Hi Dne Tue, 11 Jun 2013 22:22:40 -0400 Filipus Klutiero <chea...@gmail.com> napsal(a):
> phpMyAdmin's install script (setup/index.php) provides a GUI to
> configure phpMyAdmin. For example, one can change the limit on the
> number of characters from a field shown.
> To do that, one would go to the Main panel page, to the Browse mode tab,
> change the number in the form then click "Save". However, "saving" that
> way doesn't actually save the settings. If one leaves the script after
> "saving", configuration will not be applied (and eventually, will be lost).
>
> To actually save changes, one needs to click "Save" one more time on the
> page reached after "saving" the first time (in the "Configuration file"
> area). Then, a message will confirm that the changes were saved.
>
> The first save merely writes the changes to the PHP session. The second
> save writes them to config.inc.php, as one would expect.
>
> The way the install script works is definitely not Debian-specific.
> Unless some warning or tooltip is supposed to appear, this is an
> upstream issue.
>
> I'm not sure what led to such a design, but the complicated
> authorization process for modifying configuration may be the main
> reason. One needs to "unsecure" the configuration file before performing
> modifications. Presumably, with the current design, less time has to be
> spent in an "insecure" state. A quick fix would be to keep the current
> design avoiding to mislead users. I suppose labeling the "first save"
> button as "OK" and adding some warning (say a "Changes are only stored
> to your session. Don't forget to save them permanently when done" popup)
> could achieve that.
I've made this change upstream.
> A good fix would implement proper access control for configuration and
> get rid of the second step.
I'm open to suggestions how to do this.
--
Michal Čihař | http://cihar.com | http://blog.cihar.com
signature.asc
Description: PGP signature
