New upstream version 4.6.6

Author: nijel

ChangeLog

@@ -1,6 +1,53 @@
 phpMyAdmin - ChangeLog
 ======================
 
+4.6.6 (2017-01-23)
+- issue #12759 Fix Notice regarding 'Undefined index: old_usergroup'
+- issue #12760 Fix Notice regarding 'Undefined index: users'
+- issue #12762 Fixed parsing of SQL with BINARY function
+- issue #12588 ReCaptcha now works without allow_url_fopen
+- issue #12699 Show no local storage warning only on settings tab
+- issue #12778 Syntax Error in Adding/Changing TIMESTAMP columns with default value as NULL
+- issue #12769 Edit/Export links are not clickable under Routines tab
+- issue #12757 Fixed creating new user with older MariaDB
+- issue #12784 Remove ctype installation suggestion
+- issue #12780 Format button replaces all text with blank spaces
+- issue #12786 Fixed database searching
+- issue #12792 Fixed javascript error on new version link
+- issue #12785 Add information about required and suggested extensions to composer.json
+- issue #12801 Custom header shown twice with cookie login form
+- issue #12802 Custom footer not shown with auth_type http login failure
+- issue #12434 Improve documentation for servers running with Suhosin
+- issue #12800 Updated embedded phpSecLib to 2.0.4
+- issue #12800 Fixed various issues with PHP 7.1
+- issue #11816 Fixed operation with lower_case_table_names=2
+- issue #12813 Fixed stored procedure execution
+- issue #12826 Honor user configured connection collation
+- issue #12293 Correctly report OpenSSL errors from cookie encryption
+- issue #12814 DateTime won't allow to input length in Routine editor
+- issue #12840 Fix Notice regarding 'Undefined index: row_format' when altering table options
+- issue #12841 Fixed moving of columns with whitespace in name
+- issue #12847 Fixed editing of virtual columns
+- issue #12859 Changed WHERE condition to 0 instead of 1 for SQL query window to avoid accidents
+- issue #12872 Use same query for display and execution when dropping index
+- issue #12868 Fix check for user groups freatures being enabled
+- issue #12876 Fix notices and warning related to dbs_to_test global
+- issue #12831 Fix table formatting on Insert tab, which mostly affected row highlighting
+- issue #12495 Reintroduced phpinfo page with limited capabilities
+- issue #12861 Fix renaming tables with lower_case_table_names=2
+- issue #12876 Fix possible PHP error in navigation
+- issue #12881 Fix database search with newer php-gettext
+- issue #12894 Fix linter error on unterminated variable name
+- issue #12732 Fixed filtering for active processes
+- issue        [security] Multiple vulnerabilities in setup script, see PMASA-2016-44.
+- issue        [security] Open redirect, see PMASA-2017-1.
+- issue        [security] php-gettext code execution, see PMASA-2017-2.
+- issue        [security] DOS vulnerabiltiy in table editing, see PMASA-2017-3.
+- issue        [security] CSS injection in themes, see PMASA-2017-4.
+- issue        [security] Cookie attribute injection attack, see PMASA-2017-5.
+- issue        [security] SSRF in replication, see PMASA-2017-6.
+- issue        [security] DOS in replication status, see PMASA-2017-7.
+
 4.6.5.2 (2016-12-05)
 - issue #12765 Fixed SQL export with newlines
 
@@ -138,7 +185,6 @@ phpMyAdmin - ChangeLog
 - issue        [security] Verify data before unserializing, see PMASA-2016-43
 - issue        [security] Use HTTPS for wiki links
 - issue        Remove Swekey support
-- issue        [security] SSRF in setup script, see PMASA-2016-44
 - issue        [security] Denial-of-service attack with $cfg['AllowArbitraryServer'] = true and persistent connections, see PMASA-2016-45
 - issue        [security] Improve SSL certificate handling
 - issue        [security] Fix full path disclosure in debugging code

README

@@ -1,7 +1,7 @@
 phpMyAdmin - Readme
 ===================
 
-Version 4.6.5.2
+Version 4.6.6
 
 A web interface for MySQL and MariaDB.
 

