phppgadmin / phppgadmin Goto Github PK
View Code? Open in Web Editor NEWThis project forked from xzilla/phppgadmin
the premier web-based administration tool for postgresql
Home Page: https://github.com/phppgadmin/phppgadmin
License: Other
This project forked from xzilla/phppgadmin
the premier web-based administration tool for postgresql
Home Page: https://github.com/phppgadmin/phppgadmin
License: Other
I have come across this report of CSRF vulnerabilities in phppgadmin:
https://snyk.io/vuln/SNYK-PHP-PHPPGADMINPHPPGADMIN-543885
There are more details on this page:
https://github.com/snoopysecurity/Public/blob/master/phppgadmin%20CSRF%20Vulnerability.pdf
phpMYadmin is vulnerable by CVE-2022-0813
It addresses some XSS, bypassing something and gain information and i want to know if phpPGAdmin is affected too by this?
Hi,
Is it possible that a view also gets an download or export link?
When looking at the data of a view, it shows no download link and export only allows the structure to export.
Path: /display.php?action=confselectrows&subject=view&return=schema&view=xxxxx
But when first selecting fields en then showing the data, then a download link is shown.
Path: views.php?action=confselectrows&view=xxxxxx
As explained in: https://stackoverflow.com/a/12281215/4699609
Can you please add a download link to the view itself?
Thanks in advance,
Greetz, flexjoly
Connect to Google Cloud SQL , sslmode = verify-ca
sslrootcert=server-ca.pem
sslcert=client-cert.pem
sslkey=client-key.pem
What should I do, thank you! #
Hey folks, thanks for the wonderful tool, firstly.
Since phpPgAdmin is hitting Postgres directly for logins, there's a bit of a conundrum for how to log failed logins. I'm running it via Nginx and php-fpm, and it doesn't seem that a failed login is seen by php-fpm as an error. A failed login to Postgres itself is logged by the Postgres log, but it doesn't have any concept of where the request came from, so doesn't do me any good in terms of setting up something like fail2ban.
Is there a way to set up a failed login log for this purpose?
On my Linux system an integrity check via the command
bzip2 -t phpPgAdmin-7.12.0.tar.bz2
issues
trailing garbage after EOF ignored
There is no mention of versions newer than 5.6 on the official website. I only happened to discover new versions are available by running locate
on my mirror server and seeing 7.12.1 in my Ubuntu repo! (I run the tarball, and not even on Ubuntu, so this was a lucky find). This was such a version skip I investigated packages.ubuntu.com to see if it was even the same package (apparently it is) and found this GitHub repo.
Please update the official website, or if that website will no longer be updated, post a big deprecation notice on it. (In that case, numerous references to that URL in the code itself would need changing, e.g in intro.php (the home screen of the app), lang/*.php
, etc.)
Hello guys,
Now that PHP 8 is stable, do you have an ETA for phpPgAdmin to support it?
Regards
If you use Declarative Partitioning (Partition by range) parent table not showed in list of tables.
But if use Inheritance Partitioning then parent table showed in list of tables.
The table browser paging logic seems to be faulty. Here are the steps to reproduce:
The result will be "No rows found" even though the row clearly exists. If the user had remained on page 1 and added "WHERE id=1", the single row would be displayed.
This tells me that the pager logic is broken. The pager should be reset when a new query is submitted from the text box.
I will note that this problem has existed since the early days of phpPgAdmin, circa 2013 or earlier.
I'm happy to see that the project is being actively developed and would like to see this long-standing issue resolved.
Using Php8, I was not able to log in in PhpPgAdmin.
Back to Php7, everything was ok.
Using the "SQL" tab on a database results in a hard exit if you submit a query, get an error, and try again using the "Submit Query" button.
Steps to reproduce:
NB: You're able to resubmit successfully by clicking the "Edit SQL" link immediately below the query. The simplest solution might be simply to remove the query resubmit form -- that's how it works when "paginate" is not checked.
When config.inc.php has
$conf['owned_only'] = true;
the list of databases doesn't include any that are owned by a group in which the current user is a member.
I believe this can be handled in function getDatabase (Postgres.php) by replacing
$clause = " AND pr.rolname='{$username}'";
with
$clause = " AND (pr.rolname='{$username}'
OR (SELECT oid FROM pg_catalog.pg_roles WHERE rolname = '{$username}')
IN (SELECT member
FROM pg_catalog.pg_auth_members m
JOIN pg_catalog.pg_roles pr2 ON (m.roleid = pr2.oid)
WHERE rolname = pr.rolname))";
To reproduce this situation:
CREATE USER cathy;
CREATE USER foo_owner ROLE cathy;
-- or, after creating foo_owner: GRANT foo_owner TO cathy;
CREATE DATABASE foo WITH OWNER foo_owner;
If I log in to phpPgAdmin as foo_owner
, I see database foo
as expected. But, if I log in with user cathy
, database foo
isn't included in the list. Note that this is strictly a display issue; postgres accepts SQL commands without issue.
