[Phpmyadmin-devel] $is_superuser and ShowPhpInfo

Michal Čihař michal at cihar.com
Mon Jul 10 11:35:48 CEST 2006

On Sun, 09 Jul 2006 19:40:10 -0400
Marc Delisle <Marc.Delisle at cegepsherbrooke.qc.ca> wrote:

> after this change:
> http://phpmyadmin.cvs.sourceforge.net/phpmyadmin/phpMyAdmin/main.php?r1=2.83&r2=2.84
> we no longer present the "Show PHP information" to superusers if 
> $cfg['ShowPhpInfo'] is false.
> But, our doc says:
> $cfg['ShowPhpInfo'] boolean
> $cfg['ShowChgPassword'] boolean
> $cfg['ShowCreateDb'] boolean
>      Defines whether to display the "PHP information" and "Change 
> password " links and form for creating database or not for simple users 
> at the starting main (right) frame. This setting does not check MySQL 
> commands entered directly.
> As I read this doc, it seems to apply to "simple users". So I would like 
> to revert to previous behavior. IMO, a superuser should always see this 
> link. The intention of the ShowPhpInfo parameter was to block this 
> information for simple users -- well, at least, to block displaying the 
> link.

I prefer not to show phpinfo at all if disabled. MySQL superuser
doesn't have to be trusted enough to see such information. I think that
argument for the change was exactly the same. The doc should reflect
code change.

	Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20060710/6a645311/attachment.sig>

More information about the Developers mailing list