New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Autodetect SSL-only server and use SSL #13436

Closed
jaraco opened this Issue Jul 2, 2017 · 21 comments

Comments

Projects
None yet
4 participants
@jaraco

jaraco commented Jul 2, 2017

Attempting to deploy phpMyAdmin against an Azure hosted MySQL instance, Azure enforces SSL by default. Other deployments following best practices likely do the same.

Late releases of mysql client, when connecting to such a server, will automatically connect to this server without issue, apparently auto-detecting the need for SSL and enabling it.

Connecting phpMyAdmin to this server produces the following error:

#2001 - SSL Connection is required. Please specify SSL options and retry.

Of course, it's possible in the config to specify SSL, but doing so behind a docker container is non-trivial, especially when multiple servers are used.

Ideally, phpMyAdmin could do something similar to what the mysql client does, using SSL if available and enforced at the server. Such a feature would alleviate other open SSL tickets in this project.

@nijel nijel self-assigned this Jul 18, 2017

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Jul 18, 2017

Member

I think this is bad idea - to establish trusted SSL channel, you need to have the server or CA certificate and this is something what can't be done automatically (as MySQL server certificates usually do not rely on the existing PKI). Just enabling SSL without certificate verification just brings false feeling of using secure connection, while it is not (without certificate verficiation anybody can do mitm attack pretending to be your MySQL server and get access to all data).

Member

nijel commented Jul 18, 2017

I think this is bad idea - to establish trusted SSL channel, you need to have the server or CA certificate and this is something what can't be done automatically (as MySQL server certificates usually do not rely on the existing PKI). Just enabling SSL without certificate verification just brings false feeling of using secure connection, while it is not (without certificate verficiation anybody can do mitm attack pretending to be your MySQL server and get access to all data).

@nijel nijel closed this Jul 18, 2017

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Jul 18, 2017

Member

Thinking more about that, it's no worse than not using SSL connection....

Member

nijel commented Jul 18, 2017

Thinking more about that, it's no worse than not using SSL connection....

@nijel nijel reopened this Jul 18, 2017

@nijel nijel added the enhancement label Jul 18, 2017

@nijel nijel added this to the 4.7.3 milestone Jul 18, 2017

nijel added a commit that referenced this issue Jul 18, 2017

Allow SSL connection even when the certs are not set
Issue #13436

Signed-off-by: Michal Čihař <michal@cihar.com>

@nijel nijel closed this in b2a902d Jul 18, 2017

@emanuelb

This comment has been minimized.

Show comment
Hide comment
@emanuelb

emanuelb Jul 18, 2017

It's a lot better then no SSL at all as it protect against passive attackers (who only capture the data on the wire) but doesn't protect at all against any MITM attack (which is very hard to detect)
it will be better to add permanent message that say something which reflect:
'The connection to database is encrypted but not verified and thus vulnerable to MITM attacks, please configure the SSL configuration parameters, more information at: ...'
after connection to database over SSL without verification.

It's a lot better then no SSL at all as it protect against passive attackers (who only capture the data on the wire) but doesn't protect at all against any MITM attack (which is very hard to detect)
it will be better to add permanent message that say something which reflect:
'The connection to database is encrypted but not verified and thus vulnerable to MITM attacks, please configure the SSL configuration parameters, more information at: ...'
after connection to database over SSL without verification.

@jaraco

This comment has been minimized.

Show comment
Hide comment
@jaraco

jaraco Jul 18, 2017

better to add permanent message

If it's important to warn when insecure SSL is used, I suggest such a message should also be posted when the client connects without SSL.

@nijel: I'm looking forward to testing the fix. Thanks for looking into this.

jaraco commented Jul 18, 2017

better to add permanent message

If it's important to warn when insecure SSL is used, I suggest such a message should also be posted when the client connects without SSL.

@nijel: I'm looking forward to testing the fix. Thanks for looking into this.

@jaraco

This comment has been minimized.

Show comment
Hide comment
@jaraco

jaraco Jul 18, 2017

I see I'm currently relying on the Dockerhub container phpmyadmin/phpmyadmin. Any chance someone could release a tagged release with this commit that I could use to confirm the fix? I'm sure I could, but I'm a novice with Docker.

jaraco commented Jul 18, 2017

I see I'm currently relying on the Dockerhub container phpmyadmin/phpmyadmin. Any chance someone could release a tagged release with this commit that I could use to confirm the fix? I'm sure I could, but I'm a novice with Docker.

@emanuelb

This comment has been minimized.

Show comment
Hide comment
@emanuelb

emanuelb Jul 18, 2017

If it's important to warn when insecure SSL is used, I suggest such a message should also be posted when the client connects without SSL.

