Merge pull request #488 from cytopia/file-permissions

Check against correct phpMyAdmin config permissions
2025-04-08 11:34:14 +00:00 · 2019-01-30 15:52:36 +01:00 · 2019-01-30 15:52:36 +01:00 · 5c492f3089
commit 5c492f3089
parent cd20dc00b7 1ab9ff778a
3 changed files with 127 additions and 17 deletions
--- a/.devilbox/www/htdocs/vendor/phpmyadmin-4.0/config.inc.php
+++ b/.devilbox/www/htdocs/vendor/phpmyadmin-4.0/config.inc.php
@ -10,12 +10,10 @@
 * @package PhpMyAdmin
 */

-/**
- * This is needed for cookie based authentication to encrypt password in
- * cookie. Needs to be 32 chars long.
- */
-$cfg['blowfish_secret'] = 'GObO60^(04#^5637%fdUGo(*6$%6#dy4'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+error_reporting(-1);
+$cfg['TempDir'] = '/tmp';
 $cfg['CheckConfigurationPermissions'] = false;
+$cfg['blowfish_secret'] = 'GObO60^(04#^5637%fdUGo(*6$%6#dy4';


 /**
@ -36,7 +34,6 @@ if (getenv('DEVILBOX_VENDOR_PHPMYADMIN_AUTOLOGIN') == 1) {
 } else {
    $cfg['Servers'][$i]['auth_type'] = 'cookie';
 }
-
 /* Server parameters */
 $cfg['Servers'][$i]['host'] = 'mysql';
 $cfg['Servers'][$i]['connect_type'] = 'tcp';
@ -142,7 +139,17 @@ $cfg['SaveDir'] = '';
 */
 //$cfg['QueryHistoryMax'] = 100;

-/*
+/**
+ * Whether or not to query the user before sending the error report to
+ * the phpMyAdmin team when a JavaScript error occurs
+ *
+ * Available options
+ * ('ask' | 'always' | 'never')
+ * default = 'ask'
+ */
+$cfg['SendErrorReports'] = 'never';
+
+/**
 * You can find more configuration options in the documentation
 * in the doc/ folder or at <https://docs.phpmyadmin.net/>.
 */
--- a/.devilbox/www/htdocs/vendor/phpmyadmin-4.8.4/config.inc.php
+++ b/.devilbox/www/htdocs/vendor/phpmyadmin-4.8.4/config.inc.php
@ -9,17 +9,12 @@
 *
 * @package PhpMyAdmin
 */
+
 error_reporting(-1);
-
-
 $cfg['TempDir'] = '/tmp';
-//$cfg['CheckConfigurationPermissions'] = false;
+$cfg['CheckConfigurationPermissions'] = false;
+$cfg['blowfish_secret'] = 'a;guurOrep[[hoge7p[jgde7reouHoy5590hjgffuJ676FGd434&%*09UJHogfT%$#F64';

-/**
- * This is needed for cookie based authentication to encrypt password in
- * cookie. Needs to be 32 chars long.
- */
-$cfg['blowfish_secret'] = 'a;guurOrep[[hoge7p[jgde7reouHoy5590hjgffuJ676FGd434&%*09UJHogfT%$#F64'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */

 /**
 * Servers configuration
@ -30,8 +25,9 @@ $i = 0;
 * First server
 */
 $i++;
+
+/* Authentication type */
 if (getenv('DEVILBOX_VENDOR_PHPMYADMIN_AUTOLOGIN') == 1) {
-    /* Authentication type */
    $cfg['Servers'][$i]['auth_type'] = 'config';
    $cfg['Servers'][$i]['user'] = 'root';
    $cfg['Servers'][$i]['password'] = getenv('MYSQL_ROOT_PASSWORD');
@ -40,6 +36,7 @@ if (getenv('DEVILBOX_VENDOR_PHPMYADMIN_AUTOLOGIN') == 1) {
 }
 /* Server parameters */
 $cfg['Servers'][$i]['host'] = 'mysql';
+$cfg['Servers'][$i]['connect_type'] = 'tcp';
 $cfg['Servers'][$i]['compress'] = false;
 $cfg['Servers'][$i]['AllowNoPassword'] = true;

--- a/.tests/intra-tests/vendor-phpmyadmin.sh
+++ b/.tests/intra-tests/vendor-phpmyadmin.sh
@ -277,7 +277,6 @@ fi
 #	printf "\r[OK]   Submit phpMyAdmin POST login (1 round)\n"
 #fi

