Bring back limited phpinfo #12875

Merged
merged 4 commits into from Jan 17, 2017

Projects

None yet

3 participants

@nijel
Member
nijel commented Jan 7, 2017

This is attempt to bring back phpinfo page, as there seems to be quite demand for it (see #12495).

  • It is protected by CSP headers (since 9f3823a).
  • It selectively enables which parts of phpinfo to show to avoid including environment variables.
  • The documentation wards against enabling it.

I'd really like to hear opinions from others about this (especially from @phpmyadmin/developers and @emanuelb).


Before submitting pull request, please check that every commit:

  • Has proper Signed-Off-By
  • Has commit message which describes it
  • Is needed on it's own, if you have just minor fixes to previous commits, you can squash them
  • Any new functionality is covered by tests
nijel added some commits Jan 7, 2017
@nijel nijel Revert "Remove option to show phpinfo() ($cfg['ShowPhpInfo'])"
This reverts commit e67e692.
93e354c
@nijel nijel Limit what we display in phpinfo
- general information
- configuration
- modules

This way we avoid displaying sensitive things (such as httpOnly cookies
from environment of variables).

Signed-off-by: Michal Čihař <michal@cihar.com>
1089a7d
@nijel nijel Add warning about enabling phpinfo
Signed-off-by: Michal Čihař <michal@cihar.com>
fdbef2d
@nijel nijel self-assigned this Jan 7, 2017
@phpmyadmin-bot

This commit is missing Signed-Off-By line to indicate that you agree with phpMyAdmin Developer's Certificate of Origin. Please check contributing documentation for more information.

This commit is missing Signed-Off-By line to indicate that you agree with phpMyAdmin Developer's Certificate of Origin. Please check contributing documentation for more information.

@codecov-io
codecov-io commented Jan 7, 2017 edited

Current coverage is 50.19% (diff: 21.73%)

Merging #12875 into QA_4_6 will decrease coverage by <.01%

@@             QA_4_6     #12875   diff @@
==========================================
  Files           485        486     +1   
  Lines         81407      81429    +22   
  Methods        2138       2138          
  Messages          0          0          
  Branches          0          0          
==========================================
+ Hits          40865      40870     +5   
- Misses        40542      40559    +17   
  Partials          0          0          

Powered by Codecov. Last update fee3923...4abbe78

@nijel nijel Remove unused entries from goto whitelist
Signed-off-by: Michal Čihař <michal@cihar.com>
4abbe78
@msapiro msapiro referenced this pull request Jan 7, 2017
Closed

phpinfo silently removed #12495

@nijel nijel merged commit 4abbe78 into phpmyadmin:QA_4_6 Jan 17, 2017

2 of 4 checks passed

codecov/patch 21.73% of diff hit (target 50.19%)
Details
codecov/project 50.19% (-0.01%) compared to fee3923
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
coverage/coveralls Coverage decreased (-0.008%) to 49.778%
Details
@nijel nijel added a commit that referenced this pull request Jan 17, 2017
@nijel nijel Changelog entry for #12495 and #12875
Signed-off-by: Michal Čihař <michal@cihar.com>
eb28985
@nijel nijel deleted the nijel:phpinfo branch Jan 17, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment