when copying a database bug #4784 Incomplete bookmark saving bug #4786 SELECT width on relations page Mar 2015 19:25 security: Risk of BREACH attack, see PMASA-2015-1 Mar 2015 20:05 minor feature: SQL links are completely wrong. MariaDB: version mismatch. Some images are missing in Designer for original theme. Drizzle: undefined index in Normal field and multi-line field have different margins. Cannot re-import settings from local storage. SQL error when database list is sorted by additional columns. Notice when timestamp column does not have default value. Feb 2015 04:05 minor feature: bug Undefined index navwork bug #4744 Opening console scroll down the page bug Remove extra column heading in view structure page bug Add missing confirmation when deleting central columns bug Undefined index DisableIS bug #4763 Database export with more than 512 tables fails bug #4769 Previously set column aliases are destroyed if returned to the same table bug #4752 Incorrect page after creating table bug #4771 Central Columns not working, showing error Feb 2015 03:17 minor feature: bug #4728 Incorrect headings in routine editor bug #4730 Notice while browsing tables when phpmyadmin pma database exists, but not all the tables bug #4729 Display original field when using "Relational display column" option and display column is empty bug #4734 Default values for binary fields do not support binary values bug #4736 Changing display options breaks query highlighting bug Undefined index submit_type bug #4738 Header lose align when scrolling in Firefox bug #4741 in ./libraries/Advisor.class.php#184 vsprintf: Too few arguments bug #4743 Unable to move cursor with keyboard in filter rows box bug Incorrect link in doc bug #4745 Tracking does not handle views properly bug #4706 Schema export doesn't handle dots in db/table name bug #3935 Table Header not displayed correct bug #4750 Disable renaming referenced columns bug #4748 Column name center-aligned instead of left-aligned in Relations Jan 2015 07:05 minor feature: bug Undefined constant PMA_DRIZZLE bug #4712 Wrongly positioned date-picker while Grid-Editing bug #4714 Forced ORDER BY for own sql statements bug #4721 Undefined property: stdClass:: version bug #4719 'only_db' not working bug #4700 Error text: Internal Server Error bug #4722 Incorrect width table summary when favorite tables is disabled bug #4716 Collapse all in navigation panel is sometimes broken bug #4724 Cannot navigate in filtered table list bug #4717 Database navigation menu broken when resolution/screen is changing bug #4727 Collation column missing in database list when DisableIS is true bug Undefined index central_columnswork bug Undefined index favorite_tables Jan 2015 04:25 minor feature: bug #4694 js error on marking table as favorite in Safari bug #4695 Changing cfg doesn't update link and title bug Undefined index menuswork bug Undefined index navwork bug Undefined index central_columnswork bug #4697 Server Status refresh not behaving as expected bug Null argument in array_multisort bug #4699 Navigation panel should not hide icons based on 'TableNavigationLinksMode' bug #4703 Unsaved schema page exported as pdf.pdf bug #4707 Call to undefined method PMA_Schema_PDF::dieSchema bug #4702 URL is non RFC-2396 compatible in get_scripts.js.php Jan 2015 08:05 minor feature: bug Undefined index notices while configuring recent and favorite tables bug #4687 Designer breaks without configuration storage bug #4686 Select elements flicker and selects something else bug #4689 Setup tool creates "pma__favorites" incorrectly bug #4685 Call to a member function isUserType on a non-object bug #4691 Do not include console when no server is selected bug #4688 File permissions in archive bug #4692 Dynamic javascripts gives 500 when db selected Dec 2014 03:25 minor feature: bug #4653 Always connection error was shown, on /setup at tab "configuration storage" bug #4661 Drag and drop file import always fails bug #4651 don't open console with esc bug #4664 select min displays 1 row, but reports the table amount of rows returned bug #4666 Undefined indexes in table stucture print view of a view