There already a issue for that in:
#12354 "Suggest SSL connection when logging in"

I see I'm currently relying on the Dockerhub container phpmyadmin/phpmyadmin.

The edge-4.7 and edge-4.8 tags use latest daily development releases at:
https://www.phpmyadmin.net/downloads/#devel
see:
https://github.com/phpmyadmin/docker/blob/master/README.md#docker-hub-tags

If it's important to warn when insecure SSL is used, I suggest such a message should also be posted when the client connects without SSL.

There already a issue for that in:
#12354 "Suggest SSL connection when logging in"

I see I'm currently relying on the Dockerhub container phpmyadmin/phpmyadmin.

The edge-4.7 and edge-4.8 tags use latest daily development releases at:
https://www.phpmyadmin.net/downloads/#devel
see:
https://github.com/phpmyadmin/docker/blob/master/README.md#docker-hub-tags

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Jul 21, 2017

Member

@jaraco The 4.7.3 release is already available as Docker image, you can also use the edge tags as mentioned above.

Member

nijel commented Jul 21, 2017

@jaraco The 4.7.3 release is already available as Docker image, you can also use the edge tags as mentioned above.

restonexyz added a commit to restonexyz/phpmyadmin that referenced this issue Jul 29, 2017

merge (#2)
* Refractor ZipExtension to use ZipArchive

ZipExtension is now using ZipArchive instead of zip_* functions.
Replaced getError with ZipArchive::getStatusString.
The documentation for the file has been refractored.
ZipExtension now includes ZipFile functionality, and thus ZipFile is removed.

See issue #13365

Signed-off-by: Aron Bergman <bathingrad@gmail.com>

* Use usort() instead of natsort()

The natsoft has side effect of producit associated array, what is later
represented as object if encoded to JSON and breaking code expect array
instead.

Fixes #13465

Signed-off-by: Michal Čihař <michal@cihar.com>

* Translated using Weblate (Croatian)

Currently translated at 27.7% (888 of 3203 strings)

[CI skip]

* Wrap file_exists calls with @

It can produce warnings in case open_basedir is enabled.

Fixes #13467

Signed-off-by: Michal Čihař <michal@cihar.com>

* Add sanity checking for max_count

We use it later for division, so make sure it's good for it.

Fixes #13470

Signed-off-by: Michal Čihař <michal@cihar.com>

* added viewport meta tag

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* basic responsive navigation implemented

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made main_pane_left and main_pane_right responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* scrollbar only shown in mobile devices only

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made login screen responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* console fix for smaller screen devices

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* merge conflict removed in navigation.js

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* added table scrolling to databases, structure and browse pages

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* hide nav_icons from small screen and css fix for serverinfo

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made table structure page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made server status page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made server_status_processes page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made server_status_variables and server_status_queries page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made plugin page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made server variables page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made db search page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made privileges tab of database responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made structure tab of table responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made prefs_forms responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made database query page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* sorting hide on small screen - browse page

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* replaced id responsivetable with class jsresponsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made table relation page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made create table page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made db central page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made db events page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made server status page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made server status queries chart responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made ui dialog responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made table select page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made table insert page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made table privileges page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* small navigation bar fix

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* added scrolling in navigation bar for mobile devices

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made server replication page responsive

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* regenerated the sprites

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* removed useless comments

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* menu resizer callback removed for mobile devices

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* fixes tests

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* navigation bar fix on widow resize

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* navigation bar fix if vertical scrollbar present

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* left navigation fix and more button fix

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* table structure fix

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* minor fixes

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* icons added in original theme

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* made mobile css changes in original theme

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* Bring back token parameter

This is needed here as the request is called with processData=false.

This reverts commit 9b627d6.

Fixes #13473

* Fix selenium tests related to ChangePassword, Login, Normalization, Serversettings

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Use correct constant name

Fixes #13475

Signed-off-by: Michal Čihař <michal@cihar.com>

* Changelog entry for mobile interface; #13422 d8d28dd

Signed-off-by: Isaac Bennetch <bennetch@gmail.com>

* Improved handling of uploaded files with open_basedir

Check whether configured directory is writable as it might be subject to
open_basedir restrictions.

Fixes #13482

Signed-off-by: Michal Čihař <michal@cihar.com>

* Fix tests after responsive UI changes

Signed-off-by: Michal Čihař <michal@cihar.com>

* Update sql-parser dependency

Needed for fixing #13385, #13483, #13485, #13486, #13487

Signed-off-by: Michal Čihař <michal@cihar.com>

* Add wrapper around PHP date function to ease testing

This way Tracker tests run on PHP 7 as well.

Issue #13484

Signed-off-by: Michal Čihař <michal@cihar.com>

* Replace PMA_SETUP define by configuration variable

This way we don't need runkit for testing and it's anyway a bit cleaner
approach.

