Hello community, here is the log from the commit of package adminer for openSUSE:Factory checked in at 2016-06-07 23:46:49 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/adminer (Old) and /work/SRC/openSUSE:Factory/.adminer.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "adminer" Changes: -------- --- /work/SRC/openSUSE:Factory/adminer/adminer.changes 2016-03-07 13:23:30.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.adminer.new/adminer.changes 2016-06-07 23:46:51.000000000 +0200 @@ -1,0 +2,11 @@ +Wed Jun 01 21:15:28 UTC 2016 - jimmy@boombatower.com + +- Update to version v4.2.5: + + Fix http:// links in stylesheets to protocol-independent ones (//) + + improved kill command support for MySQL and initial support for PgSQL + + Remove global variable + + Fix remote execution in SQLite query (thanks to Vincent Waart) + + SQLite: Require credentials to use (thanks to Vincent Waart) + + Release 4.2.5 + +------------------------------------------------------------------- Old: ---- adminer-v4.2.4.tar.xz New: ---- adminer-v4.2.5.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ adminer.spec ++++++ --- /var/tmp/diff_new_pack.m523jS/_old 2016-06-07 23:46:52.000000000 +0200 +++ /var/tmp/diff_new_pack.m523jS/_new 2016-06-07 23:46:52.000000000 +0200 @@ -20,7 +20,7 @@ # pending php5-pear-Horde_Mongo package submission to Factory %bcond_with mongodb Name: adminer -Version: 4.2.4 +Version: 4.2.5 Release: 0 Summary: Database management in a single PHP file License: GPL-2.0 or Apache-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.m523jS/_old 2016-06-07 23:46:52.000000000 +0200 +++ /var/tmp/diff_new_pack.m523jS/_new 2016-06-07 23:46:52.000000000 +0200 @@ -1,7 +1,7 @@ <services> <service name="tar_scm" mode="disabled"> <param name="versionformat">@PARENT_TAG@</param> - <param name="revision">refs/tags/v4.2.4</param> + <param name="revision">refs/tags/v4.2.5</param> <param name="url">https://github.com/vrana/adminer.git</param> <param name="scm">git</param> <param name="changesgenerate">enable</param> ++++++ _servicedata ++++++ --- /var/tmp/diff_new_pack.m523jS/_old 2016-06-07 23:46:52.000000000 +0200 +++ /var/tmp/diff_new_pack.m523jS/_new 2016-06-07 23:46:52.000000000 +0200 @@ -1,6 +1,6 @@ <servicedata> <service name="tar_scm"> <param name="url">https://github.com/vrana/adminer.git</param> - <param name="changesrevision">49e2ac4559f0027c64f0f413ad02a56bdfc70fa6</param> + <param name="changesrevision">53dfafd2ea80e318eded7937252d0c1d9b7a2c93</param> </service> </servicedata> ++++++ adminer-v4.2.4.tar.xz -> adminer-v4.2.5.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/adminer/drivers/mysql.inc.php new/adminer-v4.2.5/adminer/drivers/mysql.inc.php --- old/adminer-v4.2.4/adminer/drivers/mysql.inc.php 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/adminer/drivers/mysql.inc.php 2016-06-01 23:15:22.000000000 +0200 @@ -1015,6 +1015,15 @@ return !preg_match("~scheme|sequence|type|view_trigger" . ($connection->server_info < 5.1 ? "|event|partitioning" . ($connection->server_info < 5 ? "|routine|trigger|view" : "") : "") . "~", $feature); } + function kill_process($val) { + return queries("KILL " . number($val)); + } + + function max_connections() { + global $connection; + return $connection->result("SELECT @@max_connections"); + } + $jush = "sql"; ///< @var string JUSH identifier $types = array(); ///< @var array ($type => $maximum_unsigned_length, ...) $structured_types = array(); ///< @var array ($description => array($type, ...), ...) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/adminer/drivers/pgsql.inc.php new/adminer-v4.2.5/adminer/drivers/pgsql.inc.php --- old/adminer-v4.2.4/adminer/drivers/pgsql.inc.php 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/adminer/drivers/pgsql.inc.php 2016-06-01 23:15:22.000000000 +0200 @@ -631,7 +631,16 @@ function support($feature) { global $connection; - return preg_match('~^(database|table|columns|sql|indexes|comment|view|' . ($connection->server_info >= 9.3 ? 'materializedview|' : '') . 'scheme|processlist|sequence|trigger|type|variables|drop_col)$~', $feature); //! routine| + return preg_match('~^(database|table|columns|sql|indexes|comment|view|' . ($connection->server_info >= 9.3 ? 