bug #4663 Export missing back ticks for order table name bug #4668 Remove from central columns error bug #4670 CSV import reads both commas and values into first column after first row bug #4642 phpmyadmin often fails to load due to specific load order bug #4671 Unable to move all columns bug #4645 Import of export created with mysqldump bug #4672 "Distinct values" does not page bug #4667 Consistency in borders bug #4658 Illegal string offset bug #4655 Undefined index: collation_connection bug #4673 Delimiter causing page lock Dec 2014 03:15 minor feature: bug The "Recently used tables" setting should be with Nav panel bug #4647 Can't disable Favorites bug #4646 Version Check Broken bug #4630 AJAX request infinite loop bug #4649 Attributes field size smaller than others bug #4622 Cannot remove table ordering on a Mac bug Fix initial replication configuration bug Undefined index central_columnswork bug #4657 Don't have default blowfish_secret bug #4656 Some error popups fade away too quickly bug #4648 Consistency in borders bug cfg no longer necessary bug #4659 Leading and trailing whitespace in column name Dec 2014 13:45 minor feature: bug #4628 PHP error while exporting schema as PDF bug #4631 Server selector submits two server parameter values bug #4629 Problem with custom SQL queries using cookie authentication bug Undefined index central_columnswork bug #4632 Notice in ./libraries/Util.class.php#1916 Undefined index: query bug #4633 Wrong parameter in fetchValue bug #4634 Error reporting creates an infinite loop bug #4635 Token mismatch while creating configuration storage bug #4640 Incorrect reference to PHP 6 bug #3794 failure to handle repeating empty columns when importing ODS bug #4638 Default Export Method setting broken bug #4639 Export SQL missing indentation first field bug #4637 Field Alignment bug #4644 Error when browsing tables Dec 2014 03:15 minor feature: bug #4609 'Show all' checkbox label is not clickable bug #4610 JS error reporting: Hash fragment is reset bug Undefined index menuswork bug #4614 Separator between "Show All" and "Number of rows" disappears bug #4615 SQL highlighting in process list breaks on auto refresh bug #4616 Warning in db structure print view page bug Undefined index navwork, savedsearcheswork, fields bug #4620 Undefined index while adding to the central columns list bug #4618 Page scrolls while GIS visualization is zoomed in/out with mousewheel bug #4613 HHVM: method 'ob_gzhandler' not found bug #4593 Manual "SELECT" doesn't change active table bug #4623 Incomplete PHP OpenSSL support bug #4626 Ctrl + click on a column not in sort triggers a server call to erroneous url bug #4625 "Insufficient space to save the file" on export SQL to file on server bug #4627 "file_get_contents: failed to open stream" after update bug #4617 UI issues with sortable tables bug #4619 SELECT LENGTH FROM `table` does not sort Dec 2014 06:05 security: bug #4612 XSS vulnerability in redirection mechanism bug #4611 DOS attack with long passwords Dec 2014 07:45 minor feature: bug #4604 Query history not being deleted bug #4057 db/table query string parameters no longer work bug #4605 Unseen messages in tracking bug #4606 Tracking report export as SQL dump does not work bug #4607 Syntax error during db_copy operation bug #4608 SELECT permission issues with relations and restricted access Nov 2014 03:15 security: bug #4574 Blank/white page when JavaScript disabled bug #4577 Multi row actions cause full page reloads bug ReferenceError: targeturl is not defined bug Incorrect text/icon display in Tracking report bug #4404 Recordset return from procedure display nothing bug #4584 Edit dialog for routines is too long for smaller displays bug #4586 Javascript error after moving a column bug #4576 Issue with long comments on table columns bug #4599 Input field unnecessarily selected on focus bug #4602 Exporting selected rows exports all rows of the query bug #4444 No insert statement produced in SQL export for queries with alias bug #4603 Field disabled when internal relations used bug #4596 XSS through exception stack bug #4595 Path traversal can lead to leakage