From ffc9a28eaf90312a79b91149786519b14db9f481 Mon Sep 17 00:00:00 2001
From: Marc Delisle <marc@infomarc.info>
Date: Mon, 10 Dec 2007 18:02:20 +0000
Subject: [PATCH] bug #1806236 Make the world write check on config.inc.php
 optional

---
 ChangeLog                    |  1 +
 Documentation.html           |  9 +++++++++
 libraries/Config.class.php   | 21 ++++++++++++---------
 libraries/config.default.php |  8 ++++++++
 4 files changed, 30 insertions(+), 9 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 07cdeff32..bb49a044f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -18,6 +18,7 @@ $HeadURL: https://phpmyadmin.svn.sourceforge.net/svnroot/phpmyadmin/trunk/phpMyA
   looking for a name more descriptive than codegen, taking into account
   that it might later support other formats like JSON in the same plugin
 + [lang] Finnish update, thanks to Jouni Kahkonen
++ [config] new parameter $cfg['CheckConfigurationPermissions'] 
 
 2.11.4.0 (not yet released)
 - bug #1843428 [GUI] Space issue with DROP/DELETE/ALTER TABLE
diff --git a/Documentation.html b/Documentation.html
index 77758e2cd..556c4347e 100644
--- a/Documentation.html
+++ b/Documentation.html
@@ -1529,6 +1529,15 @@ $cfg['TrustedProxies'] =
         Default is auto.
     </dd>
 
+    <dt id="cfg_CheckConfigurationPermissions">$cfg['CheckConfigurationPermissions'] boolean</dt>
+    <dd>
+    We normally check the permissions on the configuration file to ensure
+    it's not world writable. However, phpMyAdmin could be installed on 
+    a NTFS filesystem mounted on a non-Windows server, in which case the
+    permissions seems wrong but in fact cannot be detected. In this case
+    a sysadmin would set this parameter to <tt>FALSE</tt>. Default is <tt>TRUE</tt>.
+    </dd>
+    
     <dt id="cfg_NaviWidth">$cfg['NaviWidth'] integer</dt>
     <dd>Navi frame width in pixels. See <tt>themes/themename/layout.inc.php</tt>.
     </dd>
diff --git a/libraries/Config.class.php b/libraries/Config.class.php
index 120a4acab..3ec84cf99 100644
--- a/libraries/Config.class.php
+++ b/libraries/Config.class.php
@@ -477,15 +477,18 @@ class PMA_Config
         }
 
         // Check for permissions (on platforms that support it):
-        $perms = @fileperms($this->getSource());
-        if (!($perms === false) && ($perms & 2)) {
-            // This check is normally done after loading configuration
-            $this->checkWebServerOs();
-            if ($this->get('PMA_IS_WINDOWS') == 0) {
-                $this->source_mtime = 0;
-                die('Wrong permissions on configuration file, should not be world writable!');
-            }
-        }
+	if ($this->get('CheckConfigurationPermissions')) {
+		echo 'trace';
+            $perms = @fileperms($this->getSource());
+            if (!($perms === false) && ($perms & 2)) {
+                // This check is normally done after loading configuration
+                $this->checkWebServerOs();
+                if ($this->get('PMA_IS_WINDOWS') == 0) {
+                    $this->source_mtime = 0;
+                    die('Wrong permissions on configuration file, should not be world writable!');
+                }
+	    }
+	}
 
         return true;
     }
diff --git a/libraries/config.default.php b/libraries/config.default.php
index b3328a5c2..edf60236f 100644
--- a/libraries/config.default.php
+++ b/libraries/config.default.php
@@ -2163,6 +2163,14 @@ $cfg['GD2Available'] = 'auto';
  */
 $cfg['TrustedProxies'] = array();
 
+/**
+ * We normally check the permissions on the configuration file to ensure
+ * it's not world writable. However, phpMyAdmin could be installed on 
+ * a NTFS filesystem mounted on a non-Windows server, in which case the
+ * permissions seems wrong but in fact cannot be detected. In this case
+ * a sysadmin would set the following to false.
+ */
+$cfg['CheckConfigurationPermissions'] = true;
 
 /*******************************************************************************
  * SQL Parser Settings