Issue #13484

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove no longer needed code from test

Apparenty nothing really needs PMA_USR_BROWSER_AGENT here, so avoid
setting it. This removes need for runkit here.

Issue #13484

Signed-off-by: Michal Čihař <michal@cihar.com>

* Move controllers to PhpMyAdmin namespace

- Move base controllers to PhpMyAdmin namespace
- Move database controllers to PhpMyAdmin namespace
- Move server controllers to PhpMyAdmin namespace
- Move table controllers to PhpMyAdmin namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Move DBI classes to PhpMyAdmin namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Rename DBI include files

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Move DI classes to PhpMyAdmin namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Move Engines classes to PhpMyAdmin namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Translated using Weblate (Catalan)

Currently translated at 100.0% (3211 of 3211 strings)

[CI skip]

* Default BrowserStack tests to use local testing

It is needed in most cases when doing manual tests.

Signed-off-by: Michal Čihař <michal@cihar.com>

* Document how to test locally with BrowserStack

Signed-off-by: Michal Čihař <michal@cihar.com>

* Translated using Weblate (Catalan)

Currently translated at 100.0% (3211 of 3211 strings)

[CI skip]

* Set $theme variable for use by the themes CSS

This way the implementation detail such as storing the theme in the
session is hidden from the themes. See #13492

Signed-off-by: Michal Čihař <michal@cihar.com>

* Move Theme object out of session

Honestly I don't see good reason for storing Theme in session as loading
it from the session will take about same time as loading it from the
disk.

Additionally it seems that current code really didn't really use the
object stored in session, it was constructed with every request anyway
(by ThemeManager::initializeTheme).

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove unused PMA_MYSQL_MAJOR_VERSION

Signed-off-by: Michal Čihař <michal@cihar.com>

* Add version and type properties to the DatabaseInterface

This will allow us to better handle versions in certain cases:

* Having different server version for control user and regular connection
* Mocking version for the tests (see #13484)

Signed-off-by: Michal Čihař <michal@cihar.com>

* Use existing detection for showing server type

Signed-off-by: Michal Čihař <michal@cihar.com>

* Use new API to report version and comment

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove no longer used PMA_MYSQL_VERSION_COMMENT define

Signed-off-by: Michal Čihař <michal@cihar.com>

* Make fallback value consistent with what we use in tests

Signed-off-by: Michal Čihař <michal@cihar.com>

* Convert Types to use new API for getting server version

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove no longer used PMA_MARIADB define

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove PMA_MYSQL_STR_VERSION

Replace it by DatabaseInterface::getVersionString.

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove PMA_MYSQL_INT_VERSION from privileges code

This allows us to get rid of runkit dependency on testing this.

Fixes #13484

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove last uses of PMA_MYSQL_INT_VERSION define

It is only kept as name in Advisor for now.

Signed-off-by: Michal Čihař <michal@cihar.com>

* Simplify condition for showing comment

It can be unset as well.

Fixes #13469

Signed-off-by: Michal Čihař <michal@cihar.com>

* Translated using Weblate (Catalan)

Currently translated at 100.0% (3203 of 3203 strings)

[CI skip]

* Make hex inline editor accept 0x at the begining

Issue #13387

Signed-off-by: Michal Čihař <michal@cihar.com>

* Fixed inline editing of hex values

Fixes #13387

Signed-off-by: Michal Čihař <michal@cihar.com>

* Fixed size of index edit dialog

Fixes #13382

Signed-off-by: Michal Čihař <michal@cihar.com>

* Translated using Weblate (Bulgarian)

Currently translated at 60.1% (1930 of 3211 strings)

[CI skip]

* Translated using Weblate (Bulgarian)

Currently translated at 60.4% (1937 of 3203 strings)

[CI skip]

* Always cleanup composer file

Signed-off-by: Michal Čihař <michal@cihar.com>

* Bring back CSS customization for CodeMirror

Originally it was done by patching upstream sources in 4c24db0, but that
was lost when upgrading.

Issue #13489

Signed-off-by: Michal Čihař <michal@cihar.com>

* Fixed rendering SQL lint errors

- add patch to CodeMirror to render HTML, it's submitted upstream as
  codemirror/CodeMirror#4861
- properly escape html output of Linter, now when we use full HTML

Fixes #13489

Signed-off-by: Michal Čihař <michal@cihar.com>

* Change variable name to match upstream

See codemirror/CodeMirror#4861

Signed-off-by: Michal Čihař <michal@cihar.com>

* Update to current lint plugin

Our patch has been integrated.