RELEASE-DATE-4.6.5.2

@@ -0,0 +1 @@
+Mon Jan 23 19:19:54 UTC 2017

RELEASE-DATE-4.6.6

@@ -21,7 +21,21 @@
     },
     "non-feature-branches": ["RELEASE_.*"],
     "require": {
-        "php": ">=5.5.0"
+        "php": ">=5.5.0",
+        "ext-mbstring": "*",
+        "ext-mysqli": "*",
+        "ext-xml": "*",
+        "ext-pcre": "*",
+        "ext-json": "*"
+    },
+    "suggest": {
+        "ext-openssl": "Cookie encryption",
+        "ext-curl": "Updates checking",
+        "ext-opcache": "Better performance",
+        "ext-zlib": "For gz import and export",
+        "ext-bz2": "For bzip2 import and export",
+        "ext-zip": "For zip import and export",
+        "ext-gd2": "For image transformations"
     },
     "require-dev": {
         "satooshi/php-coveralls": "~0.6",

composer.json

@@ -51,7 +51,7 @@
 # built documents.
 #
 # The short X.Y version.
-version = '4.6.5.2'
+version = '4.6.6'
 # The full version, including alpha/beta/rc tags.
 release = version
 

doc/conf.py

@@ -692,7 +692,7 @@ Server connection settings
         For auto-upgrade functionality to work, your
         ``$cfg['Servers'][$i]['controluser']`` must have ALTER privilege on
         ``phpmyadmin`` database. See the `MySQL documentation for GRANT
-        <https://dev.mysql.com/doc/mysql/en/grant.html>`_ on how to
+        <https://dev.mysql.com/doc/refman/5.7/en/grant.html>`_ on how to
         ``GRANT`` privileges to a user.
 
 .. _history:
@@ -1577,7 +1577,7 @@ Cookie authentication options
     :default: ``''``
 
     The public key for the reCaptcha service that can be obtained from
-    https://www.google.com/recaptcha.
+    https://www.google.com/recaptcha/intro/.
 
     reCaptcha will be then used in :ref:`cookie`.
 
@@ -1587,7 +1587,7 @@ Cookie authentication options
     :default: ``''``
 
     The private key for the reCaptcha service that can be obtain from
-    https://www.google.com/recaptcha.
+    https://www.google.com/recaptcha/intro/.
 
     reCaptcha will be then used in :ref:`cookie`.
 
@@ -1850,6 +1850,11 @@ Main panel
     You can additionally hide more information by using
     :config:option:`$cfg['Servers'][$i]['verbose']`.
 
+.. config:option:: $cfg['ShowPhpInfo']
+
+    :type: boolean
+    :default: false
+
 .. config:option:: $cfg['ShowChgPassword']
 
     :type: boolean
@@ -1860,11 +1865,26 @@ Main panel
     :type: boolean
     :default: true
 
-    Defines whether to display the 
+    Defines whether to display the :guilabel:`PHP information` and
     :guilabel:`Change password` links and form for creating database or not at
     the starting main (right) frame. This setting does not check MySQL commands
     entered directly.
 
+    Please note that to block the usage of ``phpinfo()`` in scripts, you have to
+    put this in your :file:`php.ini`:
+
+    .. code-block:: ini
+
+        disable_functions = phpinfo()
+
+    .. warning::
+
+        Enabling phpinfo page will leak quite a lot of information about server
+        setup. Is it not recommended to enable this on shared installations.
+
+        This might also make easier some remote attacks on your installations,
+        so enable this only when needed.
+
     Also note that enabling the :guilabel:`Change password` link has no effect
     with config authentication mode: because of the hard coded password value
     in the configuration file, end users can't be allowed to change their
@@ -2224,11 +2244,11 @@ Languages
 .. config:option:: $cfg['DefaultConnectionCollation']
 
     :type: string
-    :default: ``'utf8_general_ci'``
+    :default: ``'utf8mb4_general_ci'``
 
     Defines the default connection collation to use, if not user-defined.
     See the `MySQL documentation for charsets
-    <https://dev.mysql.com/doc/mysql/en/charset-charsets.html>`_
+    <https://dev.mysql.com/doc/refman/5.7/en/charset-charsets.html>`_
     for list of possible values.
 
 .. config:option:: $cfg['Lang']
@@ -2927,7 +2947,7 @@ Developer
     :default: false
 
     Enable to let server present itself as demo server.
-    This is used for <https://demo.phpmyadmin.net/>.
+    This is used for `phpMyAdmin demo server <https://www.phpmyadmin.net/try/>`_.
 
 
 Examples

doc/config.rst

@@ -182,8 +182,8 @@ Credits, in chronological order
 
   * :term:`PDF` schema output, thanks also to
     Olivier Plathey for the "FPDF" library (see <http://www.fpdf.org/>), Steven
-    Wittens for the "UFPDF" library and
-    Nicola Asuni for the "TCPDF" library (see <https://tcpdf.org/>).
+    Wittens for the "UFPDF" library (see <https://acko.net/blog/ufpdf-unicode-utf-8-extension-for-fpdf/>) and
+    Nicola Asuni for the "TCPDF" library (see <https://www.tcpdf.org/>).
 
 * Olof Edlund <olof.edlund\_at\_upright.se>