From 43a7629da9bdc90910833915aac5df92d1ddea32 Mon Sep 17 00:00:00 2001
From: Crack <piotrprz@gmail.com>
Date: Tue, 20 Jul 2010 21:57:05 +0200
Subject: [PATCH] Users can disable: AllowUserDropDatabase, UseDbSearch,
 QueryHistoryDB, ShowPhpInfo, ShowChgPassword Users can change:
 QueryHistoryMax (must be lower than value from file config)

---
 libraries/config.default.php                | 11 +++++++++++
 libraries/config.values.php                 |  3 ++-
 libraries/config/FormDisplay.class.php      |  4 +++-
 libraries/config/FormDisplay.tpl.php        |  8 ++++----
 libraries/config/config_functions.lib.php   |  9 ++++++---
 libraries/config/messages.inc.php           |  1 +
 libraries/config/setup.forms.php            |  9 +++++----
 libraries/config/user_preferences.forms.php | 22 +++++++++++++++------
 libraries/user_preferences.lib.php          | 16 +++++++++++++++
 9 files changed, 64 insertions(+), 19 deletions(-)

diff --git a/libraries/config.default.php b/libraries/config.default.php
index cf4e1f3a4..a0cd97eed 100644
--- a/libraries/config.default.php
+++ b/libraries/config.default.php
@@ -2316,6 +2316,17 @@ $cfg['InitialSlidersState'] = 'closed';
  */
 $cfg['UserprefsDisallow'] = array();
 
+/**
+ * User preferences: disabling options by users
+ */
+$cfg['disable'] = array(
+    'AllowUserDropDatabase' => false,
+    'UseDbSearch' => false,
+    'QueryHistoryDB' => false,
+    'ShowPhpInfo' => false,
+    'ShowChgPassword' => false
+);
+
 //-----------------------------------------------------------------------------
 // custom-setup by mkkeck: 2004-05-04
 //    some specials for new icons and scrolling
diff --git a/libraries/config.values.php b/libraries/config.values.php
index 3e1a4c63c..319aa426b 100644
--- a/libraries/config.values.php
+++ b/libraries/config.values.php
@@ -163,5 +163,6 @@ $cfg_db['_validators'] = array(
  */
 $cfg_db['_userValidators'] = array(
     'MaxDbList' => array(array('validate_upper_bound', 'value:MaxDbList')),
-    'MaxTableList' => array(array('validate_upper_bound', 'value:MaxTableList')));
+    'MaxTableList' => array(array('validate_upper_bound', 'value:MaxTableList')),
+    'QueryHistoryMax' => array(array('validate_upper_bound', 'value:QueryHistoryMax')),);
 ?>
\ No newline at end of file
diff --git a/libraries/config/FormDisplay.class.php b/libraries/config/FormDisplay.class.php
index 6b2c13352..464655226 100644
--- a/libraries/config/FormDisplay.class.php
+++ b/libraries/config/FormDisplay.class.php
@@ -699,7 +699,9 @@ class FormDisplay
      */
     private static function _getOptName($path)
     {
-      return str_replace(array('Servers/1/', '/'), array('Servers/', '_'), $path);
+      return str_replace(
+          array('Servers/1/', 'disable/', '/'),
+          array('Servers/', '', '_'), $path);
     }
 }
 ?>
\ No newline at end of file
diff --git a/libraries/config/FormDisplay.tpl.php b/libraries/config/FormDisplay.tpl.php
index 696a5b6f2..ef3b39b3b 100644
--- a/libraries/config/FormDisplay.tpl.php
+++ b/libraries/config/FormDisplay.tpl.php
@@ -155,15 +155,15 @@ function display_input($path, $name, $description = '', $type, $value, $value_is
 <tr<?php echo $tr_class ?>>
     <th>
         <label for="<?php echo htmlspecialchars($path) ?>"><?php echo $name ?></label>
-        <?php if (!empty($opts['doc']) || !empty($opts['wiki'])): ?>
