Merge branch 'QA_5_1'

Signed-off-by: William Desportes <williamdes@wdes.fr>

ChangeLog

@@ -23,6 +23,8 @@ phpMyAdmin - ChangeLog
 - issue #16713 Add a legacy fallback for the old config value of "$cfg['DefaultTabDatabase']" and others
 - issue #16698 Fix relative fallback URL to './' instead of '/'
 - issue        Fixed Yaml export to quote strings even when they are numeric
+- issue #16704 Fixed PHP type errors on the substring transformation
+- issue #14026 Fixed error messages and conditions for MD5 and AES_* functions
 
 5.1.0 (2021-02-24)
 - issue #15350 Change Media (MIME) type references to Media type

composer.json

@@ -92,7 +92,7 @@
         "symfony/finder": "^5.2.3",
         "symfony/twig-bridge": "^5.2.3",
         "tecnickcom/tcpdf": "dev-main#456b794f1fae9aee5c151a1ee515aae2aaa619a3",
-        "vimeo/psalm": "^4.6.1"
+        "vimeo/psalm": "^4.6.2"
     },
     "extra": {
         "branch-alias": {

doc/transformations.rst

@@ -5,33 +5,39 @@ Transformations
 
 .. note::
 
-    You need to have configured the :ref:`linked-tables` for using transformations
+    You need to have configured the :ref:`linked-tables` to use the transformations
     feature.
 
 .. _transformationsintro:
 
 Introduction
 ++++++++++++
 
-To enable transformations, you have to setup the ``column_info``
+To enable transformations, you have to set up the ``column_info``
 table and the proper directives. Please see the :ref:`config` on how to do so.
 
+phpMyAdmin has two different types of transformations: browser display
+transformations, which affect only how the data is shown when browsing
+through phpMyAdmin; and input transformations, which affect a value
+prior to being inserted through phpMyAdmin.
 You can apply different transformations to the contents of each
-column. The transformation will take the content of each column and
-transform it with certain rules defined in the selected
-transformation.
+column. Each transformation has options to define how it will affect the
+stored data.
 
-Say you have a column 'filename' which contains a filename. Normally
-you would see in phpMyAdmin only this filename. Using transformations
+Say you have a column ``filename`` which contains a filename. Normally
+you would see in phpMyAdmin only this filename. Using display transformations
 you can transform that filename into a HTML link, so you can click
 inside of the phpMyAdmin structure on the column's link and will see
 the file displayed in a new browser window. Using transformation
 options you can also specify strings to append/prepend to a string or
 the format you want the output stored in.
 
 For a general overview of all available transformations and their
-options, you can consult your *<www.your-host.com>/<your-install-
-dir>/transformation\_overview.php* installation.
+options, you can either go to the ``Change`` link for an existing column
+or from the dialog to create a new column, in either case there is a link
+on that column structure page for "Browser display transformation" and
+"Input transformation" which will show more information about each
+transformation that is available on your system.
 
 For a tutorial on how to effectively use transformations, see our
 `Link section <https://www.phpmyadmin.net/docs/>`_ on the
@@ -42,16 +48,16 @@ official phpMyAdmin homepage.
 Usage
 +++++
 
-Go to your *tbl\_structure.php* page (i.e. reached through clicking on
-the 'Structure' link for a table). There click on "Change" (or change
-icon) and there you will see three new fields at the end of the line.
+Go to the table structure page (reached by clicking on
+the 'Structure' link for a table). There click on "Change" (or the change
+icon) and there you will see the five transformation--related fields at the end of the line.
 They are called ':term:`Media type`', 'Browser transformation' and
 'Transformation options'.
 