'materializedview|' : '') . 'scheme|processlist|sequence|trigger|type|variables|drop_col|kill)$~', $feature); //! routine| + } + + function kill_process($val) { + return queries("SELECT pg_terminate_backend(" . number($val).")"); + } + + function max_connections() { + global $connection; + return $connection->result("SHOW max_connections"); } $jush = "pgsql"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/adminer/include/adminer.inc.php new/adminer-v4.2.5/adminer/include/adminer.inc.php --- old/adminer-v4.2.4/adminer/include/adminer.inc.php 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/adminer/include/adminer.inc.php 2016-06-01 23:15:22.000000000 +0200 @@ -88,16 +88,14 @@ global $drivers; ?> <table cellspacing="0"> -<tr><th><?php echo lang('System'); ?><td><?php echo html_select("auth[driver]", $drivers, DRIVER, "loginDriver(this);"); ?> +<tr><th><?php echo lang('System'); ?><td><?php echo html_select("auth[driver]", $drivers, DRIVER); ?> <tr><th><?php echo lang('Server'); ?><td><input name="auth[server]" value="<?php echo h(SERVER); ?>" title="hostname[:port]" placeholder="localhost" autocapitalize="off"> <tr><th><?php echo lang('Username'); ?><td> <tr><th><?php echo lang('Password'); ?><td><input type="password" name="auth[password]"> <tr><th><?php echo lang('Database'); ?><td> </table> <script type="text/javascript"> -var username = document.getElementById('username'); -focus(username); -username.form['auth[driver]'].onchange(); +focus(document.getElementById('username')); </script> <?php echo "<p><input type='submit' value='" . lang('Login') . "'>\n"; @@ -107,9 +105,13 @@ /** Authorize the user * @param string * @param string - * @return bool + * @return mixed true for success, string for error message, false for unknown error */ function login($login, $password) { + global $jush; + if ($jush == "sqlite") { + return lang('Implement %s method to use SQLite.', 'login()'); + } return true; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/adminer/include/auth.inc.php new/adminer-v4.2.5/adminer/include/auth.inc.php --- old/adminer-v4.2.4/adminer/include/auth.inc.php 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/adminer/include/auth.inc.php 2016-06-01 23:15:22.000000000 +0200 @@ -167,8 +167,8 @@ $driver = new Min_Driver($connection); -if (!is_object($connection) || !$adminer->login($_GET["username"], get_password())) { - auth_error((is_string($connection) ? $connection : lang('Invalid credentials.'))); +if (!is_object($connection) || ($login = $adminer->login($_GET["username"], get_password())) !== true) { + auth_error((is_string($connection) ? $connection : (is_string($login) ? $login : lang('Invalid credentials.')))); } if ($auth && $_POST["token"]) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/adminer/include/version.inc.php new/adminer-v4.2.5/adminer/include/version.inc.php --- old/adminer-v4.2.4/adminer/include/version.inc.php 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/adminer/include/version.inc.php 2016-06-01 23:15:22.000000000 +0200 @@ -1,2 +1,2 @@ <?php -$VERSION = "4.2.4"; +$VERSION = "4.2.5"; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/adminer/lang/cs.inc.php new/adminer-v4.2.5/adminer/lang/cs.inc.php --- old/adminer-v4.2.4/adminer/lang/cs.inc.php 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/adminer/lang/cs.inc.php 2016-06-01 23:15:22.000000000 +0200 @@ -11,6 +11,7 @@ 'Logged as: %s' => 'Přihlášen jako: %s', 'Logout successful.' => 'Odhlášení proběhlo v pořádku.', 'Invalid credentials.' => 'Neplatné přihlašovací údaje.', + 'Implement %s method to use SQLite.' => 'Pro přihlášení k SQLite implementujte metodu %s.', 'Too many unsuccessful logins, try again in %d minute(s).' => array('Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minutu.', 'Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minuty.', 'Příliš mnoho pokusů o přihlášení, zkuste to znovu za %d minut.'), 'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Platnost hlavního hesla vypršela. <a href="https://www.adminer.org/cs/extension/" target="_blank">Implementujte</a> metodu %s, aby platilo stále.', 'Language' => 'Jazyk', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/adminer/lang/xx.inc.php new/adminer-v4.2.5/adminer/lang/xx.inc.php --- old/adminer-v4.2.4/adminer/lang/xx.inc.php 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/adminer/lang/xx.inc.php 2016-06-01 23:15:22.000000000 +0200 @@ -11,6 +11,7 @@ 'Logged as: %s' => 'Xx', 'Logout successful.' => 'Xx.', 'Invalid credentials.' => 'Xx.', + 'Implement %s method to use SQLite.' => 'Xx.', 'Too many unsuccessful logins, try again in %d minute(s).' => array('Xx.', 'Xx.'), 'Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.' => 'Xx.', 'Language' => 'Xx', diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/adminer/processlist.inc.php new/adminer-v4.2.5/adminer/processlist.inc.php --- old/adminer-v4.2.4/adminer/processlist.inc.php 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/adminer/processlist.inc.php 2016-06-01 23:15:22.000000000 +0200 @@ -2,7 +2,7 @@ if (support("kill") && $_POST && !$error) { $killed = 0; foreach ((array) $_POST["kill"] as $val) { - if (queries("KILL " . number($val))) { + if (kill_process($val)) { $killed++; } } @@ -30,8 +30,7 @@ } echo "</thead>\n"; } - - echo "<tr" . odd() . ">" . (support("kill") ? "<td>" . checkbox("kill[]", $row["Id"], 0) : ""); + echo "<tr" . odd() . ">" . (support("kill") ? "<td>" . checkbox("kill[]", $row[$jush == "sql" ? "Id" : "pid"], 0) : ""); foreach ($row as $key => $val) { echo "<td>" . ( ($jush == "sql" && $key == "Info" && preg_match("~Query|Killed~", $row["Command"]) && $val != "") || @@ -49,7 +48,7 @@ <p> <?php if (support("kill")) { - echo ($i + 1) . "/" . lang('%d in total', $connection->result("SELECT @@max_connections")); + echo ($i + 1) . "/" . lang('%d in total', max_connections()); echo "<p><input type='submit' value='" . lang('Kill') . "'>\n"; } ?> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/adminer/sql.inc.php new/adminer-v4.2.5/adminer/sql.inc.php --- old/adminer-v4.2.4/adminer/sql.inc.php 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/adminer/sql.inc.php 2016-06-01 23:15:22.000000000 +0200 @@ -45,7 +45,7 @@ } } - $space = "(?:\\s|/\\*.*\\*/|(?:#|-- )[^\n]*\n|--\r?\n)"; + $space = "(?:\\s|/\\*[\s\S]*?\\*/|(?:#|-- )[^\n]*\n?|--\r?\n)"; $delimiter = ";"; $offset = 0; $empty = true; @@ -62,7 +62,7 @@ unset($dump_format["sql"]); while ($query != "") { - if (!$offset && preg_match("~^$space*DELIMITER\\s+(\\S+)~i", $query, $match)) { + if (!$offset && preg_match("~^$space*+DELIMITER\\s+(\\S+)~i", $query, $match)) { $delimiter = $match[1]; $query = substr($query, strlen($match[0])); } else { @@ -94,7 +94,7 @@ $q = substr($query, 0, $pos); $commands++; $print = "<pre id='sql-$commands'><code class='jush-$jush'>" . shorten_utf8(trim($q), 1000) . "</code></pre>\n"; - if ($jush == "sqlite" && preg_match("~^$space*ATTACH\b~i", $q, $match)) { + if ($jush == "sqlite" && preg_match("~^$space*+ATTACH\\b~i", $q, $match)) { // PHP doesn't support setting SQLITE_LIMIT_ATTACHED echo $print; echo "<p class='error'>" . lang('ATTACH queries are not supported.') . "\n"; @@ -110,7 +110,7 @@ } $start = microtime(true); //! don't allow changing of character_set_results, convert encoding of displayed query - if ($connection->multi_query($q) && is_object($connection2) && preg_match("~^$space*USE\\b~isU", $q)) { + if ($connection->multi_query($q) && is_object($connection2) && preg_match("~^$space*+USE\\b~i", $q)) { $connection2->query($q); } @@ -143,7 +143,7 @@ . "<input type='hidden' name='query' value='" . h($q) . "'>" . " <input type='hidden' name='token' value='$token'></span>\n" ; - if ($connection2 && preg_match("~^($space|\\()*SELECT\\b~isU", $q) && ($explain = explain($connection2, $q))) { + if ($connection2 && preg_match("~^($space|\\()*+SELECT\\b~i", $q) && ($explain = explain($connection2, $q))) { $id = "explain-$commands"; echo ", EXPLAIN</a>$export"; echo "<div id='$id' class='hidden'>\n"; @@ -156,7 +156,7 @@ } } else { - if (preg_match("~^$space*(CREATE|DROP|ALTER)$space+(DATABASE|SCHEMA)\\b~isU", $q)) { + if (preg_match("~^$space*+(CREATE|DROP|ALTER)$space++(DATABASE|SCHEMA)\\b~i", $q)) { restart_session(); set_session("dbs", null); // clear