Remove setup download/load/delete features

This removes risk of third party manipulating with the configuration as
there was race condition between editing and using the file.

Downloading the file should not be big hassle and this really makes the
whole setup a bit simpler.

Signed-off-by: Michal Čihař <michal@cihar.com>

Author: nijel

doc/setup.rst

@@ -92,51 +92,14 @@ For a full explanation of possible configuration values, see the
 Using Setup script
 ------------------
 
-Instead of manually editing :file:`config.inc.php`, you can use the `Setup
-Script <setup/>`_. First you must manually create a folder ``config``
-in the phpMyAdmin directory. This is a security measure. On a
-Linux/Unix system you can use the following commands:
-
-.. code-block:: sh
-
-    
-    cd phpMyAdmin
-    mkdir config                        # create directory for saving
-    chmod o+rw config                   # give it world writable permissions
-
-And to edit an existing configuration, copy it over first:
-
-.. code-block:: sh
-
-    
-    cp config.inc.php config/           # copy current configuration for editing
-    chmod o+w config/config.inc.php     # give it world writable permissions
-
-On other platforms, simply create the folder and ensure that your web
-server has read and write access to it. :ref:`faq1_26` can help with
-this.
-
-Next, open ``setup/`` in your browser. If you have an existing configuration,
-use the ``Load`` button to bring its content inside the setup panel.
-Note that **changes are not saved to disk until explicitly choose ``Save``**
-from the *Configuration* area of the screen. Normally the script saves the new
-:file:`config.inc.php` to the ``config/`` directory, but if the webserver does
-not have the proper permissions you may see the error "Cannot load or
-save configuration." Ensure that the ``config/`` directory exists and
-has the proper permissions - or use the ``Download`` link to save the
-config file locally and upload it (via FTP or some similar means) to the
-proper location.
-
-Once the file has been saved, it must be moved out of the ``config/``
-directory and the permissions must be reset, again as a security
-measure:
-
-.. code-block:: sh
-
-    
-    mv config/config.inc.php .         # move file to current directory
-    chmod o-rw config.inc.php          # remove world read and write permissions
-    rm -rf config                      # remove not needed directory
+Instead of manually editing :file:`config.inc.php`, you can use phpMyAdmin's 
+setup feature. The file can be generated using the setup and you can download it 
+for upload to the server.
+
+Next, open your browser and visit the location where you installed phpMyAdmin,
+with the ``/setup`` suffix. The changes are not saved to the server, you need to 
+use the :guilabel:`Download` button to save them to your computer and then upload 
+to the server.
 
 Now the file is ready to be used. You can choose to review or edit the
 file with your favorite editor, if you prefer to set some advanced

libraries/config/ConfigFile.class.php

@@ -486,21 +486,6 @@ public function removeServer($server)
         }
     }
 
-    /**
-     * Returns config file path, relative to phpMyAdmin's root path
-     *
-     * @return string
-     */
-    public function getFilePath()
-    {
-        // Load paths
-        if (!defined('SETUP_CONFIG_FILE')) {
-            include_once './libraries/vendor_config.php';
-        }
-
-        return SETUP_CONFIG_FILE;
-    }
-
     /**
      * Returns configuration array (full, multidimensional format)
      *

libraries/vendor_config.php

@@ -25,17 +25,6 @@
  */
 define('LICENSE_FILE', './LICENSE');
 
-/**
- * Path to config file generated using setup script.
- */
-define('SETUP_CONFIG_FILE', './config/config.inc.php');
-
-/**
- * Whether setup requires writable directory where config
- * file will be generated.
- */
-define('SETUP_DIR_WRITABLE', true);
-
 /**
  * Directory where configuration files are stored.
  * It is not used directly in code, just a convenient

setup/config.php

@@ -16,28 +16,9 @@
 
 require './libraries/config/setup.forms.php';
 
-/**
- * Loads configuration file path
- *
- * Do this in a function to avoid messing up with global $cfg
- *
- * @param string $config_file_path
- *
- * @return array
- */
-function loadConfig($config_file_path)
-{
-    $cfg = array();
-    if (file_exists($config_file_path)) {
-        include $config_file_path;
-    }
-    return $cfg;
-}
-
 $form_display = new FormDisplay();
 $form_display->registerForm('_config.php', $forms['_config.php']);
 $form_display->save('_config.php');
-$config_file_path = ConfigFile::getInstance()->getFilePath();
 
