{"id":1054,"date":"2010-11-06T20:49:25","date_gmt":"2010-11-06T18:49:25","guid":{"rendered":"http:\/\/www.void.gr\/kargig\/blog\/?p=1054"},"modified":"2011-05-01T12:18:02","modified_gmt":"2011-05-01T09:18:02","slug":"upgrading-plesks-phpmyadmin-to-the-latest-version","status":"publish","type":"post","link":"https:\/\/www.void.gr\/kargig\/blog\/2010\/11\/06\/upgrading-plesks-phpmyadmin-to-the-latest-version\/","title":{"rendered":"Upgrading Plesk’s phpMyAdmin to the latest version"},"content":{"rendered":"

phpMyAdmin<\/a> is a great tool but a constant headache<\/a> (xss, sql injections,etc) as well. Every now and then there are new security holes discovered that need to be fixed ASAP. On the other hand, Plesk<\/a> doesn’t seem to follow these security fixes, so if you want to keep yourself a bit more secure than Plesk thinks you should be, then you have to upgrade phpMyAdmin by your self. This procedure isn’t very straightforward due to the way Plesk uses PMA so I’ll post here some notes\/guidelines on how to achieve that.<\/p>\n

My notes are based on Plesk 8.6, so I am sure newer Plesk versions are way easier to upgrade than this.<\/p>\n

Step 1: Download new phpMyAdmin <\/strong>
\n# wget http:\/\/downloads.sourceforge.net\/project\/phpmyadmin\/phpMyAdmin\/3.3.8\/phpMyAdmin-3.3.8-all-languages.tar.gz<\/code>
\nStep 2: Extract into \/opt\/psa\/admin\/htdocs\/domains\/databases\/<\/strong>
\n

# mv phpMyAdmin-3.3.8-all-languages.tar.gz \/opt\/psa\/admin\/htdocs\/domains\/databases\/\n# cd \/opt\/psa\/admin\/htdocs\/domains\/databases\/\n# tar zxf phpMyAdmin-3.3.8-all-languages.tar.gz<\/code2><\/pre>
\nStep 3: Rename old PMA and symlink the new<\/strong>
\n
# mv phpMyAdmin phpMyAdmin.old\n# ln -sf phpMyAdmin-3.3.8-all-languages phpMyAdmin<\/code2><\/pre>
\nStep 4: Copy old config file<\/strong>
\nThis step depends on your old PMA version. Since my version was 2.8.2.4 I had to:
\n#cp phpMyAdmin.old\/libraries\/config.default.php phpMyAdmin\/config.inc.php<\/code>
\nIf you have newer versions of PMA just do:
\n#cp phpMyAdmin.old\/config.inc.php phpMyAdmin\/config.inc.php<\/code>
\nStep 5: Edit necessary files<\/strong>
\nSubstep a: edit phpMyAdmin\/libraries\/session.inc.php<\/strong>
\nWhen the first comment block finishes and before<\/em> line 14: if (! defined('PHPMYADMIN')) {<\/code>
\nadd the following snippet:
\n
\/\/ Close Plesk's session.\n$proxy_session_id = session_id();\n@session_write_close();\nunset($_SESSION);<\/code2><\/pre>
\nSubstep b: edit phpMyAdmin\/libraries\/common.inc.php around line 190 and change:<\/strong>
\n
    'error_handler',\n    'PMA_PHP_SELF',\n    'variables_whitelist',\n    'key'\n);<\/code2><\/pre>
\nto
\n
'error_handler',\n    'PMA_PHP_SELF',\n    'variables_whitelist',\n    'key',\n    \/\/ from Plesk\n    'PHP_SELF',\n    'db_host',\n    'db_port',\n    'db_user',\n    'db_pass',\n    'db_name'\n);<\/code2><\/pre><\/p>\n
!! Mind the “,” after ‘key’<\/em> !!<\/p>\n
That’s about it…you should now be able to use your new PMA version through Plesk.<\/p>\n","protected":false},"excerpt":{"rendered":"
phpMyAdmin is a great tool but a constant headache (xss, sql injections,etc) as well. Every now and then there are new security holes discovered that need to be fixed ASAP. On the other hand, Plesk doesn’t seem to follow these security fixes, so if you want to keep yourself a bit more secure than Plesk […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"ep_exclude_from_search":false,"footnotes":""},"categories":[5,3,8],"tags":[320,33,317,209,318,206,299,319,321],"class_list":["post-1054","post","type-post","status-publish","format-standard","hentry","category-internet","category-linux","category-networking","tag-config","tag-debian","tag-phpmyadmin","tag-plesk","tag-pma","tag-security","tag-sql-injection","tag-vhost","tag-xss"],"aioseo_notices":[],"views":17177,"_links":{"self":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/1054","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/comments?post=1054"}],"version-history":[{"count":13,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/1054\/revisions"}],"predecessor-version":[{"id":1117,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/posts\/1054\/revisions\/1117"}],"wp:attachment":[{"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/media?parent=1054"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/categories?post=1054"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.void.gr\/kargig\/blog\/wp-json\/wp\/v2\/tags?post=1054"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}