Check against correct phpMyAdmin config permissions

.devilbox/www/htdocs/vendor/phpmyadmin-4.0/config.inc.php

@@ -10,12 +10,10 @@
  * @package PhpMyAdmin
  */
 
-/**
- * This is needed for cookie based authentication to encrypt password in
- * cookie. Needs to be 32 chars long.
- */
-$cfg['blowfish_secret'] = 'GObO60^(04#^5637%fdUGo(*6$%6#dy4'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
+error_reporting(-1);
+$cfg['TempDir'] = '/tmp';
 $cfg['CheckConfigurationPermissions'] = false;
+$cfg['blowfish_secret'] = 'GObO60^(04#^5637%fdUGo(*6$%6#dy4';
 
 
 /**
@@ -36,7 +34,6 @@
 } else {
     $cfg['Servers'][$i]['auth_type'] = 'cookie';
 }
-
 /* Server parameters */
 $cfg['Servers'][$i]['host'] = 'mysql';
 $cfg['Servers'][$i]['connect_type'] = 'tcp';
@@ -142,7 +139,17 @@
  */
 //$cfg['QueryHistoryMax'] = 100;
 
-/*
+/**
+ * Whether or not to query the user before sending the error report to
+ * the phpMyAdmin team when a JavaScript error occurs
+ *
+ * Available options
+ * ('ask' | 'always' | 'never')
+ * default = 'ask'
+ */
+$cfg['SendErrorReports'] = 'never';
+
+/**
  * You can find more configuration options in the documentation
  * in the doc/ folder or at <https://docs.phpmyadmin.net/>.
  */

.devilbox/www/htdocs/vendor/phpmyadmin-4.8.4/config.inc.php

@@ -9,17 +9,12 @@
  *
  * @package PhpMyAdmin
  */
-error_reporting(-1);
-
 
+error_reporting(-1);
 $cfg['TempDir'] = '/tmp';
-//$cfg['CheckConfigurationPermissions'] = false;
+$cfg['CheckConfigurationPermissions'] = false;
+$cfg['blowfish_secret'] = 'a;guurOrep[[hoge7p[jgde7reouHoy5590hjgffuJ676FGd434&%*09UJHogfT%$#F64';
 
-/**
- * This is needed for cookie based authentication to encrypt password in
- * cookie. Needs to be 32 chars long.
- */
-$cfg['blowfish_secret'] = 'a;guurOrep[[hoge7p[jgde7reouHoy5590hjgffuJ676FGd434&%*09UJHogfT%$#F64'; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */
 
 /**
  * Servers configuration
@@ -30,8 +25,9 @@
  * First server
  */
 $i++;
+
+/* Authentication type */
 if (getenv('DEVILBOX_VENDOR_PHPMYADMIN_AUTOLOGIN') == 1) {
-    /* Authentication type */
     $cfg['Servers'][$i]['auth_type'] = 'config';
     $cfg['Servers'][$i]['user'] = 'root';
     $cfg['Servers'][$i]['password'] = getenv('MYSQL_ROOT_PASSWORD');
@@ -40,6 +36,7 @@
 }
 /* Server parameters */
 $cfg['Servers'][$i]['host'] = 'mysql';
+$cfg['Servers'][$i]['connect_type'] = 'tcp';
 $cfg['Servers'][$i]['compress'] = false;
 $cfg['Servers'][$i]['AllowNoPassword'] = true;
 

.tests/intra-tests/vendor-phpmyadmin.sh

@@ -277,7 +277,6 @@ fi
 #	printf "\r[OK]   Submit phpMyAdmin POST login (1 round)\n"
 #fi
 
