Subversion Repositories ggsysinfo

[/] [modules/] [sysinfo/] [lib/] [PhpSecInfo/] [Test/] [Core/] [allow_url_fopen.php] - Blame information for rev 123

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 123 gg
<?php
2
/**
3
 * Test Class for allow_url_fopen
4
 *
5
 * @package PhpSecInfo
6
 * @author Ed Finkler <coj@funkatron.com>
7
 */
8
 
9
 
10
/**
11
 * require the PhpSecInfo_Test_Core class
12
 */
13
require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Core.php');
14
 
15
/**
16
 * Test Class for allow_url_fopen
17
 *
18
 * @package PhpSecInfo
19
 *
20
 *
21
 */
22
class PhpSecInfo_Test_Core_Allow_Url_Fopen extends PhpSecInfo_Test_Core
23
{
24
        /**
25
         * This should be a <b>unique</b>, human-readable identifier for this test
26
         *
27
         * @var string
28
         */
29
        var $test_name = "allow_url_fopen";
30
 
31
        /**
32
         * The recommended setting value
33
         *
34
         * @var mixed
35
         */
36
        var $recommended_value = FALSE;
37
 
38
 
39
 
40
        function _retrieveCurrentValue() {
41
                $this->current_value = $this->getBooleanIniValue('allow_url_fopen');
42
        }
43
 
44
 
45
        /**
46
         * Checks to see if allow_url_fopen is enabled
47
         *
48
         */
49
        function _execTest() {
50
                if ( version_compare(PHP_VERSION, '5.2', '<') ) { /* this is much more severe if we're running < 5.2 */
51
                        if ($this->current_value == $this->recommended_value) {
52
                                return PHPSECINFO_TEST_RESULT_OK;
53
                        }
54
 
55
                        return PHPSECINFO_TEST_RESULT_WARN;
56
                } else { /* In 5.2, we'll consider allow_url_fopen "safe" */
57
                        $this->recommended_value = TRUE;
58
                        return PHPSECINFO_TEST_RESULT_OK;
59
                }
60
        }
61
 
62
 
63
        /**
64
         * Set the messages specific to this test
65
         *
66
         */
67
        function _setMessages() {
68
                parent::_setMessages();
69
                if ( version_compare(PHP_VERSION, '5.2', '<') ) { /* this is much more severe if we're running < 5.2 */
70
                        $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'allow_url_fopen is disabled, which is the recommended setting');
71
                        $this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'allow_url_fopen is enabled.  This could be a serious security risk.  You should disable allow_url_fopen and consider using the <a href="http://php.net/manual/en/ref.curl.php" target="_blank">PHP cURL functions</a> instead.');
72
 
73
                } else {
74
                        $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'You are running PHP 5.2 or greater, which makes allow_url_fopen significantly safer. Make sure allow_url_include is <em>disabled</em>, though');
75
                }
76
        }
77
 
78
 
79
}