| Age | Commit message (Collapse) | Author |
|---|
|
The addition of support for PostgreSQL 9.6 and above neglected to change the `Postgres94` class to inherit from `Postgres95` instead of the latest `Postgres` class. This change restores the chain of inheritance, so that `Postgres94` and classes below see overridden methods from `Postgres95` and above.
|
|
There was a non-UTF8 character in Marek Černocký last name. Moreover, he was already listed.
|
|
|
|
|
|
|
|
Based on code and suggestions from @cathysax, ultimately I used the internal
pg_has_role function to test whether a user has ownership rights based on
group membership. I actually check for 'USAGE' rights, since that implies the
role has rights without need to `set role`, which users wouldn't be able to do
with a normal PPA login. Loosely tested back to 9.5.
This fixes https://github.com/phppgadmin/phppgadmin/issues/102
|
|
For version 14, we point to the /devel/ docs, since that version is currently
in dev. I also bumped the fall through to point to v14, arguably we could
instead point to /current/, but any current version will work, so I think
devel is more likely.
|
|
|
|
|
|
|
|
- Replaced .click(function) by .on('click', function)
- Replaced .click() by .trigger('click')
- Replaced .live(event, function) by .on(event, function)
- Replaced $(document).ready(function) by $(function)
- Replaced .bind/.unbind by .on/.off
- Replaced keypress events by keydown events, so that up/down keys get
supported again.
Thanks to the jquery-migrate project.
|
|
Note that the minimized version is not considered "source code".
|
|
.build_tests.php no longer exists: There is no need to exclude it.
|
|
|
|
|
|
This is mostly just refactoring Nirgals patch to use a standard
capability function. I also short-circuited default_with_oid check since it
will always show false in >=PG12, so this saves a round trip. This also adds
a comment in the config file that show oids is no longer supported. This
could lead to a slight difference in running instalations, but since it
does not affect any code/behavior, not going to bump the config version.
|
|
Notes:
- "CREATE TABLE WITHOUT OIDS" continues to work, for now
- "SHOW default_with_oids" continues to work, for now
|
|
|
|
Safe mode disappeared with php 5.4 (September 2015), and version 7.1 or above is required.
https://www.php.net/manual/en/features.safe-mode.php
|
|
|
|
|
|
|
|
|
|
|
|
Generic missing extension messages
|
|
|
|
This fixes https://sourceforge.net/p/phppgadmin/bugs/422/ :
substr truncates on a byte-level, sometimes within a multi-byte character. This resulted in the whole string sometime not being displayed. See the original bug report for a way to reproduce.
Please note that this requires php-mbstring to be installed. This is usually the case, but the dependency should be described in the INSTALL file or something.
|
|
|
|
|
|
|
|
Add php-pgsql as a dependency.
This resolves issue #71
|
|
|
|
In the left tree, in tables and views, when one click on the + of browse, a message like "Erreur lors du chargement display.php?action=tree&return=schema&subject=view&view=test+vue&server=localhost%3A5432%3Aallow&database=bug422&schema=public (200: OK)" is displayed.
These items don't support tree actions, and the tree expansion should be be offered in the first place.
|
|
Update HISTORY and clean up CREDITS file for new release.
|
|
|
|
|
|
Whilst fixing the sequence group viewing bug, noticed that sequence properties
in general would throw an error if you did not have appropriate permissions.
While this is similar to permission denied errors when looking directly at
a sequence, there is other information to be exposed which is accesible
through pg_sequence and pg_sequences. The change implements a method for
determining if a user can access the sequence directly (ie. select * from seq)
and if so, include that information in the output. If not, we null those
columns.
This also fixes cases where last_value information is not visible due to a
sequence not haveing been "read" yet. ie. after sequence creation, or anytime
a sequence is altered, and nextval/setval hasn't been called.
This problem seems to go back to at least postgres 9, so I've mainlined the fix.
It might break on older unsupported versions of postgres; if someone wants to
fix that well... patches welcome.
|
|
While I have implemented this fix against Postgres 12, as far as I can tell,
this bug existed since 7.x, so I'm adding it to all versions back to 7.4
(when we did the class re-org). This could probably use more testing on older
versions though.
Thanks to Carlos Martinez for the bug report and reproducible test case!
|
|
translation error
|
|
"table" and "schema" parameters is vulnerable.
PoC;
payload: </textarea><img src=x onerror=alert('xss_by_@om3rcitak')>
http://localhost/phppgadmin/display.php?subject=table&return=table&table=users&server=localhost:5432:allow&database=omer&schema=</textarea><img src=x onerror=alert('xss_by_@om3rcitak')>
OR
http://localhost/phppgadmin/display.php?subject=table&return=table&table=</textarea><img src=x onerror=alert('xss_by_@om3rcitak')>&server=localhost:5432:allow&database=omer&schema=public
|
|
Fix based on patches from @nirgal and @LuckySB
Reported at:
https://sourceforge.net/p/phppgadmin/bugs/448/
https://bugs.debian.org/762378
https://github.com/phppgadmin/phppgadmin/pull/27
https://github.com/phppgadmin/phppgadmin/pull/30
|
|
chmod -x all php files without a #!
chmod +x those with one.
|
|
window functions, breaking functions, aggregates, and object look-up within
PPA. This commit fixes all three of these areas. In theory we should probably
add some display bits to help users differentiate between these different
types in the UI, but this at least makes the system work again.
Thanks to @decodeJarvis who initially reported the problem and provided a
proposed fix (see PR#24 on the xzilla repo). Since we needed a more
comprehensive fix, I didn't use the code, but his patch was useful for getting
started.
|
|
|
|
|
|
|
|
|
|
Fix deprecation warning with printCombo
|
|
called statically
|
|
sync upstream back to dev repo
|
