From 600bdbd57ea7fd974381323c99d5a5abd92a50df Mon Sep 17 00:00:00 2001 From: Crack Date: Wed, 21 Jul 2010 14:01:53 +0200 Subject: [PATCH] Setup script: AllowThirdPartyFraming User preferences and setup script: new tab - Warnings, with options to disable mcrypt, Suhosin and pmadb warnings --- .gsoc/todo.txt | 1 + libraries/config/messages.inc.php | 10 ++++++++++ libraries/config/setup.forms.php | 7 ++++++- libraries/config/user_preferences.forms.php | 4 ++++ 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/.gsoc/todo.txt b/.gsoc/todo.txt index 4dd9492f8..259072de9 100644 --- a/.gsoc/todo.txt +++ b/.gsoc/todo.txt @@ -1 +1,2 @@ restore cache'ing in phpmyadmin.css.php +remove debug from user preferences header diff --git a/libraries/config/messages.inc.php b/libraries/config/messages.inc.php index 52533c5d3..a99092b70 100644 --- a/libraries/config/messages.inc.php +++ b/libraries/config/messages.inc.php @@ -15,6 +15,8 @@ if (!function_exists('__')) { $strConfigAllowArbitraryServer_desc = __('If enabled user can enter any MySQL server in login form for cookie auth'); $strConfigAllowArbitraryServer_name = __('Allow login to any MySQL server'); +$strConfigAllowThirdPartyFraming_desc = __('Enabling this allows a page located on a different domain to call phpMyAdmin inside a frame, and is a potential [strong]security hole[/strong] allowing cross-frame scripting attacks'); +$strConfigAllowThirdPartyFraming_name = __('Allow third party framing'); $strConfigAllowUserDropDatabase_name = __('Show "Drop database" link to normal users'); $strConfigblowfish_secret_desc = __('Secret passphrase used for encrypting cookies in [kbd]cookie[/kbd] authentication'); $strConfigblowfish_secret_name = __('Blowfish secret'); @@ -196,6 +198,8 @@ $strConfigForm_Server_pmadb = __('PMA database'); $strConfigForm_Server_pmadb_desc = __('Configure phpMyAdmin database to gain access to additional features, see [a@Documentation.html#linked-tables]linked-tables infrastructure[/a] in documentation'); $strConfigForm_Server_tracking = __('Changes tracking'); $strConfigForm_Server_tracking_desc = __('Tracking of changes made in database. Requires configured PMA database.'); +$strConfigForm_Warnings = __('Warnings'); +$strConfigForm_Warnings_desc = __('Disable some of the warnings shown by phpMyAdmin'); $strConfigFormset_Export = __('Customize export options'); $strConfigFormset_Features = __('Features'); $strConfigFormset_Import = __('Customize import defaults'); @@ -298,6 +302,8 @@ $strConfigMaxRows_name = __('Maximum number of rows to display'); $strConfigMaxTableList_cmt = __('Users cannot set a higher value'); $strConfigMaxTableList_desc = __('Maximum number of tables displayed in table list'); $strConfigMaxTableList_name = __('Maximum tables'); +$strConfigMcryptDisableWarning_desc = __('Disable the default warning that is displayed if mcrypt is missing for cookie authentication'); +$strConfigMcryptDisableWarning_name = __('mcrypt warning'); $strConfigMemoryLimit_desc = __('The number of bytes a script is allowed to allocate, eg. [kbd]32M[/kbd] ([kbd]0[/kbd] for no limit)'); $strConfigMemoryLimit_name = __('Memory limit'); $strConfigModifyDeleteAtLeft_name = __('Show left delete link'); @@ -312,6 +318,8 @@ $strConfigOrder_desc = __('[kbd]SMART[/kbd] - i.e. descending order for columns $strConfigOrder_name = __('Default sorting order'); $strConfigPersistentConnections_desc = __('Use persistent connections to MySQL databases'); $strConfigPersistentConnections_name = __('Persistent connections'); +$strConfigPmaNoRelation_DisableWarning_desc = __('Disable the default warning that is displayed on the database details Structure page if any of the required tables for the relation features could not be found'); +$strConfigPmaNoRelation_DisableWarning_name = __('Missing relation tables (pmadb)'); $strConfigPropertiesIconic_desc = __('Use only icons, only text or both'); $strConfigPropertiesIconic_name = __('Iconic table operations'); $strConfigProtectBinary_desc = __('Disallow BLOB and BINARY columns from editing'); @@ -455,6 +463,8 @@ $strConfigSQLValidator_use_desc = __('[strong]Warning:[/strong] requires PEAR SO $strConfigSQLValidator_use_name = __('Enable SQL Validator'); $strConfigSQLValidator_username_name = __('Username'); $strConfigSQLValidator_username_desc = __('If you have a custom username, specify it here (defaults to [kbd]anonymous[/kbd])'); +$strConfigSuhosinDisableWarning_desc = __('A warning is displayed on the main page if Suhosin is detected'); +$strConfigSuhosinDisableWarning_name = __('Suhosin warning'); $strConfigSuggestDBName_desc = __('Suggest a database name on the "Create Database" form (if possible) or keep the text field empty'); $strConfigSuggestDBName_name = __('Suggest new database name'); $strConfigTextareaCols_desc = __('Textarea size (columns) in edit mode, this value will be emphasized for SQL query textareas (*2) and for query window (*1.25)'); diff --git a/libraries/config/setup.forms.php b/libraries/config/setup.forms.php index 445493f6f..de83864bc 100644 --- a/libraries/config/setup.forms.php +++ b/libraries/config/setup.forms.php @@ -98,6 +98,10 @@ $forms['Features']['Page_titles'] = array( 'TitleTable', 'TitleDatabase', 'TitleServer'); +$forms['Features']['Warnings'] = array( + 'PmaNoRelation_DisableWarning', + 'SuhosinDisableWarning', + 'McryptDisableWarning'); $forms['Features']['Other_core_settings'] = array( 'NaturalOrder', 'InitialSlidersState', @@ -110,7 +114,8 @@ $forms['Features']['Other_core_settings'] = array( 'ExecTimeLimit', 'MemoryLimit', 'SkipLockedTables', - 'UseDbSearch'); + 'UseDbSearch', + 'AllowThirdPartyFraming'); $forms['Sql_queries']['Sql_queries'] = array( 'ShowSQL', 'Confirm', diff --git a/libraries/config/user_preferences.forms.php b/libraries/config/user_preferences.forms.php index 1fc8e14c1..33923c18f 100644 --- a/libraries/config/user_preferences.forms.php +++ b/libraries/config/user_preferences.forms.php @@ -57,6 +57,10 @@ $forms['Features']['Page_titles'] = array( 'TitleTable', 'TitleDatabase', 'TitleServer'); +$forms['Features']['Warnings'] = array( + 'PmaNoRelation_DisableWarning', + 'SuhosinDisableWarning', + 'McryptDisableWarning'); $forms['Left_frame']['Left_frame'] = array( 'LeftFrameLight', 'LeftDisplayLogo',