Author Topic: Stop downgrading phpMyAdmin  (Read 10563 times)

0 Members and 2 Guests are viewing this topic.

Offline
*
Stop downgrading phpMyAdmin
« on: August 31, 2020, 08:52:23 AM »
Hello there,

I've an issue on my VPS. The CWP is actually forcing an old version of phpMyAdmin as long as I'm daily updating the version.
I tried with a partial solution, by editing the scripts/mysql_phpmyadmin_update

From:
Code: [Select]
#!/bin/bash

current_version=`cat /usr/local/cwpsrv/var/services/pma/README | grep Version | cut -d " " -f 2`
cwp_latest=`curl -Ss "http://static.cdn-cwp.com/files/mysql/pma.txt"`

if [ "$current_version" != "$cwp_latest" ];then
echo "Updating phpMyAdmin from ${current_version} to version ${cwp_latest}"
Date=`date "+%d-%m-%Y"`

if [ -e "/usr/local/cwpsrv/var/services/pma" ];then
mv /usr/local/cwpsrv/var/services/pma /usr/local/cwpsrv/var/services/pma_$Date.bak
fi

cd /usr/local/cwpsrv/var/services/
wget http://static.cdn-cwp.com/files/mysql/phpMyAdmin-${cwp_latest}-all-languages.zip
unzip -o -q phpMyAdmin-${cwp_latest}-all-languages.zip
rm -f phpMyAdmin-${cwp_latest}-all-languages.zip
mv phpMyAdmin-${cwp_latest}-all-languages pma
chown -R cwpsvc:cwpsvc pma
rm -rf /usr/local/cwpsrv/var/services/pma/setup
mv /usr/local/cwpsrv/var/services/pma/config.sample.inc.php /usr/local/cwpsrv/var/services/pma/config.inc.php
ran_password=$(</dev/urandom tr -dc A-Za-z0-9 | head -c32)
sed -i "s|\['blowfish_secret'\] = ''|\['blowfish_secret'\] = '${ran_password}'|" /usr/local/cwpsrv/var/services/pma/config.inc.php
new_version=`cat /usr/local/cwpsrv/var/services/pma/README | grep Version | cut -d " " -f 2`
echo "phpMyAdmin Update, new version ${new_version}"
else
echo "You have the latest PMA version recommended by CWP!"
fi


To:
Code: [Select]
#!/bin/bash

    current_version=`cat /usr/local/cwpsrv/var/services/pma/README | grep Version | cut -d " " -f 2`
    cwp_latest=`curl -Ss "https://www.phpmyadmin.net/home_page/version.txt"`
    readarray -t official_latest <<<"$cwp_latest"
    real_version=${official_latest[0]}
    real_url=${official_latest[2]}
    if [ "$current_version" != "$real_version" ];then
    echo "Updating phpMyAdmin from ${current_version} to version ${real_version}"
    Date=`date "+%d-%m-%Y"`

    if [ -e "/usr/local/cwpsrv/var/services/pma" ];then
    mv /usr/local/cwpsrv/var/services/pma /usr/local/cwpsrv/var/services/pma_$Date.bak
    fi

    cd /usr/local/cwpsrv/var/services/
    wget ${real_url}
    unzip -o -q phpMyAdmin-${real_version}-all-languages.zip
    rm -f phpMyAdmin-${real_version}-all-languages.zip
    mv phpMyAdmin-${real_version}-all-languages pma
    chown -R cwpsvc:cwpsvc pma
    rm -rf /usr/local/cwpsrv/var/services/pma/setup
    mv /usr/local/cwpsrv/var/services/pma/config.sample.inc.php /usr/local/cwpsrv/var/services/pma/config.inc.php
    ran_password=$(</dev/urandom tr -dc A-Za-z0-9 | head -c32)
    sed -i "s|\['blowfish_secret'\] = ''|\['blowfish_secret'\] = '${ran_password}'|" /usr/local/cwpsrv/var/services/pma/config.inc.php
    new_version=`cat /usr/local/cwpsrv/var/services/pma/README | grep Version | cut -d " " -f 2`
    echo "phpMyAdmin Update, new version ${new_version}"
    else
    echo "You have the latest PMA version recommended by phpMyAdmin for CWP!"
    fi

This last one will automatically update the latest stable phpMyAdmin version but, during the night, this script will be restored to the old one, downgrading my phpMyAdmin version.

Can i fix this? How to?

Thanks and best regards.

Offline
*
Re: Stop downgrading phpMyAdmin
« Reply #1 on: September 02, 2020, 03:13:38 PM »
create your own file with different name

Offline
*
Re: Stop downgrading phpMyAdmin
« Reply #2 on: September 02, 2020, 03:50:38 PM »
create your own file with different name

I did, but CWP is still forcing the old version. Maybe there is an hidden cronotask that will restore the old phpMyAdmin version or it will be executed every CWP Update.

My first question is, how to stop executing this downgrade? So, how can i stop the execution of the original /scripts/mysql_phpmyadmin_update?

Offline
*
Re: Stop downgrading phpMyAdmin
« Reply #3 on: September 03, 2020, 07:13:11 AM »
cwp is using a version that is compatible with autologin, if you use any other autologin from admin/user panel will not work.
VPS & Dedicated server provider with included FREE Managed support for CWP.
http://www.studio4host.com/

*** Don't allow that your server or website is down, choose hosting provider with included expert managed support for your CWP.

Offline
*
Re: Stop downgrading phpMyAdmin
« Reply #4 on: September 03, 2020, 10:27:14 AM »
cwp is using a version that is compatible with autologin, if you use any other autologin from admin/user panel will not work.

I know and i'm not interested on it as long as i'm using GAuth to login.
I was looking to a solution on how to stop downgrading phpMyAdmin, but probably there is no one.

I've just solved by myself, creating a subdomain, installing phpMyAdmin manually, then hosting phpMyAdmin directly on a reserved domain.

I hope that CWP Team will start working on a newest version as soon as possibile, due to known security vulnerability on that version, that i'll suggest anyone to block totally and install manually somewhere else. I wish to have one more click, logging-in to one of the most used tools, instead of a version that could be a security problem.