+        <?php if (!empty($opts['doc']) || !empty($opts['wiki'])) { ?>
         <span class="doc">
             <?php if (!empty($opts['doc'])) { ?><a href="<?php echo $base_dir . $opts['doc']  ?>" target="documentation"><img class="icon" src="<?php echo $img_path ?>b_help.png" width="11" height="11" alt="Doc" title="<?php echo __('Documentation') ?>" /></a><?php } ?>
             <?php if (!empty($opts['wiki'])){ ?><a href="<?php echo $opts['wiki'] ?>" target="wiki"><img class="icon" src="<?php echo $img_path ?>b_info.png" width="11" height="11" alt="Wiki" title="Wiki" /></a><?php } ?>
         </span>
-        <?php endif; ?>
-        <?php if (!$is_setup_script && isset($opts['userprefs_allow']) && !$opts['userprefs_allow']): ?>
+        <?php } ?>
+        <?php if (!$is_setup_script && isset($opts['userprefs_allow']) && !$opts['userprefs_allow']) { ?>
             <span class="disabled-notice" title="<?php echo __('This setting is disabled, it will not be applied to your configuration') ?>"><?php echo __('Disabled') ?></span>
-        <?php endif; ?>
+        <?php } ?>
         <?php if (!empty($description)) { ?><small><?php echo $description ?></small><?php } ?>
     </th>
     <td>
diff --git a/libraries/config/config_functions.lib.php b/libraries/config/config_functions.lib.php
index a4526acd9..1d42c19cd 100644
--- a/libraries/config/config_functions.lib.php
+++ b/libraries/config/config_functions.lib.php
@@ -66,12 +66,15 @@ function PMA_lang($lang_key)
  */
 function PMA_lang_name($canonical_path, $type = 'name', $default = 'key')
 {
+    if ($type == 'name' && strpos($canonical_path, 'disable/') === 0) {
+        return __('Disable') . ': ' . lcfirst(PMA_lang_name(substr($canonical_path, 8), $type, $default));
+    }
     $lang_key = str_replace(
-    	array('Servers/1/', '/'),
-    	array('Servers/', '_'),
+    	array('Servers/1/', 'disable/', '/'),
+    	array('Servers/', '', '_'),
     	$canonical_path) . '_' . $type;
     return isset($GLOBALS["strConfig$lang_key"])
-        ? $GLOBALS["strConfig$lang_key"]
+        ? ($type == 'desc' ? PMA_lang($lang_key) : $GLOBALS["strConfig$lang_key"])
         : ($default == 'key' ? $lang_key : $default);
 }
 
diff --git a/libraries/config/messages.inc.php b/libraries/config/messages.inc.php
index 318ab2b98..52533c5d3 100644
--- a/libraries/config/messages.inc.php
+++ b/libraries/config/messages.inc.php
@@ -318,6 +318,7 @@ $strConfigProtectBinary_desc = __('Disallow BLOB and BINARY columns from editing
 $strConfigProtectBinary_name = __('Protect binary columns');
 $strConfigQueryHistoryDB_desc = __('Enable if you want DB-based query history (requires pmadb). If disabled, this utilizes JS-routines to display query history (lost by window close).');
 $strConfigQueryHistoryDB_name = __('Permanent query history');
+$strConfigQueryHistoryMax_cmt = __('Users cannot set a higher value');
 $strConfigQueryHistoryMax_desc = __('How many queries are kept in history');
 $strConfigQueryHistoryMax_name = __('Query history length');
 $strConfigQueryWindowDefTab_desc = __('Tab displayed when opening a new query window');
diff --git a/libraries/config/setup.forms.php b/libraries/config/setup.forms.php
index 5a27413bb..445493f6f 100644
--- a/libraries/config/setup.forms.php
+++ b/libraries/config/setup.forms.php