 if (isset($_POST['eol'])) {
     $_SESSION['eol'] = ($_POST['eol'] == 'unix') ? 'unix' : 'win';
@@ -59,40 +40,6 @@ function loadConfig($config_file_path)
     PMA_downloadHeader('config.inc.php', 'text/plain');
     echo ConfigGenerator::getConfigFile();
     exit;
-} elseif (PMA_ifSetOr($_POST['submit_save'], '')) {
-    //
-    // Save generated config file on the server
-    //
-    $result = @file_put_contents(
-        $config_file_path,
-        ConfigGenerator::getConfigFile()
-    );
-    if ($result === false) {
-        $state = 'config_not_saved';
-    } else {
-        $state = 'config_saved';
-    }
-    header('HTTP/1.1 303 See Other');
-    header('Location: index.php?action_done=' . $state);
-    exit;
-} elseif (PMA_ifSetOr($_POST['submit_load'], '')) {
-    //
-    // Load config file from the server
-    //
-    ConfigFile::getInstance()->setConfigData(
-        loadConfig($config_file_path)
-    );
-    header('HTTP/1.1 303 See Other');
-    header('Location: index.php');
-    exit;
-} elseif (PMA_ifSetOr($_POST['submit_delete'], '')) {
-    //
-    // Delete config file on the server
-    //
-    @unlink($config_file_path);
-    header('HTTP/1.1 303 See Other');
-    header('Location: index.php');
-    exit;
 } else {
     //
     // Show generated config file in a <textarea>

setup/frames/config.inc.php

@@ -17,10 +17,6 @@
 require_once './setup/lib/index.lib.php';
 require_once './setup/lib/ConfigGenerator.class.php';
 
-$config_readable = false;
-$config_writable = false;
-$config_exists = false;
-check_config_rw($config_readable, $config_writable, $config_exists);
 ?>
 <h2><?php echo __('Configuration file') ?></h2>
 <?php PMA_displayFormTop('config.php'); ?>
@@ -36,10 +32,6 @@
 <tr>
     <td class="lastrow" style="text-align: left">
         <input type="submit" name="submit_download" value="<?php echo __('Download') ?>" class="green" />
-        <input type="submit" name="submit_save" value="<?php echo __('Save') ?>"<?php
-if (!$config_writable) {
-    echo ' disabled="disabled"';
-} ?> />
     </td>
 </tr>
 <?php

setup/frames/index.inc.php

@@ -39,19 +39,6 @@
 //
 perform_config_checks();
 
-//
-// Check whether we can read/write configuration
-//
-$config_readable = false;
-$config_writable = false;
-$config_exists = false;
-check_config_rw($config_readable, $config_writable, $config_exists);
-if (!$config_writable || !$config_readable) {
-    messages_set(
-        'error', 'config_rw', __('Cannot load or save configuration'),
-        PMA_lang(__('Please create web server writable folder [em]config[/em] in phpMyAdmin top level directory as described in [doc@setup_script]documentation[/doc]. Otherwise you will be only able to download or display it.'))
-    );
-}
 //
 // Check https connection
 //
@@ -259,20 +246,6 @@
     <td colspan="2" class="lastrow" style="text-align: left">
         <input type="submit" name="submit_display" value="<?php echo __('Display') ?>" />
         <input type="submit" name="submit_download" value="<?php echo __('Download') ?>" />
-        &nbsp; &nbsp;
-        <input type="submit" name="submit_save" value="<?php echo __('Save') ?>"<?php
-if (!$config_writable) {
-    echo ' disabled="disabled"';
-} ?> />
-        <input type="submit" name="submit_load" value="<?php echo __('Load') ?>"<?php
-if (!$config_exists) {
-    echo ' disabled="disabled"';
-} ?> />
-        <input type="submit" name="submit_delete" value="<?php echo __('Delete')
-        ?>"<?php
-if (!$config_exists || !$config_writable) {
-    echo ' disabled="disabled"';
-} ?> />
         &nbsp; &nbsp;
         <input type="submit" name="submit_clear" value="<?php echo __('Clear')
         ?>" class="red" />

setup/lib/index.lib.php

@@ -255,31 +255,6 @@ function version_to_int($version)
     return $matches[1] * 1000000 + $matches[2] * 10000 + $matches[3] * 100 + $added;
 }
 
-/**
- * Checks whether config file is readable/writable
- *
- * @param bool &$is_readable
- * @param bool &$is_writable
- * @param bool &$file_exists
- *
- * @return void
- */
-function check_config_rw(&$is_readable, &$is_writable, &$file_exists)
-{
-    $file_path = ConfigFile::getInstance()->getFilePath();
-    $file_dir = dirname($file_path);
-    $is_readable = true;
-    $is_writable = is_dir($file_dir);
-    if (SETUP_DIR_WRITABLE) {
-        $is_writable = $is_writable && is_writable($file_dir);
-    }
-    $file_exists = file_exists($file_path);
-    if ($file_exists) {
-        $is_readable = is_readable($file_path);
-        $is_writable = $is_writable && is_writable($file_path);
-    }
-}
-
 /**
  * Performs various compatibility, security and consistency checks on current config
  *