PhpMyAdmin 2.6.1-pl1 is out, fixing a few security issues; From the release notes:


- (pl1) Possible XSS attack
- (pl1) Remote file inclusion
- (pl1) Error when blowfish_secret is empty
- (pl1) Wrong parameter count with PHP 4.1.x
- (pl1) (Japanese) Undefined index
- (pl1) (mysqli) Wrong detection of a failed connection


Changing /usr/local/directadmin/scripts/phpMyAdmin.sh as follows worked to get the update:



*** phpMyAdmin.sh Wed Feb 23 20:06:10 2005
--- /tmp/phpMyAdmin.sh Wed Feb 23 20:12:11 2005
***************
*** 2,11 ****

#run this script AFTER the administrator account has been created

! VER=2.6.1
PMAFILE=/usr/local/directadmin/scripts/packages/phpMyAdmin-${VER}.tar.gz
PMADIR=/var/www/html/phpMyAdmin-${VER}
! WEBFILE=http://files.directadmin.com/services/9.0/phpMyAdmin-${VER}.tar.gz

if [ ! -e ${PMAFILE} ]; then
wget -O $PMAFILE $WEBFILE
--- 2,11 ----

#run this script AFTER the administrator account has been created

! VER=2.6.1-pl1
PMAFILE=/usr/local/directadmin/scripts/packages/phpMyAdmin-${VER}.tar.gz
PMADIR=/var/www/html/phpMyAdmin-${VER}
! WEBFILE=http://osdn.dl.sourceforge.net/sourceforge/phpmyadmin/phpMyAdmin-${VER}.tar.gz

if [ ! -e ${PMAFILE} ]; then
wget -O $PMAFILE $WEBFILE


Andy

2.6.1-pl2 is out, fixing an instability introduced in pl1; simply change the version in the above diff to upgrade.

Andy

Ops... my bad :p
Should read carefully lol

thanks for the updates

phpMyAdmin 2.6.1-pl3 is released

It fixes a problem introduced in -pl2: can no longer update a field whose name starts with "str".
Also included, a fix for the privileges management module: escaping of the "_" character was not properly done, giving a wildcard privilege when editing db-specific privileges with phpMyAdmin.

so, how do i update my phpmyadmin?

when i run the script it only dls the latest tar

[root@server01.nl]# /usr/local/directadmin/scripts/phpMyAdmin.sh
--00:03:53-- http://files.directadmin.com/services/9.0/phpMyAdmin-2.6.1.tar.gz
=> `/usr/local/directadmin/scripts/packages/phpMyAdmin-2.6.1.tar.gz'
Resolving files.directadmin.com... done.
Connecting to files.directadmin.com[67.17.16.47]:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2,358,761 [application/x-tar]

100%[====================================================================>] 2,358,761 458.13K/s ETA 00:00

00:03:58 (458.13 KB/s) - `/usr/local/directadmin/scripts/packages/phpMyAdmin-2.6.1.tar.gz' saved [2358761/2358761]

[root@server01.nl]# nano /usr/local/directadmin/scripts/phpMyAdmin.sh

Try:


wget http://www.saevian.com/da_tools/upgrade.phpmyadmin.sh
chmod 755 upgrade.phpmyadmin.sh
./upgrade.phpmyadmin.sh


Edited code (typos), thankyou CrazyMouse & whitehat

Originally posted by jmstacey
Try:


wget http://www.saevian.com/da_tools/upgrade.phpmyadmin.sh
chmod 755 upgrade_phpmyadmin.sh
./upgrade_phpmyadmin.sh


You mean

http://www.saevian.com/da_tools/upgrade.phpmyadmin.sh
chmod 755 upgrade.phpmyadmin.sh
./upgrade.phpmyadmin.sh

Works fine, but is it an update? (the newest one?)

Originally posted by CrazyMouse
Works fine, but is it an update? (the newest one?)
Not quite sure what you mean. It contains the latest changes that I've made to the script, but so far no new changes have been required for the latest versions.

Originally posted by jmstacey
Try:
wget http://www.saevian.com/da_tools/upgrade.phpmyadmin.sh
chmod 755 upgrade_phpmyadmin.sh
./upgrade_phpmyadmin.sh

Jim.. you may want to edit your post above for the cut-and-paste people. The wget file is upgrade.[DOT]phpmyadmin.sh, but on the chmod and execute lines you have upgrade_UNDERSCOREphpmyadmin.sh

Amended/New:
wget http://www.saevian.com/da_tools/upgrade.phpmyadmin.sh
chmod 755 upgrade.phpmyadmin.sh
./upgrade.phpmyadmin.sh

Crazymouse caught that, but I decided to be more "in your face".

Btw - the script works like a charm.

Thank you very much.

Mike

Fixed :)