Upgrade method of PhpMyAdmin should not just overwrite files, but do a fresh install each time

Upgrading from PhpMyAdmin 4.5.5.1 (and earlier versions) to 4.6.0 breaks table export (and when many upgrades from earlier versions) also the "Server: Localhost" breadcrumb access.

I have raised a bug report with PhpMyAdmin folks here: https://github.com/phpmyadmin/phpmyadmin/issues/12159

, and they fixed that for 4.6.1, but also referred to fact that PhpMyAdmin should never be upgraded by file-overwrites, but always by first deleting previous files then writing new ones: https://github.com/phpmyadmin/phpmyadmin/issues/12159#issuecomment-20636...

Quoting http://docs.phpmyadmin.net/en/latest/setup.html#upgrading-from-an-older-...

Never extract the new version over an existing installation of phpMyAdmin; we had evidence of problems caused by this.

Please consider changing the upgrade method of PhpMyAdmin, as it obviously leaves old files that are potentially vulnerable.

Status: 
Active

Comments

Deleting the old install is tricky for most apps, because that would also remove any custom config files - even phpMyAdmin has its own config file which users presumably want to preserve across upgrades.

However, if there are specific files that should be removed, I could add that to the upgrade process.

To reply to your question of what to remove: According to this comment:

https://github.com/phpmyadmin/phpmyadmin/issues/12159#issuecomment-20636...

These folders should be at least removed before unpacking the new PhpMyAdmin package:

  • js
  • libraries
  • locale

However, imho a much better and security-wise safer way would be to just keep the PhpMyAdmin configuration file, and whipe out the rest of the folder before an upgrade.

Does phpMyAdmin have just a single consistent config file though?

As far as I can remember (around 10 years), it's always been:

config.inc.php

But best and safest is to ask the PhpMyAdmin team directly on the github thread I referenced to above ;-)

Another reason why I'm reluctant to delete files first is that if extraction of the new tar.gz file fails after deleting old files (for example due to lack of disk space or quotas), the phpMyAdmin installation will be broken.

In the original problem case, which file needed to be deleted?

You could:

-- rename the phpmyadmin folder to phpmyadmin_orig
-- do a new install
-- copy the config file over
-- leave the _orig folder until the next update (where you would remove it, and rename again)

Let me see if there's a more general way I can solve this, such as by comparing files in the tar.gz package with those that already exist before upgrading.

Indeed, that would be the most general method for all scripts: Once you have done a new clean install with the new script installer method: Simply compare files of (old) installed version with files of new version to upgrade to. Then remove files that disappeared between the two.

However, that would not work for existing installations when during years, old versions have simply been overwritten without deleting obsolete files. Except for the config file, I believe that would not be a problem for phpmyadmin, however for other scripts it's an issue.

One case to take care of in all cases, is when scripts have been installed in subfolders of other scripts, like often the case with phpmyadmin in a subfolder of a CMS.

Quotas is a different issue: Quotas hitting during an upgrade are anyway a big issue, as you end up with half-upgraded version anyway. In fact script upgrades should simply not be allowed when over quota.

However, in practice, quoatas have many other issues: E.g. If you hit quota in a site, MySQL files would also have hit quota issues, and MySQL queries hang one after the other until maximum number of SQL queries or processes is reached, and then whole server MySQL services stop. But that's certainly disgressing from this bug. Just wanted to make aware that when disk quotas are hit, it becomes a way bigger issue server wide. So, except for checking that enough quota is available before script upgrades, I think it's a non-issue in upgrades.

Now the upgrade from Piwik 2.16.0 to 2.16.1 results in unusable stats-views when a file that disappeared in 2.16.1 is not removed in the installation (plugins/CoreVisualizations/Visualizations/HtmlTable/PivotBy.php):

I just experienced the same issue with Piwik 2.16.1 upgrade:

https://forum.piwik.org/t/viewdatatable-id-table-is-already-in-use/18837

I believe that files that are not anymore in packages and were there before should also be deleted on upgrade. A simple files-overwrite upgrade is not sufficient anymore....

Thanks, I'll fix the piwik installer to remove that file on upgrade.

Just deleting the old directory before upgrading isn't going to work as a general solution, because each script may have an unknown number of undocumented config files that need to be preserved.

Agree that for a general solution deleting all is not the solution, because of config files and installed extensions/plugins/media files.

However, if you can compare the zip of installed version and new version to install, and only delete files and folders that were in the installed zip, but not in the upgrade-version, that could work ?

That could work - I'd need to keep track of all files that were in previous versions though, which doesn't currently happen.

As long as the zip of the installed version is still in the cache (or can be downloaded), no tracking required imho ?

Actually, a good night of sleep sometimes provides good advice: Why not use git clone instead of tar.gz to install scripts ?

Then git fetch && git checkout version would automatically overwrite/add/remove files...and ignore any files that are not in the git repository! e.g. config files, media, and so on.

I see 2 ways to do that:

  1. Setup a central virtualmin git server for all scripts, and have versions go through there.
  2. Probably better: Setup a local git repository where the tar files get first uncompressed and handle upgrades locally in the git repository first before applying the changes in the live sites.

That could also work, however I prefer the tar.gz tracking approach, as it seems to have less dependencies. I'll work on implementing that..

FYI: Today I had a similar issue upgrading OwnCloud from 8.2.2 to 9.0.1: Virtualmin failed. I had to move all folders out of public_html, except data, config and settings, then upgrade in Virtualmin from 9.0.1 to ... 9.0.1 for the upgrade to succeed.

OwnCloud recommends too to not just write-over files but to keep config and data folders: https://doc.owncloud.org/server/9.0/admin_manual/maintenance/manual_upgr...