 * The field ':term:`Media type`' is a drop-down field. Select the :term:`Media type` that
-  corresponds to the column's contents. Please note that transformations
-  are inactive as long as no :term:`Media type` is selected.
-* The field 'Browser transformation' is a drop-down field. You can
+  corresponds to the column's contents. Please note that many transformations
+  are inactive until a :term:`Media type` is selected.
+* The field 'Browser display transformation' is a drop-down field. You can
   choose from a hopefully growing amount of pre-defined transformations.
   See below for information on how to build your own transformation.
   There are global transformations and mimetype-bound transformations.
@@ -64,7 +70,7 @@ They are called ':term:`Media type`', 'Browser transformation' and
   transformations on mimetypes for which the function was not defined
   for. There is no security check for you selected the right
   transformation, so take care of what the output will be like.
-* The field 'Transformation options' is a free-type textfield. You have
+* The field 'Browser display transformation options' is a free-type textfield. You have
   to enter transform-function specific options here. Usually the
   transforms can operate with default options, but it is generally a
   good idea to look up the overview to see which options are necessary.
@@ -80,27 +86,36 @@ They are called ':term:`Media type`', 'Browser transformation' and
   set, enter "'first parameter','second parameter','charset=us-ascii'".
   You can, however use the defaults for the parameters: "'','','charset
   =us-ascii'". The default options can be configured using
-  :config:option:`$cfg['DefaultTransformations']`
+  :config:option:`$cfg['DefaultTransformations']`.
+* 'Input transformation' is another drop-down menu that corresponds exactly
+  with the instructions above for "Browser display transformation" except
+  these these affect the data before insertion in to the database. These are
+  most commonly used to either provide a specialized editor (for example, using
+  the phpMyAdmin SQL editor interface) or selector (such as for uploading an image).
+  It's also possible to manipulate the data such as converting an IPv4 address to binary
+  or parsing it through a regular expression.
+* Finally, 'Input transformation options' is the equivalent of the "Browser display
+  transformation options" section above and is where optional and required parameters are entered.
 
 .. _transformationsfiles:
 
 File structure
 ++++++++++++++
 
 All specific transformations for mimetypes are defined through class
-files in the directory 'libraries/classes/Plugins/Transformations/'. Each of
+files in the directory :file:`libraries/classes/Plugins/Transformations/`. Each of
 them extends a certain transformation abstract class declared in
-libraries/classes/Plugins/Transformations/Abs.
+:file:`libraries/classes/Plugins/Transformations/Abs`.
 
-They are stored in files to ease up customization and easy adding of
-new transformations.
+They are stored in files to ease customization and to allow easy adding of
+new or custom transformations.
 
-Because the user cannot enter own mimetypes, it is kept sure that
-transformations always work. It makes no sense to apply a
+Because the user cannot enter their own mimetypes, it is kept certain that
+the transformations will always work. It makes no sense to apply a
 transformation to a mimetype the transform-function doesn't know to
 handle.
 
-There is a file called ':file:`libraries/classes/Plugins/Transformations.php`' that provides some
+There is a file called :file:`libraries/classes/Plugins/Transformations.php` that provides some
 basic functions which can be included by any other transform function.
 
 The file name convention is ``[Mimetype]_[Subtype]_[Transformation

js/src/table/change.js

@@ -293,11 +293,24 @@ function verificationsAfterFieldChange (urlField, multiEdit, theType) {
         $('#salt_' + target.id).remove();
     }
 
-    if (target.value === 'AES_DECRYPT'
-            || target.value === 'AES_ENCRYPT'
-            || target.value === 'MD5') {
+    // Remove possible blocking rules if the user changed functions
+    $('#' + target.id).rules('remove', 'validationFunctionForMd5');
+    $('#' + target.id).rules('remove', 'validationFunctionForAesDesEncrypt');
+
+    if (target.value === 'MD5') {
         $('#' + target.id).rules('add', {
-            validationFunctionForFuns: {
+            validationFunctionForMd5: {
+                param: $thisInput,
+                depends: function () {
+                    return checkForCheckbox(multiEdit);
+                }
+            }
+        });
+    }
+
+    if (target.value === 'DES_ENCRYPT' || target.value === 'AES_ENCRYPT') {
+        $('#' + target.id).rules('add', {
+            validationFunctionForAesDesEncrypt: {
                 param: $thisInput,
                 depends: function () {
                     return checkForCheckbox(multiEdit);
@@ -422,16 +435,27 @@ AJAX.registerOnload('table/change.js', function () {
             return value.match(/^[a-f0-9]*$/i) !== null;
         });
 