-
 printf "[TEST] Evaluate successful phpMyAdmin login"
 # 1st Try
 if [ "$( curl -sS -c cookie.txt -b cookie.txt localhost${URL} | tac | tac  | grep -Ec "(Databases<.+SQL<.+Status<.+Users<.+Export<)|(\"User accounts\")" )" != "1" ]; then
@ -302,3 +301,110 @@ else
 	printf "\r[OK]   Evaluate successful phpMyAdmin login (1 round)\n"
 fi
 rm -f cookie.txt || true
+
+
+###
+### Configuration File
+###
+SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
+DVLBOXPATH="${SCRIPTPATH}/../../"
+CONFIGPATH="${DVLBOXPATH}/.devilbox/www/htdocs${URL%index\.php}config.inc.php"
+
+printf "[TEST] config.inc.php exists"
+if [ ! -f "${CONFIGPATH}" ]; then
+	printf "\r[FAIL] config.inc.php exists: no\n"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php exists: yes\n"
+fi
+
+
+# error_reporting(-1);
+printf "[TEST] config.inc.php check: error_reporting(-1);"
+if ! grep -q "^error_reporting(-1);" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: error_reporting(-1);\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: error_reporting(-1);\n"
+fi
+
+# $cfg['TempDir'] = '/tmp';
+printf "[TEST] config.inc.php check: \$cfg['TempDir'] = '/tmp';"
+if ! grep -q "^\$cfg\['TempDir'\]\s*=\s*'/tmp';" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['TempDir'] = '/tmp';\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['TempDir'] = '/tmp';\n"
+fi
+
+# $cfg['CheckConfigurationPermissions'] = false;
+printf "[TEST] config.inc.php check: \$cfg['CheckConfigurationPermissions'] = false;"
+if ! grep -q "^\$cfg\['CheckConfigurationPermissions'\]\s*=\s*false;" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['CheckConfigurationPermissions'] = false;\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['CheckConfigurationPermissions'] = false;\n"
+fi
+
+# $cfg['blowfish_secret'] = '...'
+printf "[TEST] config.inc.php check: \$cfg['blowfish_secret'] = '...';"
+if ! grep -qE '^\$cfg\['"'"'blowfish_secret'"'"'\]\s*=\s*'"'"'.{32,}'"'"';' "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['blowfish_secret'] = '...';\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['blowfish_secret'] = '...';\n"
+fi
+
+# $cfg['SendErrorReports'] = 'never';
+printf "[TEST] config.inc.php check: \$cfg['SendErrorReports'] = 'never';"
+if ! grep -q "^\$cfg\['SendErrorReports'\]\s*=\s*'never';" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['SendErrorReports'] = 'never';\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['SendErrorReports'] = 'never';\n"
+fi
+
+# $cfg['Servers'][$i]['host'] = 'mysql';
+printf "[TEST] config.inc.php check: \$cfg['Servers'][\$i]['host'] = 'mysql';"
+if ! grep -q "^\$cfg\['Servers'\]\[\$i\]\['host'\]\s*=\s*'mysql';" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['Servers'][\$i]['host'] = 'mysql';\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['Servers'][\$i]['host'] = 'mysql';\n"
+fi
+
+# $cfg['Servers'][$i]['connect_type'] = 'tcp';
+printf "[TEST] config.inc.php check: \$cfg['Servers'][\$i]['connect_type'] = 'tcp';"
+if ! grep -q "^\$cfg\['Servers'\]\[\$i\]\['connect_type'\]\s*=\s*'tcp';" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['Servers'][\$i]['connect_type'] = 'tcp';\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['Servers'][\$i]['connect_type'] = 'tcp';\n"
+fi
+
+# $cfg['Servers'][$i]['compress'] = false;
+printf "[TEST] config.inc.php check: \$cfg['Servers'][\$i]['compress'] = false;"
+if ! grep -q "^\$cfg\['Servers'\]\[\$i\]\['compress'\]\s*=\s*false;" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['Servers'][\$i]['compress'] = false;\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['Servers'][\$i]['compress'] = false;\n"
+fi
+
+# $cfg['Servers'][$i]['AllowNoPassword'] = true;
+printf "[TEST] config.inc.php check: \$cfg['Servers'][\$i]['compress'] = false;"
+if ! grep -q "^\$cfg\['Servers'\]\[\$i\]\['AllowNoPassword'\]\s*=\s*true;" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['Servers'][\$i]['AllowNoPassword'] = true;\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['Servers'][\$i]['AllowNoPassword'] = true;\n"
+fi