@@ -155,12 +155,13 @@ $forms['Left_frame']['Left_tables'] = array(
     'ShowTooltipAliasTB');
 $forms['Main_frame']['Startup'] = array(
     'MainPageIconic',
+    'ShowCreateDb' => ':group',
+    'SuggestDBName',
+    ':group:end',
     'ShowStats',
-    'ShowPhpInfo',
     'ShowServerInfo',
-    'ShowChgPassword',
-    'ShowCreateDb',
-    'SuggestDBName');
+    'ShowPhpInfo',
+    'ShowChgPassword');
 $forms['Main_frame']['Browse'] = array(
     'NavigationBarIconic',
     'ShowAll',
diff --git a/libraries/config/user_preferences.forms.php b/libraries/config/user_preferences.forms.php
index 6281a618f..1fc8e14c1 100644
--- a/libraries/config/user_preferences.forms.php
+++ b/libraries/config/user_preferences.forms.php
@@ -20,7 +20,10 @@ $forms['Features']['General'] = array(
     'ReplaceHelpImg',
     'SkipLockedTables',
     'MaxDbList',
-    'MaxTableList');
+    'MaxTableList',
+    'disable/AllowUserDropDatabase',
+    'disable/UseDbSearch',
+    'disable/QueryHistoryDB');
 $forms['Features']['Text_fields'] = array(
     'CharEditing',
     'CharTextareaCols',
@@ -31,6 +34,7 @@ $forms['Features']['Text_fields'] = array(
 $forms['Sql_queries']['Sql_queries'] = array(
     'ShowSQL',
     'Confirm',
+    'QueryHistoryMax',
     'IgnoreMultiSubmitErrors',
     'VerboseMultiSubmit',
     'MaxCharactersInDisplayedSQL',
@@ -44,10 +48,10 @@ $forms['Sql_queries']['Sql_box'] = array(
     'SQLQuery/ShowAsPHP',
     'SQLQuery/Validate',
     'SQLQuery/Refresh');
-$forms['Sql_queries']['Sql_validator'] = array('SQLValidator' => array(
-    'use',
-    'username',
-    'password'));
+$forms['Sql_queries']['Sql_validator'] = array(
+    'SQLValidator/use',
+    'SQLValidator/username',
+    'SQLValidator/password');
 $forms['Features']['Page_titles'] = array(
     'TitleDefault',
     'TitleTable',
@@ -76,7 +80,13 @@ $forms['Left_frame']['Left_tables'] = array(
     'ShowTooltipAliasTB');
 $forms['Main_frame']['Startup'] = array(
     'MainPageIconic',
-    'SuggestDBName');
+    'ShowCreateDb' => ':group',
+    'SuggestDBName',
+    ':group:end',
+    'ShowStats',
+    'ShowServerInfo',
+    'disable/ShowPhpInfo',
+    'disable/ShowChgPassword');
 $forms['Main_frame']['Browse'] = array(
     'NavigationBarIconic',
     'ShowAll',
diff --git a/libraries/user_preferences.lib.php b/libraries/user_preferences.lib.php
index 257f43d97..7290603dd 100644
--- a/libraries/user_preferences.lib.php
+++ b/libraries/user_preferences.lib.php
@@ -144,6 +144,22 @@ function PMA_apply_userprefs(array $config_data)
         if (!isset($whitelist[$path]) || isset($blacklist[$path])) {
             continue;
         }
+        if (strpos($path, 'disable/') === 0) {
+            // write disable/ value
+            PMA_array_write($path, $cfg, $value);
+            // prepare path and value for disabled key
+            $path = substr($path, 8);
+            switch (gettype(PMA_array_read($path, $GLOBALS['PMA_Config']->default))) {
+                case 'string':
+                    $value = '';
+                    break;
+                case 'double':
+                case 'integer':
+                    $value = 0;
+                default:
+                    $value = false;
+            }
+        }
         PMA_array_write($path, $cfg, $value);
     }
     return $cfg;