The above change results in showing database foo
in the list for user cathy
.
Can you package the phpgadmin to a docker image?
Thank you.
The composer file is a bit outdated.
The minimal php version there is 5.0 while libraries/lib.inc.php
will complain if version is less than 7.1. The value should be ajusted.
Also it should contain a require
line like "ext-pgsql": "*"
so that extension php-pgsql is pulled automatically.
last git:
Notice: Undefined variable: postgresqlMinVer in phpPgAdmin/classes/Misc.php on line 493
Version of PostgreSQL not supported. Please upgrade to version or later.
I use postgresql-13.0 thanks
Hello, i'm Valerio and i found the bug, please consider i have the CVE from mitre, you need to send me a right email, and i can write you the poc of your vulnerability, work on 7.13.0 or low it's a 0-day expploit. Please responde as soon as possibile.
Valerio
oid special behavior has been removed in postgres 12.
https://www.postgresql.org/docs/12/release-12.html#id-1.11.6.5.4
This explains #67.
Another issue is is creating a table unchecking the "WITHOUT OIDS" box:
This results in a SQL error:
ERROR: syntax error at or near "OIDS"
CREATE TABLE "public"."test_to_drop" ("id" SERIAL, "test" character varying(20)) WITH OIDS
^
I guess the checkbox should be removed when talking to a postgres 12.
Creating a new funciton via grafical user interface it is not possible to scroll via scroll bar until the button of the form. Therefore the "Create" button can´t be pressed, except for adjust the zooming of the page by e.g. [Ctrl] + [-]
We installed the latest version of phppgadmin however we're having issues viewing sequences. Has anyone seen anything similar?
ERROR: relation "pg_catalog.pg_sequence" does not exist
I'd like to note it's been awhile since i viewed the sequences, but a few months ago i feel like this wasn't an issue.
The error that occurs when attempting to view/list functions is:
ERROR: column p.prokind does not exist
Basically as of postgresql 9.3 the pg_proc field prokind does not exist as that was added much later. Therefore allowances need to be made for this as the change to prokind did not happen until version 11, therefore all versions prior to version 11 need to continue to using the old method that did not use the prokind field. That includes versions 9.0 to 9.6 and 10.
I made some role changes and now I can't access database(s) ...
I transferred ownership of a database from one person to another. But even the other person can't access the database I
gave them. I transfered ownership of the database:
ALTER DATABASE dvdrental OWNER new-owner-name
Do I need to do every table in that database?
See screenshot ...
hi,
no css loaded with the script, its only me or other people have the same problem as well?
i did try downloading also the other compressed files, none of them works,
i did check the css path in the included files and all looks okay, the theme folder is included
thank you
Hello
Despite numerous attempt to upgrade ADOdb (See the 7-years old #31), phpgadmin embed a copy of adodb that is known to have issues.
I haven't checked whether this is an issue with phppgadmin, as I use Debian that does NOT embed a copy, but uses upstream version.
See also #119 (comment)
Please, wake up.
Hello, we are TeamCode. We have created a Tin application for this app, which help users to quickly run and try the app without installing and configuring the environment. Users don't need to pay for this service. Hope it can help you better promote the app!
Guidance: https://www.teamcode.com/docs/en-US/tin/clone-tin
This is the entire usage process:
Users click the badge Run in Cloud.
Sign up first if they have not logged in.
After that, they will be directed to the Clone page and start to build & run this app.
Does Phppgadmin 5 version supports pgadmin 10?
php8.0 & postgresql 13.1 ... create database form error..
Click on Create Database...
The form does not come out as finished.
The following error which appears when creating a new database (with debugging and XDEBUG enabled) in phpPgAdmin 7.12.1 (PHP 7.2.24):
Text version: Deprecated: The each() function is deprecated. This message will be suppressed on further calls in /var/www/phppgadmin/all_db.php on line 202
The solution is to replace each with a foreach loop.
Reference:
After the fix, phppgadmin correctly creates the list of encodings.
Hi,
Sometimes we get an csv and we want to generate a (temporary) table from it.
PhpMyAdmin (for mysql) has a nice import form for this and can create a new table from a csv. But phpPgAdmin only imports a csv to an existing table.
Can this be made in phpPgAdmin also?
Greetz, flexjoly
Hey there!
I'd like to report a security issue but cannot find contact instructions on your repository.
If not a hassle, might you kindly add a SECURITY.md
file with an email, or another contact method? GitHub recommends this best practice to ensure security issues are responsibly disclosed, and it would serve as a simple instruction for security researchers in the future.
Thank you for your consideration, and I look forward to hearing from you!