of line count bug #4578 XSS vulnerability in table print view bug #4579 XSS vulnerability in zoom search page bug #4594 Path traversal in file inclusion of GIS factory bug #4598 XSS in multi submit bug #4597 XSS through pma_fontsize cookie Nov 2014 03:15 minor feature: bug ReferenceError: Table_onover is not defined bug #4552 Incorrect routines display for database due to case insensitive checks bug #4259 reCaptcha sound session expired problem bug #4557 PHP fatal error, undefined function __ bug #4568 Date displayed incorrectly when charting a timeline bug #4571 Database Privileges link does not work bug makegrid.js: where_clause is undefined bug #4572 missing trailing slash Oct 2014 03:15 security security: bug #4562 XSS in debug SQL output bug #4563 XSS in monitor query analyzer Oct 2014 03:16 minor feature: bug #4361 Can't change font size bug #4542 Tab key in column name not shown bug PDF export: title not present in PDF bug #4543 Changing column name can break saved "order by" clause bug #4545 trying to favorite table while browser localStorage is disabled throws JS error bug #4259 reCaptcha sound session expired problem bug #4548 Inline editing a field converts tab to spaces bug #4252 Database-level permission bug for db names containing underscores bug #3120 Events are not exported when using xml bug #4554 Grid-editing timestamp column forces datepicker bug #4556 Fast filters for tables, views etc. should be governed by NavigationTreeDisplayItemFilterMinimum Oct 2014 20:11 security: Security: XSS vulnerabilities in table search and table structure pages Sep 2014 03:15 minor feature: bug ajax.js responseHandler: cannot read property of null bug sql.js: str is undefined bug #4524 Allow for direct selection of "0" on the "user overview" page bug #4529 Undefined index: pos bug #4523 tbl_change.js: insert as new row submit type on multiple selected records does not set all AUTO_INCREMENTs to 0 value bug ajax.js responseHandler: another "cannot read property" bug tbl_structure.js "cannot read property" Sep 2014 23:49 security: DOM based XSS that results to a CSRF that creates a ROOT account in certain conditions Aug 2014 23:09 minor bugfix: This bug fix corrects some odd export behavior, an uncaught TypeError, sql.js/server_privileges.js/functions.js property accesses, chart types did not match selected data, ignored AUTO_INCREMENT option and partitioned table in exports, duplicate column names while assigning index, import ODS files with trailing spaces in column names, navigation error in search results. Aug 2014 22:36 security: XSS in table browse page. Self-XSS in enum value editor. Self-XSSes in monitor. Self-XSS in query charts. XSS in view operations page. XSS in relation view.
4.2.731 Jul 2014 18:14 minor bugfix: Broken links on home page. Overlap in navigation panel. Action icons not in horizontal order. s_attention.png is missing. Uncaught TypeError: Cannot call method 'substr' of undefined. PMA 4.2.x and HHVM. mysql_doc_template is not defined.
4.2.619 Jul 2014 19:00 security: Undefined index warning with referenced column. cfg 'MaxExactCount' is ignored when BROWSING is back. Multi Column sorting (improved user experience). Server validation does not work while in setup/mysqli. Undefined variable when grid editing a foreign key column. Undefined variable Error. Sorting breaks the copy column feature. JavaScript error when renaming table. 'New window' link (selflink) disappears, causing JavaScript error. Incorrect detection of privileges for routine creation. First few characters of database name aren't clickable when expanded. XSS injection due to unescaped table comment. XSS injection due to unescaped table name (triggers). XSS in AJAX confirmation messages. Missing validation for accessing User groups feature.
4.2.508 Jul 2014 05:34 minor bugfix: shell_exec() has been disabled for security reasons. Error while submitting empty query. Fatal error: Class 'PMA_DatabaseInterface' not found. Fixed cookie based login for installations without mcrypt. Incorrect result count when having clause is used. Mcrypt: remove the requirement (64-bit) and the related warning.