-        jQuery.validator.addMethod('validationFunctionForFuns', function (value, element, options) {
-            if (value.substring(0, 3) === 'AES' && options.data('type') !== 'HEX') {
-                return false;
-            }
-
+        jQuery.validator.addMethod('validationFunctionForMd5', function (value, element, options) {
             return !(value.substring(0, 3) === 'MD5' &&
                 typeof options.data('maxlength') !== 'undefined' &&
                 options.data('maxlength') < 32);
         });
 
+        jQuery.validator.addMethod('validationFunctionForAesDesEncrypt', function (value, element, options) {
+            var funType = value.substring(0, 3);
+            if (funType !== 'AES' && funType !== 'DES') {
+                return false;
+            }
+
+            var dataType = options.data('type');
+
+            if (dataType === 'HEX' || dataType === 'CHAR') {
+                return true;
+            }
+
+            return false;
+        });
+
         jQuery.validator.addMethod('validationFunctionForDateTime', function (value, element, options) {
             var dtValue = value;
             var theType = options;

libraries/classes/Controllers/Server/Status/VariablesController.php

@@ -549,7 +549,7 @@ private function getDescriptions(): array
             ),
             'Opened_tables' => __(
                 'The number of tables that have been opened. If opened tables is'
-                . ' big, your table cache value is probably too small.'
+                . ' big, your table_open_cache value is probably too small.'
             ),
             'Open_files' => __(
                 'The number of files that are open.'

libraries/classes/Core.php

@@ -10,7 +10,10 @@
 namespace PhpMyAdmin;
 
 use PhpMyAdmin\Plugins\AuthenticationPlugin;
+use Symfony\Component\Config\FileLocator;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\ContainerInterface;
+use Symfony\Component\DependencyInjection\Loader\PhpFileLoader;
 
 use function array_keys;
 use function array_pop;
@@ -1446,4 +1449,16 @@ public static function connectToDatabaseServer(DatabaseInterface $dbi, Authentic
          */
         $dbi->connect(DatabaseInterface::CONNECT_USER, null, DatabaseInterface::CONNECT_CONTROL);
     }
+
+    /**
+     * Get the container builder
+     */
+    public static function getContainerBuilder(): ContainerBuilder
+    {
+        $containerBuilder = new ContainerBuilder();
+        $loader = new PhpFileLoader($containerBuilder, new FileLocator(ROOT_PATH . 'libraries'));
+        $loader->load('services_loader.php');
+
+        return $containerBuilder;
+    }
 }

libraries/classes/InsertEdit.php

@@ -2667,11 +2667,13 @@ public function transformEditedValues(
     ) {
         $include_file = 'libraries/classes/Plugins/Transformations/' . $file;
         if (is_file($include_file)) {
+            // $cfg['SaveCellsAtOnce'] = true; JS code sends an array
+            $whereClause = is_array($_POST['where_clause']) ? $_POST['where_clause'][0] : $_POST['where_clause'];
             $_url_params = [
                 'db'            => $db,
                 'table'         => $table,
-                'where_clause_sign' => Core::signSqlQuery($_POST['where_clause']),
-                'where_clause'  => $_POST['where_clause'],
+                'where_clause_sign' => Core::signSqlQuery($whereClause),
+                'where_clause'  => $whereClause,
                 'transform_key' => $column_name,
             ];
             $transform_options = $this->transformations->getOptions(

libraries/classes/Plugins/Transformations/Abs/SubstringTransformationsPlugin.php

@@ -52,24 +52,26 @@ public function applyTransformation($buffer, array $options = [], ?FieldMetadata
         $cfg = $GLOBALS['cfg'];
         $options = $this->getOptions($options, $cfg['DefaultTransformations']['Substring']);
 
+        $optionZero = (int) $options[0];
+
         if ($options[1] !== 'all') {
             $newtext = mb_substr(
-                $buffer,
-                $options[0],
-                $options[1]
+                (string) $buffer,
+                $optionZero,
+                (int) $options[1]
             );
         } else {
-            $newtext = mb_substr($buffer, $options[0]);
+            $newtext = mb_substr((string) $buffer, $optionZero);
         }
 