(cc @huntr-helper)
PostgreSQL 14.1 (Ubuntu 14.1-2.pgdg20.04+1) on x86_64-pc-linux-gnu, compiled by gcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0, 64-bit
(1 row)
Version of PostgreSQL not supported. Please upgrade to version or later.
https://prnt.sc/RiJKd5z-OxRU
~ php -v
Copyright (c) The PHP Group
Zend Engine v3.4.0, Copyright (c) Zend Technologies
with Zend OPcache v7.4.3, Copyright (c), by Zend Technologies
with Xdebug v2.9.2, Copyright (c) 2002-2020, by Derick Rethans```
I'm running phppgadmin locally on a different port, and using nginx to reverse proxy a non-root path, ex. example.com/admin/
to phppgadmin for convenience and security. Everything works as expected except for one part, the action of the form of the SQL textbox in display.php
, generated here: https://github.com/xzilla/phppgadmin/blob/3575e0bf267bb91b1bff7bbb2d14d206a878cb60/display.php#L528
By using $_SERVER['REQUEST_URI']
here, the generated HTML contains an absolute path <form method="POST" action="/display.php?
... which sends the browser to example.com/display.php
instead of to example.com/admin/display.php
where the file actually is, which breaks it. Everywhere else, relative paths are generated.
I'm not too familiar with this project, otherwise I'd just submit a pull request. Can this be fixed please so all paths are relative in the HTML?
when I activate
$conf['show_reports'] = true;
popt up this message and no Report was shown
......
Warning: Parameter 1 to Report::add_plugin_trail() expected to be a reference, value given in /srv/www/phppgadmin/phpPgAdmin/classes/PluginManager.php on line 104
...........
this come up with php7
I used now version 7.12.0, but this issue was also in 5.6
Downloaded latest release and getting in left tree "Error Loading servers.php?action=tree (200: OK)"
Ubuntu 18, PHP7.2
Login via different button works but tree strill with Error
I found a reference to a change to prokind from "proisagg"
"Replace system catalog pg_proc 's proisagg and proiswindow columns with prokind (Peter Eisentraut)."
Currently using PostgreSQL 9.2.24 (working on updating out of it but there are still oid's in use.)
Unable to browse DB upgraded to 12rc1 with following error
ERROR: column "relhasoids" does not exist
LINE 1: SELECT relhasoids FROM pg_catalog.pg_class WHERE relname='bs...
regards
Petr
If I choose the table (or view) and take same conditions (WHERE) the result appears in internal sorting. But if I press column name (for sorting on that column) - it goes to schema page. This problem doesn't appears if I just take view the table (or view) - than everything sorts as it should...
Finally found solution here It's a bug since 2014:
https://stackoverflow.com/questions/32562837/phppgadmin-sorting-doesnt-work
https://sourceforge.net/p/phppgadmin/bugs/445/
Please insert the solution in phpPgadmin.
Many thanks
Michael
hey there, even though I enabled the "php_pgsql.dll" in the "php.ini" file I still get this error "Your PHP installation does not support the pgsql module. You will need to install, enable, or compile it to use phpPgAdmin." I don't know if this is easy to fix but if it is please tell me how to fix it <3
Thx for you time
Just did a major upgrade from Postgres 9.2 to Postgres 13...
Needed to update ./classes/database/Connection.php to include Postgres13
My changes/additions:
case '12': return 'Postgres12';break;
case '13': return 'Postgres13';break;
Added:
./classes/database/Postgres12.php
./classes/database/Postgres13.php
./help/PostgresDoc13.php
I believe this takes care of what I need to get Postgres13 to work.
After executing a query, random nodes will be expanded and/or collapsed when the navigation frame reloads. The affected nodes are not related to the query and they were never expanded/collapsed previously in the current session. This bug has existed for many years and versions.
To reproduce, first expand some schema and table nodes in the hierarchy frame. Then execute any ALTER TABLE query from the SQL popup. This also occurs under many other conditions as well.
As administrator of a FOSS server I have just added a new feature: Source code misspelling error checks for the supported software packages using the command line program codespell
.
One of the first checks was just done for phpPgAdmin-7.12.0.tar.bz2
. The output of the analysis can be found here: https://fossies.org/linux/www/phpPgAdmin-7.12.0.tar.bz2/codespell.html
A hint: Clicking on a red colored spelling error in the "top" list let you jump to the first according match in the actual spelling error occurrence list. Clicking on a matching member file let you browse that file while jumping to the according line (with a red colored line number; but in some cases the misspelled word may be in the adjacent lines).
I know it's not an important issue and you can ignore it but if you found wrong matches (false positives) please let me know it so that I can force a new improved check.
[Composer\Json\JsonValidationException]
"./composer.json" does not match the expected JSON schema:
According to the documentation, Postgres 12 does not implement the relhasoids column anymore.
// My Fault, it's fixed on the last version. Please delete this issue
I have a database named safe-distance that I want to export. However, Everytime I export it, it generates a blank dump file. I cannot identify what I've been doing wrong.
I'm trying using phppgadmin 7.12.1, I clicked export, selected SQL, structure and data as format and then download, but the dump file generated is always blank. Please help
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.