Signed-off-by: Michal Čihař <michal@cihar.com>

* Avoid breakage if set_time_limit is disabled

Fixs #13468

Signed-off-by: Michal Čihař <michal@cihar.com>

* Fail if ini_set/ini_get are disabled

We might support operation without these two later, but it's quite a lot
of work and nobody was really requesting this.

Fixes #13471

Signed-off-by: Michal Čihař <michal@cihar.com>

* Add missing server version definition

Signed-off-by: Michal Čihař <michal@cihar.com>

* Allow SSL connection even when the certs are not set

Issue #13436

Signed-off-by: Michal Čihař <michal@cihar.com>

* Switch to SSL connection if server tells us to do so

Fixes #13436

Signed-off-by: Michal Čihař <michal@cihar.com>

* Update po files

[CI skip]

Signed-off-by: Michal Čihař <michal@cihar.com>

* Fix path to Config.php in master

Signed-off-by: Michal Čihař <michal@cihar.com>

* Update po files

[CI skip]

Signed-off-by: Michal Čihař <michal@cihar.com>

* Factor out code for MIME tranformations mapping

Issue #1347

Signed-off-by: Michal Čihař <michal@cihar.com>

* Fixed usage of some browser transformations

Fixes #13478

Signed-off-by: Michal Čihař <michal@cihar.com>

* Translated using Weblate (Interlingua)

Currently translated at 75.5% (2426 of 3213 strings)

[CI skip]

* Use Message to avoid need to specify namespace

Signed-off-by: Michal Čihař <michal@cihar.com>

* Show warning in case user can only display privileges

Fixes #13442

Signed-off-by: Michal Čihař <michal@cihar.com>

* Fix selenium tests related to Table

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Fix export related tests

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Fix tracking related tests

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Fix xss related tests

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Remove unnecessary output from travis job log

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Fix starting local PHP server without logs

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Translated using Weblate (Turkish)

Currently translated at 100.0% (3213 of 3213 strings)

[CI skip]

* Translated using Weblate (Slovenian)

Currently translated at 100.0% (3213 of 3213 strings)

[CI skip]

* Move GIS classes to PhpMyAdmin namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Translated using Weblate (German)

Currently translated at 99.8% (3209 of 3213 strings)

[CI skip]

* Translated using Weblate (Russian)

Currently translated at 93.8% (3015 of 3213 strings)

[CI skip]

* Translated using Weblate (Interlingua)

Currently translated at 75.5% (2422 of 3205 strings)

[CI skip]

* Translated using Weblate (Slovenian)

Currently translated at 100.0% (3205 of 3205 strings)

[CI skip]

* Translated using Weblate (Turkish)

Currently translated at 100.0% (3205 of 3205 strings)

[CI skip]

* Move navigation classes to PhpMyAdmin namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Translated using Weblate (German)

Currently translated at 99.9% (3203 of 3205 strings)

[CI skip]

* Fix class not found

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Move plugins classes to PhpMyAdmin namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Move properties classes to PhpMyAdmin namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Move Twig classes to PhpMyAdmin namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Translated using Weblate (Chinese (Simplified))

Currently translated at 85.7% (2754 of 3213 strings)

[CI skip]

* Translated using Weblate (Russian)

Currently translated at 94.4% (3026 of 3205 strings)

[CI skip]

* Prepare for release 4.7.3

Signed-off-by: Isaac Bennetch <bennetch@gmail.com>

* Adding composer lock for 4.7.3

Signed-off-by: Isaac Bennetch <bennetch@gmail.com>

* Removing composer.lock

Signed-off-by: Isaac Bennetch <bennetch@gmail.com>

* Prepare for 4.7.4-dev

Signed-off-by: Isaac Bennetch <bennetch@gmail.com>

* Translated using Weblate (Chinese (Simplified))

Currently translated at 86.1% (2761 of 3205 strings)

[CI skip]

* Translated using Weblate (English (United Kingdom))

Currently translated at 77.6% (2488 of 3205 strings)

[CI skip]

* Translated using Weblate (English (United Kingdom))

Currently translated at 100.0% (3077 of 3077 strings)

[CI skip]

* Translated using Weblate (English (United Kingdom))

Currently translated at 100.0% (3213 of 3213 strings)

[CI skip]

* Translated using Weblate (Portuguese (Brazil))

Currently translated at 100.0% (3205 of 3205 strings)

[CI skip]

* Remove shadow from the logo

Fixes #13415

Signed-off-by: Michal Čihař <michal@cihar.com>

* Translated using Weblate (English (United Kingdom))

Currently translated at 100.0% (3077 of 3077 strings)

[CI skip]

* Translated using Weblate (Portuguese (Brazil))

Currently translated at 99.9% (3211 of 3213 strings)

[CI skip]

* Move util.lib function into Util class

Move PMA\Util\get function to PhpMyAdmin\Util::getValueByKey

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Add PhpMyAdmin\Setup namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Add PhpMyAdmin\Tests namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Remove PMA namespace

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Add example for direct login

Issue #13510

Signed-off-by: Michal Čihař <michal@cihar.com>

* Avoid calling function multiple times

Signed-off-by: Michal Čihař <michal@cihar.com>

* Move theme initialization behind server

We really need to validate server first before using it.