cache stop_session(); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/adminer/static/editing.js new/adminer-v4.2.5/adminer/static/editing.js --- old/adminer-v4.2.4/adminer/static/editing.js 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/adminer/static/editing.js 2016-06-01 23:15:22.000000000 +0200 @@ -60,18 +60,6 @@ } } -/** Hide or show some login rows for selected driver -* @param HTMLSelectElement -*/ -function loginDriver(driver) { - var trs = parentTag(driver, 'table').rows; - for (var i=1; i < trs.length - 1; i++) { - var disabled = /sqlite/.test(driver.value); - alterClass(trs[i], 'hidden', disabled); - trs[i].getElementsByTagName('input')[0].disabled = disabled; - } -} - var dbCtrl; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/changes.txt new/adminer-v4.2.5/changes.txt --- old/adminer-v4.2.4/changes.txt 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/changes.txt 2016-06-01 23:15:22.000000000 +0200 @@ -1,3 +1,8 @@ +Adminer 4.2.5 (released 2016-06-01): +Fix remote execution in SQLite query +SQLite: Require credentials to use +PostgreSQL: Support KILL + Adminer 4.2.4 (released 2016-02-06): Fix remote execution in SQLite query MySQL: Support PHP 7 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/designs/brade/adminer.css new/adminer-v4.2.5/designs/brade/adminer.css --- old/adminer-v4.2.4/designs/brade/adminer.css 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/designs/brade/adminer.css 2016-06-01 23:15:22.000000000 +0200 @@ -45,7 +45,7 @@ #menu a{color:#333;margin-right:4px} #menu a:hover{background:#333;color:#fff;border-color:#333} #menu a.h1,#menu a.h1:hover{display:block;height:0;width:175px;padding:40px 0 0 0;overflow:hidden;float:left;border:0;margin:0; -outline:0;background:url(http://www.bradezone.com/random/adminer_logo.gif) no-repeat;line-height:32px} +outline:0;background:url(//www.bradezone.com/random/adminer_logo.gif) no-repeat;line-height:32px} #menu p{white-space:nowrap;border:0;padding:0 0 4px 0;margin:0 0 4px 0} #breadcrumb{background:#333;color:#fff;position:fixed;top:0;left:320px;width:100%;line-height:40px;padding:0;z-index:1;margin:0} #breadcrumb a{color:#ff9} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/designs/galkaev/adminer.css new/adminer-v4.2.5/designs/galkaev/adminer.css --- old/adminer-v4.2.4/designs/galkaev/adminer.css 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/designs/galkaev/adminer.css 2016-06-01 23:15:22.000000000 +0200 @@ -1,6 +1,6 @@ /** theme "easy on the eyes" for Adminer by p.galkaev@miraidenshi-tech.jp */ -@import url(http://fonts.googleapis.com/css?family=Source+Sans+Pro:400,900); +@import url(//fonts.googleapis.com/css?family=Source+Sans+Pro:400,900); /* reset ----------------------------------------------------------------------- */ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/designs/nicu/adminer.css new/adminer-v4.2.5/designs/nicu/adminer.css --- old/adminer-v4.2.4/designs/nicu/adminer.css 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/designs/nicu/adminer.css 2016-06-01 23:15:22.000000000 +0200 @@ -1,5 +1,5 @@ /* CSS by Nicu I. - www.nicu.me */ -@import url('http://fonts.googleapis.com/css?family=Roboto:400,700,300'); +@import url('//fonts.googleapis.com/css?family=Roboto:400,700,300'); body { font: 16px/1.25 'Roboto', Verdana, Arial, Helvetica, sans-serif; margin: 0; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/adminer-v4.2.4/designs/pokorny/adminer.css new/adminer-v4.2.5/designs/pokorny/adminer.css --- old/adminer-v4.2.4/designs/pokorny/adminer.css 2016-02-19 02:36:11.000000000 +0100 +++ new/adminer-v4.2.5/designs/pokorny/adminer.css 2016-06-01 23:15:22.000000000 +0200 @@ -6,8 +6,8 @@ */ /*** Fonts ***/ -@import url(http://fonts.googleapis.com/css?family=Ubuntu:300&subset=latin,latin-ext); -@import url(http://fonts.googleapis.com/css?family=Ubuntu+Mono&subset=latin,latin-ext); +@import url(//fonts.googleapis.com/css?family=Ubuntu:300&subset=latin,latin-ext); +@import url(//fonts.googleapis.com/css?family=Ubuntu+Mono&subset=latin,latin-ext); * { font-family: 'Ubuntu', sans-serif }