bug #2729191 [config] CheckConfigurationPermissions = false is worthless

ChangeLog

@@ -26,6 +26,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
   thanks to Luke Armstrong
 - bug #2740550 [interface] Using textarea CharEditing drops default values
 - bug #2634827 [import] Using DELIMITER ends with infinite cycle 
+- bug #2729191 [config] CheckConfigurationPermissions = false is worthless 
 
 3.1.3.1 (2009-03-24)
 - [security] HTTP Response Splitting and file inclusion vulnerabilities 

libraries/Config.class.php

@@ -401,6 +401,8 @@ class PMA_Config
         //$this->checkPmaAbsoluteUri();
         $this->settings = PMA_array_merge_recursive($this->settings, $cfg);
 
+        $this->checkPermissions();
+
         // Handling of the collation must be done after merging of $cfg
         // (from config.inc.php) so that $cfg['DefaultConnectionCollation']
         // can have an effect. Note that the presence of collation
@@ -475,6 +477,15 @@ class PMA_Config
             die('Existing configuration file (' . $this->getSource() . ') is not readable.');
         }
 
+        return true;
+    }
+
+    /**
+     * verifies the permissions on config file (if asked by configuration) 
+     * (must be called after config.inc.php has been merged)
+     */
+    function checkPermissions()
+    {
         // Check for permissions (on platforms that support it):
         if ($this->get('CheckConfigurationPermissions')) {
             $perms = @fileperms($this->getSource());
@@ -487,8 +498,6 @@ class PMA_Config
                 }
             }
         }
-
-        return true;
     }
 
     /**