Issue #13507

Signed-off-by: Michal Čihař <michal@cihar.com>

* Pass server parameter to the CSS backend

Issue #13507

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove not needed code for handling per server theme

Issue #13507

Signed-off-by: Michal Čihař <michal@cihar.com>

* Fixed per server theme feature

We need to know server even when loading minimal common for the CSS.

Fixes #13507

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove unused ThemeManager::checkConfig

Signed-off-by: Michal Čihař <michal@cihar.com>

* Move ThemeManager init code to the constructor

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove todo which no longer makes sense

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove global variable theme

It contained theme name and does not seem to be used.

Signed-off-by: Michal Čihař <michal@cihar.com>

* Remove unused ThemeManager::makeBc

Signed-off-by: Michal Čihař <michal@cihar.com>

* Fix rendering of items on main page

Fixes #13505

Signed-off-by: Michal Čihař <michal@cihar.com>

* Indicate SSL status on main page

- indicate status on main page
- indicate possible configuration issues
- show in red if remote connection is not using SSL
- add overview documentation for server SSL setup

Fixes #12354

Signed-off-by: Michal Čihař <michal@cihar.com>

* Translated using Weblate (Ukrainian)

Currently translated at 100.0% (3213 of 3213 strings)

[CI skip]

* Fixes #5666 - Default options for transformations

Signed-off-by: Raghuram <raghuram.vadapalli@research.iiit.ac.in>

* Translated using Weblate (Russian)

Currently translated at 94.0% (3022 of 3213 strings)

[CI skip]

* Translated using Weblate (Japanese)

Currently translated at 69.5% (2234 of 3213 strings)

[CI skip]

* ChangeLog entry for issue 5666, transformation options

Signed-off-by: Isaac Bennetch <bennetch@gmail.com>

* removed inline onclick javascript

Signed-off-by: Manish Bisht <manish.bisht490@gmail.com>

* Translated using Weblate (Ukrainian)

Currently translated at 100.0% (3213 of 3213 strings)

[CI skip]

* Changelog entry for inline JavaScript, issue #12261

Signed-off-by: Isaac Bennetch <bennetch@gmail.com>

* Fix tests

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Fix failing test in CopyRecords-TableBrowse

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Fix possible infinite loop in TableInsert-addData

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Use different approach to handle typing long values

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Translated using Weblate (Danish)

Currently translated at 93.0% (2990 of 3213 strings)

[CI skip]

* Fix possible errors with DropTracking test

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Use alternate way to enter long text field values in AddEvent

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Let the SQL query box load completely

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Translated using Weblate (Danish)

Currently translated at 93.0% (2990 of 3213 strings)

[CI skip]

* Translated using Weblate (Dutch)

Currently translated at 100.0% (3213 of 3213 strings)

[CI skip]

* Use shorter strings hoping to avoid error in DbEvents addEvent

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Port some templates to Twig

Signed-off-by: Maurício Meneghini Fauth <mauriciofauth@gmail.com>

* Prevent possible stale element error in tracking

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Mark failed selenium tests on Browerstack as failed

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Don't mark incomplete tests and skipped tests as Failed on browerstack

Signed-off-by: Deven Bansod <devenbansod.bits@gmail.com>

* Translated using Weblate (German)

Currently translated at 99.9% (3212 of 3213 strings)

[CI skip]

* Translated using Weblate (German)

Currently translated at 99.9% (3212 of 3213 strings)

[CI skip]

* Translated using Weblate (German)

Currently translated at 99.9% (3212 of 3213 strings)

[CI skip]

* Translated using Weblate (German)

Currently translated at 99.9% (3212 of 3213 strings)

[CI skip]

* Translated using Weblate (German)

Currently translated at 100.0% (3213 of 3213 strings)

[CI skip]

* Translated using Weblate (German)

Currently translated at 100.0% (3213 of 3213 strings)

[CI skip]

* Translated using Weblate (Kurdish Sorani)

Currently translated at 30.8% (991 of 3213 strings)

[CI skip]

Ahmed Wolf
@jaraco

This comment has been minimized.