-
 printf "[TEST] Evaluate successful phpMyAdmin login"
 # 1st Try
 if [ "$( curl -sS -c cookie.txt -b cookie.txt localhost${URL} | tac | tac  | grep -Ec "(Databases<.+SQL<.+Status<.+Users<.+Export<)|(\"User accounts\")" )" != "1" ]; then
@@ -302,3 +301,110 @@ else
 	printf "\r[OK]   Evaluate successful phpMyAdmin login (1 round)\n"
 fi
 rm -f cookie.txt || true
+
+
+###
+### Configuration File
+###
+SCRIPTPATH="$( cd "$(dirname "$0")" ; pwd -P )"
+DVLBOXPATH="${SCRIPTPATH}/../../"
+CONFIGPATH="${DVLBOXPATH}/.devilbox/www/htdocs${URL%index\.php}config.inc.php"
+
+printf "[TEST] config.inc.php exists"
+if [ ! -f "${CONFIGPATH}" ]; then
+	printf "\r[FAIL] config.inc.php exists: no\n"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php exists: yes\n"
+fi
+
+
+# error_reporting(-1);
+printf "[TEST] config.inc.php check: error_reporting(-1);"
+if ! grep -q "^error_reporting(-1);" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: error_reporting(-1);\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: error_reporting(-1);\n"
+fi
+
+# $cfg['TempDir'] = '/tmp';
+printf "[TEST] config.inc.php check: \$cfg['TempDir'] = '/tmp';"
+if ! grep -q "^\$cfg\['TempDir'\]\s*=\s*'/tmp';" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['TempDir'] = '/tmp';\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['TempDir'] = '/tmp';\n"
+fi
+
+# $cfg['CheckConfigurationPermissions'] = false;
+printf "[TEST] config.inc.php check: \$cfg['CheckConfigurationPermissions'] = false;"
+if ! grep -q "^\$cfg\['CheckConfigurationPermissions'\]\s*=\s*false;" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['CheckConfigurationPermissions'] = false;\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['CheckConfigurationPermissions'] = false;\n"
+fi
+
+# $cfg['blowfish_secret'] = '...'
+printf "[TEST] config.inc.php check: \$cfg['blowfish_secret'] = '...';"
+if ! grep -qE '^\$cfg\['"'"'blowfish_secret'"'"'\]\s*=\s*'"'"'.{32,}'"'"';' "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['blowfish_secret'] = '...';\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['blowfish_secret'] = '...';\n"
+fi
+
+# $cfg['SendErrorReports'] = 'never';
+printf "[TEST] config.inc.php check: \$cfg['SendErrorReports'] = 'never';"
+if ! grep -q "^\$cfg\['SendErrorReports'\]\s*=\s*'never';" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['SendErrorReports'] = 'never';\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['SendErrorReports'] = 'never';\n"
+fi
+
+# $cfg['Servers'][$i]['host'] = 'mysql';
+printf "[TEST] config.inc.php check: \$cfg['Servers'][\$i]['host'] = 'mysql';"
+if ! grep -q "^\$cfg\['Servers'\]\[\$i\]\['host'\]\s*=\s*'mysql';" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['Servers'][\$i]['host'] = 'mysql';\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['Servers'][\$i]['host'] = 'mysql';\n"
+fi
+
+# $cfg['Servers'][$i]['connect_type'] = 'tcp';
+printf "[TEST] config.inc.php check: \$cfg['Servers'][\$i]['connect_type'] = 'tcp';"
+if ! grep -q "^\$cfg\['Servers'\]\[\$i\]\['connect_type'\]\s*=\s*'tcp';" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['Servers'][\$i]['connect_type'] = 'tcp';\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['Servers'][\$i]['connect_type'] = 'tcp';\n"
+fi
+
+# $cfg['Servers'][$i]['compress'] = false;
+printf "[TEST] config.inc.php check: \$cfg['Servers'][\$i]['compress'] = false;"
+if ! grep -q "^\$cfg\['Servers'\]\[\$i\]\['compress'\]\s*=\s*false;" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['Servers'][\$i]['compress'] = false;\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['Servers'][\$i]['compress'] = false;\n"
+fi
+
+# $cfg['Servers'][$i]['AllowNoPassword'] = true;
+printf "[TEST] config.inc.php check: \$cfg['Servers'][\$i]['compress'] = false;"
+if ! grep -q "^\$cfg\['Servers'\]\[\$i\]\['AllowNoPassword'\]\s*=\s*true;" "${CONFIGPATH}"; then
+	printf "\r[FAIL] config.inc.php check: \$cfg['Servers'][\$i]['AllowNoPassword'] = true;\n"
+	cat "${CONFIGPATH}"
+	exit 1
+else
+	printf "\r[OK]   config.inc.php check: \$cfg['Servers'][\$i]['AllowNoPassword'] = true;\n"
+fi