diff options
author | Michal Čihař <michal@cihar.com> | 2017-01-17 19:22:53 +0300 |
---|---|---|
committer | Michal Čihař <michal@cihar.com> | 2017-01-17 19:22:53 +0300 |
commit | 5c3f74d8753d9b6bde6fe882d4b98319b1f38e18 (patch) | |
tree | 99c4d590fe7f940f369aace62bd627d670c504f5 | |
parent | dfa8b7e9d8392c9d6c802c418a513e9701d1e92a (diff) | |
parent | eb2898527f44f1b0a397c84247d6fb27a2d8339f (diff) |
Merge branch 'QA_4_6'
-rw-r--r-- | ChangeLog | 1 | ||||
-rw-r--r-- | doc/config.rst | 22 | ||||
-rw-r--r-- | index.php | 11 | ||||
-rw-r--r-- | libraries/common.inc.php | 7 | ||||
-rw-r--r-- | libraries/config.default.php | 7 | ||||
-rw-r--r-- | libraries/config/messages.inc.php | 5 | ||||
-rw-r--r-- | libraries/config/setup.forms.php | 1 | ||||
-rw-r--r-- | phpinfo.php | 22 |
8 files changed, 67 insertions, 9 deletions
@@ -72,6 +72,7 @@ phpMyAdmin - ChangeLog - issue #12872 Use same query for display and execution when dropping index - issue #12868 Fix check for user groups freatures being enabled - issue #12831 Fix table formatting on Insert tab, which mostly affected row highlighting +- issue #12495 Reintroduced phpinfo page with limited capabilities 4.6.5.2 (2016-12-05) - issue #12765 Fixed SQL export with newlines diff --git a/doc/config.rst b/doc/config.rst index 23904475d6..36b727a289 100644 --- a/doc/config.rst +++ b/doc/config.rst @@ -2038,6 +2038,11 @@ Main panel You can additionally hide more information by using :config:option:`$cfg['Servers'][$i]['verbose']`. +.. config:option:: $cfg['ShowPhpInfo'] + + :type: boolean + :default: false + .. config:option:: $cfg['ShowChgPassword'] :type: boolean @@ -2048,11 +2053,26 @@ Main panel :type: boolean :default: true - Defines whether to display the + Defines whether to display the :guilabel:`PHP information` and :guilabel:`Change password` links and form for creating database or not at the starting main (right) frame. This setting does not check MySQL commands entered directly. + Please note that to block the usage of ``phpinfo()`` in scripts, you have to + put this in your :file:`php.ini`: + + .. code-block:: ini + + disable_functions = phpinfo() + + .. warning:: + + Enabling phpinfo page will leak quite a lot of information about server + setup. Is it not recommended to enable this on shared installations. + + This might also make easier some remote attacks on your installations, + so enable this only when needed. + Also note that enabling the :guilabel:`Change password` link has no effect with config authentication mode: because of the hard coded password value in the configuration file, end users can't be allowed to change their @@ -323,7 +323,7 @@ if ($server > 0 && $GLOBALS['cfg']['ShowServerInfo']) { . ' </div>'; } -if ($GLOBALS['cfg']['ShowServerInfo']) { +if ($GLOBALS['cfg']['ShowServerInfo'] || $GLOBALS['cfg']['ShowPhpInfo']) { echo '<div class="group">'; echo '<h2>' , __('Web server') , '</h2>'; echo '<ul>'; @@ -363,6 +363,15 @@ if ($GLOBALS['cfg']['ShowServerInfo']) { } } + if ($cfg['ShowPhpInfo']) { + PMA_printListItem( + __('Show PHP information'), + 'li_phpinfo', + 'phpinfo.php' . $common_url_query, + null, + '_blank' + ); + } echo ' </ul>'; echo ' </div>'; } diff --git a/libraries/common.inc.php b/libraries/common.inc.php index 60ae8fa7f0..53eb937f6a 100644 --- a/libraries/common.inc.php +++ b/libraries/common.inc.php @@ -262,9 +262,6 @@ $GLOBALS['url_params'] = array(); * @global array $goto_whitelist */ $goto_whitelist = array( - //'browse_foreigners.php', - //'changelog.php', - //'chk_rel.php', 'db_datadict.php', 'db_sql.php', 'db_events.php', @@ -278,9 +275,6 @@ $goto_whitelist = array( 'db_routines.php', 'export.php', 'import.php', - //'index.php', - //'navigation.php', - //'license.php', 'index.php', 'pdf_pages.php', 'pdf_schema.php', @@ -313,7 +307,6 @@ $goto_whitelist = array( 'tbl_row_action.php', 'tbl_select.php', 'tbl_zoom_select.php', - //'themes.php', 'transformation_overview.php', 'transformation_wrapper.php', 'user_password.php', diff --git a/libraries/config.default.php b/libraries/config.default.php index c4b17993e9..d607783006 100644 --- a/libraries/config.default.php +++ b/libraries/config.default.php @@ -1059,6 +1059,13 @@ $cfg['NavigationTreeShowEvents'] = true; $cfg['ShowStats'] = true; /** + * show PHP info link + * + * @global boolean $cfg['ShowPhpInfo'] + */ +$cfg['ShowPhpInfo'] = false; + +/** * show MySQL server and web server information * * @global boolean $cfg['ShowServerInfo'] diff --git a/libraries/config/messages.inc.php b/libraries/config/messages.inc.php index 33bd8df169..151c9dfad8 100644 --- a/libraries/config/messages.inc.php +++ b/libraries/config/messages.inc.php @@ -869,6 +869,11 @@ $strConfigShowFunctionFields_desc = __( $strConfigShowFunctionFields_name = __('Show function fields'); $strConfigShowHint_desc = __('Whether to show hint or not.'); $strConfigShowHint_name = __('Show hint'); +$strConfigShowPhpInfo_desc = __( + 'Shows link to [a@https://php.net/manual/function.phpinfo.php]phpinfo()[/a] ' . + 'output.' +); +$strConfigShowPhpInfo_name = __('Show phpinfo() link'); $strConfigShowServerInfo_name = __('Show detailed MySQL server information'); $strConfigShowSQL_desc = __( 'Defines whether SQL queries generated by phpMyAdmin should be displayed.' diff --git a/libraries/config/setup.forms.php b/libraries/config/setup.forms.php index d4034d9118..2fb37d6535 100644 --- a/libraries/config/setup.forms.php +++ b/libraries/config/setup.forms.php @@ -203,6 +203,7 @@ $forms['Main_panel']['Startup'] = array( 'ShowCreateDb', 'ShowStats', 'ShowServerInfo', + 'ShowPhpInfo', 'ShowChgPassword'); $forms['Main_panel']['DbStructure'] = array( 'ShowDbStructureCharset', diff --git a/phpinfo.php b/phpinfo.php new file mode 100644 index 0000000000..0daa5f9f65 --- /dev/null +++ b/phpinfo.php @@ -0,0 +1,22 @@ +<?php +/* vim: set expandtab sw=4 ts=4 sts=4: */ +/** + * phpinfo() wrapper to allow displaying only when configured to do so. + * + * @package PhpMyAdmin + */ + +/** + * Gets core libraries and defines some variables + */ +require_once 'libraries/common.inc.php'; +$response = PMA\libraries\Response::getInstance(); +$response->disable(); +$response->getHeader()->sendHttpHeaders(); + +/** + * Displays PHP information + */ +if ($GLOBALS['cfg']['ShowPhpInfo']) { + phpinfo(INFO_GENERAL | INFO_CONFIGURATION | INFO_MODULES); +} |