         $length = mb_strlen($newtext);
-        $baselength = mb_strlen($buffer);
+        $baselength = mb_strlen((string) $buffer);
         if ($length != $baselength) {
-            if ($options[0] != 0) {
+            if ($optionZero !== 0) {
                 $newtext = $options[2] . $newtext;
             }
 
-            if ($length + (int) $options[0] != $baselength) {
+            if ($length + $optionZero != $baselength) {
                 $newtext .= $options[2];
             }
         }

libraries/classes/Sql.php

@@ -32,6 +32,7 @@
 use function strlen;
 use function strpos;
 use function ucwords;
+use function defined;
 
 /**
  * Set of functions for the SQL executor
@@ -647,8 +648,10 @@ public function storeTheQueryAsBookmark(
      */
     private function executeQueryAndMeasureTime($full_sql_query)
     {
-        // close session in case the query takes too long
-        session_write_close();
+        if (! defined('TESTSUITE')) {
+            // close session in case the query takes too long
+            session_write_close();
+        }
 
         // Measure query time.
         $querytime_before = array_sum(explode(' ', microtime()));
@@ -660,8 +663,10 @@ private function executeQueryAndMeasureTime($full_sql_query)
         );
         $querytime_after = array_sum(explode(' ', microtime()));
 
-        // reopen session
-        session_start();
+        if (! defined('TESTSUITE')) {
+            // reopen session
+            session_start();
+        }
 
         return [
             $result,

libraries/common.inc.php

@@ -46,9 +46,6 @@
 use PhpMyAdmin\SqlParser\Lexer;
 use PhpMyAdmin\ThemeManager;
 use PhpMyAdmin\Tracker;
-use Symfony\Component\Config\FileLocator;
-use Symfony\Component\DependencyInjection\ContainerBuilder;
-use Symfony\Component\DependencyInjection\Loader\PhpFileLoader;
 
 global $containerBuilder, $error_handler, $PMA_Config, $server, $dbi;
 global $lang, $cfg, $isConfigLoading, $auth_plugin, $route, $PMA_Theme;
@@ -106,9 +103,7 @@
     // phpcs:enable
 }
 
-$containerBuilder = new ContainerBuilder();
-$loader = new PhpFileLoader($containerBuilder, new FileLocator(__DIR__));
-$loader->load('services_loader.php');
+$containerBuilder = Core::getContainerBuilder();
 
 /**
  * Load gettext functions.

psalm-baseline.xml

@@ -2231,6 +2231,13 @@
       <code>bool</code>
     </ImplementedReturnTypeMismatch>
   </file>
+  <file src="libraries/classes/Plugins/Transformations/Abs/SubstringTransformationsPlugin.php">
+    <RedundantCastGivenDocblockType occurrences="3">
+      <code>(string) $buffer</code>
+      <code>(string) $buffer</code>
+      <code>(string) $buffer</code>
+    </RedundantCastGivenDocblockType>
+  </file>
   <file src="libraries/classes/Plugins/Transformations/Output/Text_Plain_Binarytoip.php">
     <FalsableReturnStatement occurrences="1">
       <code>FormatConverter::binaryToIp($buffer)</code>

templates/javascript/variables.twig

@@ -105,7 +105,8 @@ function extendingValidatorMessages () {
     min: $.validator.format('{{ 'Please enter a value greater than or equal to {0}'|trans }}'),
     validationFunctionForDateTime: $.validator.format('{{ 'Please enter a valid date or time'|trans }}'),
     validationFunctionForHex: $.validator.format('{{ 'Please enter a valid HEX input'|trans }}'),
-    validationFunctionForFuns: $.validator.format('{{ 'Error'|trans }}')
+    validationFunctionForMd5: $.validator.format('{% apply escape('js') %}{% trans %}This column can not contain a 32 chars value{% notes %}To validate the usage of a MD5 function on the column{% endtrans %}{% endapply %}'),
+    validationFunctionForAesDesEncrypt: $.validator.format('{% apply escape('js') %}{% trans %}These functions are meant to return a binary result; to avoid inconsistent results you should store it in a BINARY, VARBINARY, or BLOB column.{% notes %}To validate the usage of a AES_ENCRYPT/DES_ENCRYPT function on the column{% endtrans %}{% endapply %}')
   });
 }
 {% endautoescape %}