Show comment
Hide comment
@jaraco

jaraco Nov 17, 2017

Hi @nijel: I'm just getting around to testing this. Unfortunately, I'm still getting an error #9002 - SSL connection is required. Please specify SSL options and retry. I'm launching the container unmodified only with PMA_HOST defined. Are there other settings that need to be configured to enable SSL to be used (especially if the server requires it)?

jaraco commented Nov 17, 2017

Hi @nijel: I'm just getting around to testing this. Unfortunately, I'm still getting an error #9002 - SSL connection is required. Please specify SSL options and retry. I'm launching the container unmodified only with PMA_HOST defined. Are there other settings that need to be configured to enable SSL to be used (especially if the server requires it)?

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 18, 2017

Member

Apparently you're getting different error code for the same message. Argh, I wish MySQL would be consistent in this....

Member

nijel commented Nov 18, 2017

Apparently you're getting different error code for the same message. Argh, I wish MySQL would be consistent in this....

@nijel nijel reopened this Nov 18, 2017

@nijel nijel modified the milestones: 4.7.3, 4.7.6 Nov 18, 2017

@nijel nijel closed this in facc536 Nov 18, 2017

@jaraco

This comment has been minimized.

Show comment
Hide comment
@jaraco

jaraco Nov 18, 2017

Awesome. I'll grab the nightly tomorrow and try it out.

jaraco commented Nov 18, 2017

Awesome. I'll grab the nightly tomorrow and try it out.

@jaraco

This comment has been minimized.

Show comment
Hide comment
@jaraco

jaraco Nov 19, 2017

I tried using the edge-4.7 tag of the docker image, but it failed as before. Best I can tell, the daily snapshopts are stale so I won't be able to test until those snapshots are refreshed or a release is cut.

jaraco commented Nov 19, 2017

I tried using the edge-4.7 tag of the docker image, but it failed as before. Best I can tell, the daily snapshopts are stale so I won't be able to test until those snapshots are refreshed or a release is cut.

@ibennetch

This comment has been minimized.

Show comment
Hide comment
@ibennetch

ibennetch Nov 19, 2017

Member

Thanks for the report, I've opened a new issue about that and we'll let you know once their fixed. #13820

Member

ibennetch commented Nov 19, 2017

Thanks for the report, I've opened a new issue about that and we'll let you know once their fixed. #13820

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 20, 2017

Member

The daily snapshots are now up to date and the docker images are just building.

Member

nijel commented Nov 20, 2017

The daily snapshots are now up to date and the docker images are just building.

@jaraco

This comment has been minimized.

Show comment
Hide comment
@jaraco

jaraco Nov 20, 2017

It's looking better. I'm no longer getting the error, but now after authenticating and being directed to index.php, but that page returns a 500 Internal Server Error with nothing in the payload.

I checked the logs from the container, but there's nothing there in the output. If there's an error message, it's not emitted in the stderr/stdout of the nginx host.

Disabling the SSL requirement on the server restores the proper behavior, so the 500 error does seem relevant to SSL detection.

Can you suggest how I might be able to reveal the underlying failure?

jaraco commented Nov 20, 2017

It's looking better. I'm no longer getting the error, but now after authenticating and being directed to index.php, but that page returns a 500 Internal Server Error with nothing in the payload.

I checked the logs from the container, but there's nothing there in the output. If there's an error message, it's not emitted in the stderr/stdout of the nginx host.

Disabling the SSL requirement on the server restores the proper behavior, so the 500 error does seem relevant to SSL detection.

Can you suggest how I might be able to reveal the underlying failure?

@jaraco

This comment has been minimized.

Show comment
Hide comment
@jaraco

jaraco Nov 22, 2017

Is there perhaps an environment variable I can set that will let phpMyAdmin render the error message in the browser?

jaraco commented Nov 22, 2017

Is there perhaps an environment variable I can set that will let phpMyAdmin render the error message in the browser?

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 23, 2017

Member

@jaraco the PHP logs should be placed in /var/log/php-fpm.log, you can display it using docker exec phpmyadmin cat /var/log/php-fpm.log.

Member

nijel commented Nov 23, 2017

@jaraco the PHP logs should be placed in /var/log/php-fpm.log, you can display it using docker exec phpmyadmin cat /var/log/php-fpm.log.

@jaraco

This comment has been minimized.

