issue #11464 phpMyAdmin suggests upgrading to newer version not usabl…

…e on that system

Signed-off-by: Madhura Jayaratne <madhura.cj@gmail.com>

ChangeLog

@@ -1,6 +1,9 @@
 phpMyAdmin - ChangeLog
 ======================
 
+4.0.10.11 (not yet released)
+- issue #11464 phpMyAdmin suggests upgrading to newer version not usable on that system
+
 4.0.10.10 (2015-05-13)
 - bug #4899 [security] CSRF vulnerability in setup
 - bug #4900 [security] Vulnerability allowing Man-in-the-middle attack

js/functions.js

@@ -3178,7 +3178,7 @@ AJAX.registerOnload('functions.js', function() {
      * Load version information asynchronously.
      */
     if ($('li.jsversioncheck').length > 0) {
-        $.getJSON('version_check.php', {}, PMA_current_version);
+        $.getJSON('version_check.php', {'server' : PMA_commonParams.get('server')}, PMA_current_version);
     }
 
     if ($('#is_git_revision').length > 0) {

libraries/Util.class.php

@@ -4151,5 +4151,79 @@ public static function fillTooltip(
                 . PMA_Util::localisedDate(strtotime($table['Check_time']));
         }
     }
+
+    /**
+     * Returns the version and date of the latest phpMyAdmin version compatible
+     * with avilable PHP and MySQL versions
+     *
+     * @param array $releases array of information related to each version
+     *
+     * @return array containing the version and date of latest compatibel version
+     */
+    public static function getLatestCompatibleVersion($releases)
+    {
+        foreach ($releases as $release) {
+            $phpVersions = $release->php_versions;
+            $phpConditions = explode(",", $phpVersions);
+            foreach ($phpConditions as $phpCondition) {
+                if (! self::evaluateVersionCondition("PHP", $phpCondition)) {
+                    continue 2;
+                }
+            }
+
+            // We evalute MySQL version constraint if there are only
+            // one server configured.
+            if (count($GLOBALS['cfg']['Servers']) == 1) {
+                $mysqlVersions = $release->mysql_versions;
+                $mysqlConditions = explode(",", $mysqlVersions);
+                foreach ($mysqlConditions as $mysqlCondition) {
+                    if (! self::evaluateVersionCondition('MySQL', $mysqlCondition)) {
+                        continue 2;
+                    }
+                }
+            }
+
+            return array(
+                'version' => $release->version,
+                'date' => $release->date,
+            );
+        }
+
+        // no compatible version
+        return null;
+    }
+
+    /**
+     * Checks whether PHP or MySQL version meets supplied version condition
+     *
+     * @param string $type      PHP or MySQL
+     * @param string $condition version condition
+     *
+     * @return boolean whether the condition is met
+     */
+    public static function evaluateVersionCondition($type, $condition)
+    {
+        $operator = null;
+        $operators = array("<=", ">=", "!=", "<>", "<", ">", "="); // preserve order
+        foreach ($operators as $oneOperator) {
+            if (strpos($condition, $oneOperator) === 0) {
+                $operator = $oneOperator;
+                $version = substr($condition, strlen($oneOperator));
+                break;
+            }
+        }
+
+        $myVersion = null;
+        if ($type == 'PHP') {
+            $myVersion = PHP_VERSION;
+        } elseif ($type == 'MySQL') {
+            $myVersion = PMA_Util::cacheGet('PMA_MYSQL_STR_VERSION', true);
+        }
+
+        if ($myVersion != null && $operator != null) {
+            return version_compare($myVersion, $version, $operator);
+        }
+        return false;
+    }
 }
 ?>

setup/lib/index.lib.php

@@ -110,7 +110,7 @@ function PMA_version_check()
     // from a working server
     $connection_timeout = 3;
 
-    $url = 'http://phpmyadmin.net/home_page/version.php';
+    $url = 'http://phpmyadmin.net/home_page/version.json';
     $context = stream_context_create(
         array(
             'http' => array('timeout' => $connection_timeout)
@@ -146,14 +146,14 @@ function PMA_version_check()
         return;
     }
 
-    /* Format: version\ndate\n(download\n)* */
-    $data_list = explode("\n", $data);
-
-    if (count($data_list) > 1) {
-        $version = $data_list[0];
-        $date = $data_list[1];
+    $data_list = json_decode($data);
+    $releases = $data_list->releases;
+    $latestCompatible = PMA_Util::getLatestCompatibleVersion($releases);
+    if ($latestCompatible != null) {
+        $version = $latestCompatible['version'];
+        $date = $latestCompatible['date'];
     } else {
-        $version = $date = '';
+        return;
     }
 
     $version_upstream = version_to_int($version);

version_check.php

@@ -9,6 +9,7 @@
 // Sets up the session
 define('PMA_MINIMUM_COMMON', true);
 require_once 'libraries/common.inc.php';
+require_once 'libraries/Util.class.php';
 
 // Get response text from phpmyadmin.net or from the session
 // Update cache every 6 hours
@@ -34,15 +35,29 @@
 
 // Save and forward the response only if in valid format
 $data = json_decode($response);
-if (is_object($data) && strlen($data->version) && strlen($data->date)) {
+if (is_object($data)) {
+    $latestCompatible = PMA_Util::getLatestCompatibleVersion(
+        $data->releases
+    );
+
+    $version = '';
+    $date = '';
+    if ($latestCompatible != null) {
+        $version = $latestCompatible['version'];
+        $date = $latestCompatible['date'];
+    }
+
     if ($save) {
         $_SESSION['cache']['version_check'] = array(
             'response' => $response,
             'timestamp' => time()
         );
     }
     echo json_encode(
-        array('version' => $data->version, 'date' => $data->date)
+        array(
+            'version' => (! empty($version) ? $version : ''),
+            'date' => (! empty($date) ? $date : ''),
+        )
     );
 }