Show comment
Hide comment
@jaraco

jaraco Nov 24, 2017

Thanks @nijel. I started up the container locally, pointed it at my Azure-hosted SSL-requiring MySQL instance. Attempted to log in and got the 500 response, but then there's nothing in the logs:

$ docker exec -it $(docker ps -q) ls -la /var/log/php-fpm.log
-rw-r--r--    1 nobody   nobody           0 Nov 24 15:19 /var/log/php-fpm.log

But, by inspecting the running container (thanks for introducing me to docker exec), I did find some an error message that appears relevant:

$ docker exec $(docker ps -q) cat /var/log/nginx-error.log
2017/11/24 15:20:45 [error] 24#24: *31 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function PMA\libraries\dbi\_() in /www/libraries/dbi/DBIMysqli.php:160
Stack trace:
#0 /www/libraries/DatabaseInterface.php(2363): PMA\libraries\dbi\DBIMysqli->connect('user@pix...', 'a6926...', Array)
#1 /www/libraries/common.inc.php(748): PMA\libraries\DatabaseInterface->connect(256)
#2 /www/index.php(20): require_once('/www/libraries/...')
#3 {main}
  thrown in /www/libraries/dbi/DBIMysqli.php on line 160" while reading response header from upstream, client: 172.17.0.1, server: _, request: "POST /index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php-fpm.sock:", host: "localhost:8080"

Does that indicate why the request is failing?

jaraco commented Nov 24, 2017

Thanks @nijel. I started up the container locally, pointed it at my Azure-hosted SSL-requiring MySQL instance. Attempted to log in and got the 500 response, but then there's nothing in the logs:

$ docker exec -it $(docker ps -q) ls -la /var/log/php-fpm.log
-rw-r--r--    1 nobody   nobody           0 Nov 24 15:19 /var/log/php-fpm.log

But, by inspecting the running container (thanks for introducing me to docker exec), I did find some an error message that appears relevant:

$ docker exec $(docker ps -q) cat /var/log/nginx-error.log
2017/11/24 15:20:45 [error] 24#24: *31 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function PMA\libraries\dbi\_() in /www/libraries/dbi/DBIMysqli.php:160
Stack trace:
#0 /www/libraries/DatabaseInterface.php(2363): PMA\libraries\dbi\DBIMysqli->connect('user@pix...', 'a6926...', Array)
#1 /www/libraries/common.inc.php(748): PMA\libraries\DatabaseInterface->connect(256)
#2 /www/index.php(20): require_once('/www/libraries/...')
#3 {main}
  thrown in /www/libraries/dbi/DBIMysqli.php on line 160" while reading response header from upstream, client: 172.17.0.1, server: _, request: "POST /index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php-fpm.sock:", host: "localhost:8080"

Does that indicate why the request is failing?

@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 27, 2017

Member

Ah, now I see the problem, will fix it soon.

Member

nijel commented Nov 27, 2017

Ah, now I see the problem, will fix it soon.

nijel added a commit that referenced this issue Nov 27, 2017

Use correct name for motranslator call
We're not using php gettext, so using _ is mistake.

Issue #13436

Signed-off-by: Michal Čihař <michal@cihar.com>
@nijel

This comment has been minimized.

Show comment
Hide comment
@nijel

nijel Nov 27, 2017

Member

Fixed in f7e6366.

Member

nijel commented Nov 27, 2017

Fixed in f7e6366.

@jaraco

This comment has been minimized.

Show comment
Hide comment
@jaraco

jaraco Nov 28, 2017

The nightly hasn't updated; I'll check again for it in a few days.

jaraco commented Nov 28, 2017

The nightly hasn't updated; I'll check again for it in a few days.

ibennetch added a commit that referenced this issue Dec 1, 2017

Detect another way MySQL server needs SSL
Fixes #13436

Signed-off-by: Michal Čihař <michal@cihar.com>

ibennetch added a commit that referenced this issue Dec 1, 2017

Use correct name for motranslator call
We're not using php gettext, so using _ is mistake.

Issue #13436

Signed-off-by: Michal Čihař <michal@cihar.com>
@jaraco

This comment has been minimized.

Show comment
Hide comment
@jaraco

jaraco Dec 1, 2017

tl;dr: It's working now!


I'm still not seeing the fix in edge-4.7. I tried edge-4.8 momentarily and that seems to be working, but edge-4.7 is giving me the same error as before. I've pulled the latest image:

$ docker pull phpmyadmin/phpmyadmin:edge-4.7
edge-4.7: Pulling from phpmyadmin/phpmyadmin
b1f00a6a160c: Already exists 
ed8452a2cff1: Pull complete 
2467cb692a8f: Pull complete 
579172efe0d1: Pull complete 
c960c0de90ec: Pull complete 
a1470dc71c94: Pull complete 
7b84943c6163: Pull complete 
Digest: sha256:25fe76d47e159252798e227342e5b2d822be4dfdc6d9bc4e70c316dc0cf35a14
Status: Downloaded newer image for phpmyadmin/phpmyadmin:edge-4.7

And run the server against that new image:

$ docker run -e PMA_HOST=$MYSQL_ADDRESS -p 8080:80 phpmyadmin/phpmyadmin:edge-4.7
2017-12-01 14:03:37,580 CRIT Supervisor running as root (no user in config file)
2017-12-01 14:03:37,580 WARN Included extra file "/etc/supervisor.d/nginx.ini" during parsing
2017-12-01 14:03:37,581 WARN Included extra file "/etc/supervisor.d/php.ini" during parsing
2017-12-01 14:03:37,587 INFO RPC interface 'supervisor' initialized
2017-12-01 14:03:37,588 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2017-12-01 14:03:37,588 INFO supervisord started with pid 1
2017-12-01 14:03:38,592 INFO spawned: 'php-fpm' with pid 20
2017-12-01 14:03:38,595 INFO spawned: 'nginx' with pid 21
2017-12-01 14:03:39,623 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-12-01 14:03:39,624 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

I then log into phpMyAdmin, get the blank page, and the same error appears in the nginx logs:

$ docker exec $(docker ps -q) cat /var/log/nginx-error.log
2017/12/01 14:05:52 [error] 25#25: *1 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function PMA\libraries\dbi\_() in /www/libraries/dbi/DBIMysqli.php:160
Stack trace:
#0 /www/libraries/DatabaseInterface.php(2363): PMA\libraries\dbi\DBIMysqli->connect('user@pix...', '...', Array)
#1 /www/libraries/common.inc.php(748): PMA\libraries\DatabaseInterface->connect(256)
#2 /www/index.php(20): require_once('/www/libraries/...')
#3 {main}
  thrown in /www/libraries/dbi/DBIMysqli.php on line 160" while reading response header from upstream, client: 172.17.0.1, server: _, request: "POST /index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php-fpm.sock:", host: "localhost:8080"

Aha!

I noticed that edge-4.7 is 5 hours 4.7. Running simply with 4.7is working. I guess edge will catch up soon.

jaraco commented Dec 1, 2017

tl;dr: It's working now!


I'm still not seeing the fix in edge-4.7. I tried edge-4.8 momentarily and that seems to be working, but edge-4.7 is giving me the same error as before. I've pulled the latest image:

$ docker pull phpmyadmin/phpmyadmin:edge-4.7
edge-4.7: Pulling from phpmyadmin/phpmyadmin
b1f00a6a160c: Already exists 
ed8452a2cff1: Pull complete 
2467cb692a8f: Pull complete 
579172efe0d1: Pull complete 
c960c0de90ec: Pull complete 
a1470dc71c94: Pull complete 
7b84943c6163: Pull complete 
Digest: sha256:25fe76d47e159252798e227342e5b2d822be4dfdc6d9bc4e70c316dc0cf35a14
Status: Downloaded newer image for phpmyadmin/phpmyadmin:edge-4.7

And run the server against that new image:

$ docker run -e PMA_HOST=$MYSQL_ADDRESS -p 8080:80 phpmyadmin/phpmyadmin:edge-4.7
2017-12-01 14:03:37,580 CRIT Supervisor running as root (no user in config file)
2017-12-01 14:03:37,580 WARN Included extra file "/etc/supervisor.d/nginx.ini" during parsing
2017-12-01 14:03:37,581 WARN Included extra file "/etc/supervisor.d/php.ini" during parsing
2017-12-01 14:03:37,587 INFO RPC interface 'supervisor' initialized
2017-12-01 14:03:37,588 CRIT Server 'unix_http_server' running without any HTTP authentication checking
2017-12-01 14:03:37,588 INFO supervisord started with pid 1
2017-12-01 14:03:38,592 INFO spawned: 'php-fpm' with pid 20
2017-12-01 14:03:38,595 INFO spawned: 'nginx' with pid 21
2017-12-01 14:03:39,623 INFO success: php-fpm entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2017-12-01 14:03:39,624 INFO success: nginx entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)

I then log into phpMyAdmin, get the blank page, and the same error appears in the nginx logs:

$ docker exec $(docker ps -q) cat /var/log/nginx-error.log
2017/12/01 14:05:52 [error] 25#25: *1 FastCGI sent in stderr: "PHP message: PHP Fatal error:  Uncaught Error: Call to undefined function PMA\libraries\dbi\_() in /www/libraries/dbi/DBIMysqli.php:160
Stack trace:
#0 /www/libraries/DatabaseInterface.php(2363): PMA\libraries\dbi\DBIMysqli->connect('user@pix...', '...', Array)
#1 /www/libraries/common.inc.php(748): PMA\libraries\DatabaseInterface->connect(256)
#2 /www/index.php(20): require_once('/www/libraries/...')
#3 {main}
  thrown in /www/libraries/dbi/DBIMysqli.php on line 160" while reading response header from upstream, client: 172.17.0.1, server: _, request: "POST /index.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php-fpm.sock:", host: "localhost:8080"

Aha!

I noticed that edge-4.7 is 5 hours 4.7. Running simply with 4.7is working. I guess edge will catch up soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment